Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Trojan.DNSchanger

 

PRODUITS : latoupie SECURITE : lilou45 et 3 utilisateurs anonymes
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Trojan.DNSchanger

Prévenir les modérateurs en cas d'abus 
chill26
chill26
  1. Posté le 12/01/2009 à 19:41:13  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour/Bonsoir,
 J'ai découvert un trojan, trojan.dnschanger et j'aimerais bien le supprimez de mon ordinateur.
 Mon os : Windows XP SP3



 Merci d'avance pour votre aide.




May CastleCops live forever in our memories.
curson
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 12/01/2009 à 20:11:52  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 1) Télécharge Malwarebytes Anti-Malware.

 -  Installe-le et fais les mises à jour.


 2) Lance MBAM :

 - Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
 - Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
 - Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
 - Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!
 - Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.


 3) Télécharge HiJackThis 2.0.2 de Merijn sur ton bureau.

 - Double-clic sur HijackThis
 - Génère un rapport en suivant ces indications :
 - Exécute le et clique sur Do a scan and save log file.
 - Le rapport s'ouvre sur le Bloc-Note

 - Colle le rapport ici, pour cela :
 - Menu Edition / Selectionner Tout
 - Menu Edition / copier
 - Ici dans un nouveau message : clic droit / coller

 Aide : N'hésite pas à consulter l'aide HiJackThis

(Publicité)
chill26
  1. Posté le 12/01/2009 à 20:18:47  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Le lien pour malwarebytes ne fonctionne pas

May CastleCops live forever in our memories.
curson
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 12/01/2009 à 20:30:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :


 2) Télécharge Combofix de sUBs : Combo-Fix.exe
 et sauvegarde le sur ton bureau et pas ailleurs!


 3) Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
 Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

chill26
  1. Posté le 12/01/2009 à 21:29:37  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 Voici le rapport combofix :
 



ComboFix 09-01-11.04 - Marie 2009-01-12 21:04:57.1 - NTFSx86
 Microsoft Windows XP Édition familiale  5.1.2600.3.1252.1.1036.18.511.​219 [GMT 1:00]
 Lancé depuis: C:\Documents and Settings\Marie\Bureau\Combo-Fi​x.exe
 AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
 AV: Panda Titanium 2006 Antivirus + Antispyware *On-access scanning disabled* (Outdated)
 FW: Kaspersky Internet Security *disabled*
 FW: Panda Titanium 2006 Personal Firewall *disabled*
 * Un nouveau point de restauration a été créé

 AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 C:\Autorun.inf
 C:\Documents
 C:\Program Files\INSTALL.LOG
 C:\Program Files\Mozilla Firefox\components\iamfamous.d​ll
 C:\Program Files\outlook
 C:\resycled
 C:\resycled\boot.com
 C:\WINDOWS\config.ini
 C:\WINDOWS\system32\B.tmp
 C:\WINDOWS\system32\bszip.dll
 C:\WINDOWS\system32\kdyfg.exe
 C:\WINDOWS\system32\taskkill.c​om
 C:\WINDOWS\system32\vFfMVvut.i​ni
 C:\WINDOWS\system32\vFfMVvut.i​ni2

 .
 ((((((((((((((((((((((((((((((​(((((((((   Pilotes/Services   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .

 -------\Legacy_BOONTY_GAMES
 -------\Legacy_OREANS32
 -------\Service_Boonty Games
 -------\Service_oreans32


 (((((((((((((((((((((((((((((   Fichiers créés du 2008-12-12 au 2009-01-12  ))))))))))))))))))))))))))))))​))))))
 .

 2009-01-12 20:42 . 2009-01-12 20:43 <REP> d-------- C:\32788R22FWJFW
 2009-01-06 14:58 . 2009-01-06 14:58 <REP> d-------- C:\Program Files\Ultra Tag Editor
 2009-01-06 13:35 . 2009-01-06 13:35 <REP> d-------- C:\Program Files\iPod
 2009-01-06 13:34 . 2009-01-06 13:35 <REP> d-------- C:\Program Files\iTunes
 2009-01-06 13:34 . 2009-01-06 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_​CA64CB79BCF6}
 2009-01-06 13:31 . 2009-01-06 13:31 <REP> d-------- C:\Program Files\Bonjour
 2009-01-02 20:15 . 2009-01-02 20:18 <REP> d-------- C:\Program Files\FrostWire
 2008-12-16 11:00 . 2008-12-16 11:00 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Iomatic
 2008-12-16 10:58 . 2008-12-16 10:58 <REP> d-------- C:\Program Files\FCleaner
 2008-12-16 10:58 . 2008-12-16 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FTWeak
 2008-12-14 13:04 . 2008-12-14 13:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EyePowerGames
 2008-12-14 12:59 . 2008-12-14 13:00 <REP> d-------- C:\Documents and Settings\Marie\Application Data\muvee Technologies
 2008-12-14 12:07 . 2008-12-14 12:07 <REP> d-------- C:\Documents and Settings\Marie\Application Data\Creative
 2008-12-14 11:37 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.v​xd
 2008-12-14 11:35 . 2006-10-06 07:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
 2008-12-14 11:32 . 2007-05-10 18:02 170,368 -ra------ C:\WINDOWS\system32\drivers\V0​350Vid.sys
 2008-12-14 11:32 . 2006-09-19 06:56 57,656 -ra------ C:\WINDOWS\system32\drivers\V0​350PC.bmp
 2008-12-14 11:32 . 2007-04-18 18:01 36,864 --a------ C:\WINDOWS\system32\V0350Pin.d​ll
 2008-12-14 11:32 . 2005-07-06 18:07 36,864 -ra------ C:\WINDOWS\system32\CtCamMgr.d​ll
 2008-12-14 11:32 . 2007-04-22 18:01 32,768 -ra------ C:\WINDOWS\system32\V0350Hwx.d​ll
 2008-12-14 11:32 . 2004-08-10 04:37 24,576 -ra------ C:\WINDOWS\system32\CtCamPin.c​rl
 2008-12-14 11:28 . 2008-12-14 11:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
 2008-12-14 11:25 . 2008-12-14 11:26 <REP> d-------- C:\Program Files\SightSpeed
 2008-12-14 11:17 . 2008-12-14 11:35 <REP> d-------- C:\Program Files\Creative
 2008-12-14 11:15 . 2008-04-13 11:45 60,032 --a------ C:\WINDOWS\system32\drivers\US​BAUDIO.sys
 2008-12-14 11:15 . 2008-04-13 11:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\u​sbaudio.sys
 2008-12-13 20:19 . 2008-12-13 20:19 <REP> d-------- C:\Documents and Settings\Marie\Application Data\MuldeR
 2008-12-13 20:03 . 2008-12-13 20:09 <REP> d-------- C:\Program Files\CDex_170b2

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2009-01-12 20:13 --------- d-----w C:\Program Files\Wanadoo
 2009-01-12 20:13 --------- d-----w C:\Program Files\DNA
 2009-01-12 20:13 --------- d-----w C:\Documents and Settings\Marie\Application Data\DNA
 2009-01-12 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
 2009-01-12 20:11 4,608 --sha-w C:\WINDOWS\system32\drivers\fi​dbox2.idx
 2009-01-12 20:11 4,569,632 --sha-w C:\WINDOWS\system32\drivers\fi​dbox.dat
 2009-01-12 20:11 36,780 --sha-w C:\WINDOWS\system32\drivers\fi​dbox.idx
 2009-01-12 20:11 1,032,224 --sha-w C:\WINDOWS\system32\drivers\fi​dbox2.dat
 2009-01-12 19:55 --------- d-----w C:\Program Files\FlashGet
 2009-01-10 11:05 --------- d-----w C:\Documents and Settings\Marie\Application Data\TransRender
 2009-01-08 19:53 --------- d-----w C:\Program Files\Notepad++
 2009-01-07 17:34 --------- d-----w C:\Documents and Settings\Marie\Application Data\Temporary
 2009-01-06 12:35 --------- d-----w C:\Program Files\Fichiers communs\Apple
 2009-01-06 12:29 --------- d-----w C:\Program Files\QuickTime
 2009-01-04 18:02 --------- d-----w C:\Documents and Settings\Marie\Application Data\FrostWire
 2009-01-04 14:01 2,374 ----a-w C:\Documents and Settings\Marie\Application Data\wklnhst.dat
 2008-12-20 09:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
 2008-12-16 11:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
 2008-12-15 19:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
 2008-12-13 14:41 --------- d-----w C:\Documents and Settings\Marie\Application Data\BitTorrent
 2008-12-13 14:09 --------- d-----w C:\Program Files\Java
 2008-12-13 13:52 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
 2008-12-13 11:45 --------- d-----w C:\Program Files\CCleaner
 2008-12-06 15:32 --------- d-----w C:\Program Files\Rockstar Games
 2008-11-29 10:06 --------- d-----w C:\Program Files\AviSynth 2.5
 2008-11-22 16:49 --------- d-----w C:\Program Files\EasyPHP 2.0b1
 2008-11-16 16:10 --------- d-----w C:\Program Files\eMule
 2008-11-15 19:23 --------- d-----w C:\Documents and Settings\Marie\Application Data\uTorrent
 2008-11-15 11:09 96,976 ----a-w C:\WINDOWS\system32\drivers\kl​in.dat
 2008-11-15 11:08 27,904 ----a-w C:\WINDOWS\system32\drivers\nd​isprot.sys
 2008-11-15 10:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
 2008-11-15 10:22 87,855 ----a-w C:\WINDOWS\system32\drivers\kl​ick.dat
 2008-11-15 10:17 --------- d-----w C:\Program Files\Kaspersky Lab
 2008-11-12 12:20 --------- d-----w C:\Program Files\Apple Software Update
 2008-11-04 10:39 170 ----a-w C:\Delme.bat
 2008-03-20 21:08 110 ----a-w C:\Documents and Settings\Mah\Application Data\wklnhst.dat
 2007-02-12 08:08 357 ----a-w C:\Documents and Settings\Marie\.cb_layout.bin
 2006-05-10 09:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
 2007-06-06 16:38 56 --sh--r C:\WINDOWS\system32\FC8913EC0C​.sys
 2007-06-06 16:38 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.s​ys
 .

 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
 "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59 204288]
 "swg"="C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2007-08-21 09:16 68856]
 "ctfmon.exe"="C:\WINDOWS\syste​m32\ctfmon.exe" [2008-04-14 03:33 15360]
 "BgMonitor_{79662E04-7C6C-4d9f​-84C7-88D8A56B10AA}"="C:\Progr​am Files\Fichiers communs\Ahead\Lib\NMBgMonitor.​exe" [2007-01-15 16:14 147456]
 "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-12-16 09:31 342848]
 "Google Update"="C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdat​e.exe" [2008-11-13 21:06 133104]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "WOOWATCH"="C:\PROGRA~1\Wanado​o\Watch.exe" [2004-08-23 14:49 20480]
 "WOOTASKBARICON"="C:\PROGRA~1\​Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
 "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 02:08 813912]
 "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280]
 "HPDJ Taskbar Utility"="C:\WINDOWS\system32\​spool\drivers\w32x86\3\hpztsb1​0.exe" [2004-03-04 16:46 172032]
 "DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-04-25 12:36 280064]
 "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 01:38 34672]
 "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre6\bin\jusched.ex​e" [2008-11-10 05:43 136600]
 "V0350Mon.exe"="C:\WINDOWS\V03​50Mon.exe" [2007-06-04 18:02 32768]
 "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 09:10 2007088]
 "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-11-04 10:30 413696]
 "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 13:20 290088]
 "SoundMan"="SOUNDMAN.EXE" [2005-12-14 17:06 577536 C:\WINDOWS\soundman.exe]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="C:\WINDOWS\syste​m32\CTFMON.EXE" [2008-04-14 03:33 15360]

 C:\Documents and Settings\Marie\Menu D‚marrer\Programmes\D‚marrage\
 Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adob​e Gamma Loader.exe [2005-03-16 19:16:50 113664]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "VIDC.PIM1"= PCLEPIM1.dll
 "msacm.l3codec"= l3codecp.acm

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\session manager]
 BootExecute REG_MULTI_SZ    autocheck autochk *\0OODBS

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Crea​tive Live! Cam Manager]
 --------- 2007-06-07 14:01 155648 C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\FTweakFCleaner]
 --a------ 2008-12-12 15:28 1589760 C:\Program Files\FCleaner\FCleaner.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\NeroFilterCheck]
 --a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.ex​e

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\KasperskyAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%windir%\\system32\\sessmgr.e​xe"=
 "C:\\Program Files\\eMule\\emule.exe"=
 "C:\\Program Files\\BitTorrent\\bittorrent.​exe"=
 "C:\\WINDOWS\\system32\\dplays​vr.exe"=
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "C:\\Documents and Settings\\Marie\\Mes documents\\My Completed Downloads\\FILE\\update.exe"=
 "C:\\WINDOWS\\system32\\rtcsha​re.exe"=
 "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
 "C:\\Documents and Settings\\Marie\\Mes documents\\AdO`ScRiPt\\AdOs`Sc​RipT.exe"=
 "C:\\Program Files\\mIRC\\mirc.exe"=
 "C:\\Program Files\\Wanadoo\\WOOBrowser\\WO​OBrowser.exe"=
 "C:\\mIRC\\mirc.exe"=
 "C:\\WINDOWS\\system32\\java.e​xe"=
 "C:\\Program Files\\VirtualDJ\\virtualdj_tr​ial.exe"=
 "C:\\Program Files\\FileZilla\\FileZilla.ex​e"=
 "C:\\Program Files\\Messenger\\msmsgs.exe"=
 "C:\\WINDOWS\\pchealth\\helpct​r\\binaries\\helpctr.exe"=
 "C:\\wamp\\bin\\apache\\apache​2.2.8\\bin\\httpd.exe"=
 "C:\\Program Files\\DNA\\btdna.exe"=
 "C:\\Documents and Settings\\Marie\\Bureau\\Mathi​eu\\My Progams\\CubiX\\CubiX.exe"=
 "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"​=
 "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
 "C:\\Program Files\\FrostWire\\FrostWire.ex​e"=
 "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
 "C:\\Program Files\\SightSpeed\\SightSpeed.​exe"=
 "C:\\Program Files\\FlashGet\\flashget.exe"​=
 "C:\\Program Files\\Bonjour\\mDNSResponder.​exe"=
 "C:\\Program Files\\iTunes\\iTunes.exe"=

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\GloballyOpenPorts\L​ist]
 "1162:UDP"= 1162:UDP:Windows Media Format SDK (WOOBrowser.exe)
 "1163:UDP"= 1163:UDP:Windows Media Format SDK (WOOBrowser.exe)
 "1164:UDP"= 1164:UDP:Windows Media Format SDK (WOOBrowser.exe)
 "17348:TCP"= 17348:TCP:BitComet 17348 TCP
 "17348:UDP"= 17348:UDP:BitComet 17348 UDP
 "6346:TCP"= 6346:TCP:*:Disabled:Gnutella
 "6346:UDP"= 6346:UDP:*:Disabled:Gnutella

 R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\dri​vers\klbg.sys [2008-01-29 18:29:38 32784]
 R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\d​rivers\klfltdev.sys [2008-03-13 19:02:46 26640]
 R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\dri​vers\klim5.sys [2008-04-30 18:06:48 24592]
 R3 pctvvbi;PCTVVBI;C:\WINDOWS\sys​tem32\drivers\pctvvbi.sys [2006-04-21 15:14:13 6400]
 R3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\drivers​\V0350Afx.sys [2008-12-14 11:33:02 142656]
 R3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\drivers​\V0350Vfx.sys [2008-12-14 11:33:02 7424]
 R3 VF0350Vid;Live! Cam Video IM (VF0350);C:\WINDOWS\system32\d​rivers\V0350Vid.sys [2008-12-14 11:32:59 170368]
 R4 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchos​t.exe -k netsvcs [2004-08-05 13:00:00 14336]
 R4 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-11-18 16:08:57 564400]
 S1 aswSP;avast! Self Protection; [x]
 S1 SASKUTIL;SASKUTIL;\??\C:\Progr​am Files\SUPERAntiSpyware\SASKUTI​L.sys --> C:\Program Files\SUPERAntiSpyware\SASKUTI​L.sys [?]
 S1 ShldDrv;Panda File Shield Driver; [x]
 S1 tvtool;tvtool;\??\C:\Program Files\TVTool 9.5\tvtool.sys --> C:\Program Files\TVTool 9.5\tvtool.sys [?]
 S3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\dr​ivers\3xHybrid.sys [2006-04-21 15:14:26 504832]
 S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\dri​vers\av5flt.sys --> C:\WINDOWS\system32\drivers\av​5flt.sys [?]
 S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRI​VERS\CnxEtP.sys --> C:\WINDOWS\system32\DRIVERS\Cn​xEtP.sys [?]
 S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRI​VERS\CnxEtU.sys --> C:\WINDOWS\system32\DRIVERS\Cn​xEtU.sys [?]
 S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRI​VERS\CnxTgNW.sys --> C:\WINDOWS\system32\DRIVERS\Cn​xTgNW.sys [?]
 S3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\sys​tem32\DRIVERS\COMFiltr.sys --> C:\WINDOWS\system32\DRIVERS\CO​MFiltr.sys [?]
 S3 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender Desktop\filespy.sys --> C:\Program Files\Softwin\BitDefender Desktop\filespy.sys [?]
 S3 gsplittm;gsplittm;\??\C:\DOCUM​E~1\Marie\LOCALS~1\Temp\gsplit​tm.sys --> C:\DOCUME~1\Marie\LOCALS~1\Tem​p\gsplittm.sys [?]
 S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\dri​vers\ndisprot.sys [2008-11-15 12:08:17 27904]
 S3 vgatvnt;vgatvnt;\??\C:\Documen​ts and Settings\vgatvnt.sys --> C:\Documents and Settings\vgatvnt.sys [?]
 S3 ypcmcia;ypcmcia;\??\C:\DOCUME~​1\Marie\LOCALS~1\Temp\ypcmcia.​sys --> C:\DOCUME~1\Marie\LOCALS~1\Tem​p\ypcmcia.sys [?]
 S4 aswFsBlk;aswFsBlk;C:\WINDOWS\s​ystem32\DRIVERS\aswFsBlk.sys --> C:\WINDOWS\system32\DRIVERS\as​wFsBlk.sys [?]
 S4 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Dri​vers\cpoint.sys --> C:\WINDOWS\system32\Drivers\cp​oint.sys [?]
 S4 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32​\DRIVERS\PavProc.sys --> C:\WINDOWS\system32\DRIVERS\Pa​vProc.sys [?]
 .
 Contenu du dossier 'Tâches planifiées'

 2008-11-12 C:\WINDOWS\Tasks\AppleSoftware​Update.job
 - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 2009-01-12 C:\WINDOWS\Tasks\GoogleUpdateT​askUserS-1-5-21-1757981266-167​7128483-839522115-1004.job
 - C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdat​e.exe [2008-11-13 21:06]

 2009-01-12 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
 - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []

 2008-01-27 C:\WINDOWS\Tasks\Microsoft_Har​dware_Launch_IPoint_exe.job
 - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 00:52]

 2008-01-27 C:\WINDOWS\Tasks\Microsoft_Har​dware_Launch_IType_exe.job
 - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-22 02:08]
 .
 - - - - ORPHELINS SUPPRIMES - - - -

 WebBrowser-{4E7BD74F-2B8D-469E​-86BD-FD60BB9AAE3A} - (no file)
 HKLM-Run-C:\WINDOWS\SYSTEM32\k​dyfg.exe - C:\WINDOWS\SYSTEM32\kdyfg.exe
 ShellExecuteHooks-{5C060FE2-B3​CA-47DD-B68E-BD1A6E297226} - (no file)
 Notify-avldr - (no file)


 .
 ------- Examen supplémentaire -------
 .
 uStart Page = hxxp://www.google.fr/ig?hl=fr
 uSearchMigratedDefaultURL = hxxp://search.msn.fr/spresults​.aspx?q={searchTerms}
 uInternet Connection Wizard,ShellNext = iexplore
 uInternet Settings,ProxyOverride = *.local
 IE: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
 IE: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
 IE: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
 IE: Set as New Emoticon - C:\DOCUME~1\Marie\LOCALS~1\Tem​p\Répertoire temporaire 2 pour messengermixlive_1.1.zip\Messe​ngerMixLive_1.1\MixCE.htm
 IE: { - C:\Program Files\Messenger\msmsgs.exe
 Trusted Zone: *.localhost
 Trusted Zone: www.secuser.com

 C:\WINDOWS\Downloaded Program Files\Oberongamesloader.dll - O16 -: {E1342154-4889-42B5-BEF6-19237​577048F}
 hxxp://jeux.wanadoo.fr/online2​/bejeweled2/Oberongamesloader.​cab
 C:\WINDOWS\Downloaded Program Files\Oberongamesloader.inf
 FF - ProfilePath - C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\​7lr5qy95.default\
 FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/f​irefox?client=firefox-a&rls=or​g.mozilla:fr:official
 FF - plugin: C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Update\1.2.133.33\​npGoogleOneClick7.dll
 FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.d​ll
 .




 Et celui de Hijackthis :
 



Logfile of HijackThis v1.99.1
 Scan saved at 21:28:56, on 12/01/2009
 Platform: Windows XP SP3 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
 C:\Program Files\Bonjour\mDNSResponder.ex​e
 C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
 C:\WINDOWS\System32\FTRTSVC.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Java\jre6\bin\jqs.exe
 C:\WINDOWS\system32\oodag.exe
 C:\Program Files\Controle Parental\bin\optproxy.exe
 C:\WINDOWS\SOUNDMAN.EXE
 C:\Program Files\Microsoft IntelliType Pro\itype.exe
 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
 C:\WINDOWS\system32\spool\driv​ers\w32x86\3\hpztsb10.exe
 C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
 C:\PROGRA~1\Wanadoo\TaskBarIco​n.exe
 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
 C:\Program Files\Java\jre6\bin\jusched.ex​e
 C:\WINDOWS\V0350Mon.exe
 C:\Program Files\FlashGet\FlashGet.exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\Program Files\Windows Media Player\WMPNSCFG.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.ex​e
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.​exe
 C:\Program Files\DNA\btdna.exe
 C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdat​e.exe
 C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStore​Svr.exe
 C:\WINDOWS\system32\PnkBstrA.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\iPod\bin\iPodService.exe
 C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingSe​rvice.exe
 C:\WINDOWS\system32\wbem\wmiap​srv.exe
 C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Chrome\Application​\chrome.exe
 C:\WINDOWS\explorer.exe
 C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Chrome\Application​\chrome.exe
 C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Chrome\Application​\chrome.exe
 C:\Documents and Settings\Marie\Bureau\HijackTh​is.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings,ProxyOverride = *.local
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A8​9362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.D​LL
 O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578​C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelperShim.dll
 O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B​94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
 O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9C​CA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
 O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar1.dl​l
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\3.1.807.1746\swg.dll
 O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C​1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE​594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs​\ie\jqs_plugin.dll
 O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA​8380DBA} - C:\Program Files\FlashGet\getflash.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar1.dl​l
 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
 O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.ex​e TaskBarIcon.exe
 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
 O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
 O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\driv​ers\w32x86\3\hpztsb10.exe
 O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.ex​e"
 O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
 O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-​84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.​exe"
 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
 O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdat​e.exe" /c
 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adob​e Gamma Loader.exe
 O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
 O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
 O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
 O8 - Extra context menu item: Set as New Emoticon - C:\DOCUME~1\Marie\LOCALS~1\Tem​p\Répertoire temporaire 2 pour messengermixlive_1.1.zip\Messe​ngerMixLive_1.1\MixCE.htm
 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C0​4F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C0​4F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4AC​F32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050B​A6940E3} - C:\Program Files\FlashGet\FlashGet.exe
 O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050B​A6940E3} - C:\Program Files\FlashGet\FlashGet.exe
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
 O11 - Options group: [INTERNATIONAL] International*
 O15 - Trusted Zone: http://www.secuser.com
 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14​556272C} (Checkers Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45​A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6​333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ [...] E_UNO1.cab
 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F2​1721616} - http://download.divx.com/playe [...] Plugin.cab
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD​1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F​29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/a [...] asinst.cab
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-22031​3175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFr [...] b34246.cab
 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46​475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b56907.cab
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O16 - DPF: {E1342154-4889-42B5-BEF6-19237​577048F} (OberongamesLoader Object) - http://jeux.wanadoo.fr/online2 [...] loader.cab
 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F3855​91623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/ [...] b31267.cab
 O17 - HKLM\System\CS2\Services\Tcpip​\Parameters: NameServer = 208.67.220.220,208.67.222.222
 O17 - HKLM\System\CS3\Services\Tcpip​\Parameters: NameServer = 208.67.220.220,208.67.222.222
 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL
 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL
 O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy​.dll (file missing)
 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.d​ll
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D52​4869DB5} - C:\WINDOWS\system32\WPDShServi​ceObj.dll
 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
 O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.ex​e
 O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
 O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.ex​e
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​050\Intel 32\IDriverT.exe
 O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs​\jqs.conf (file missing)
 O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
 O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingSe​rvice.exe
 O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
 O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
 O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe (file missing)
 O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
 O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe (file missing)
 O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.e​xe
 O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe (file missing)
 O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8​\bin\httpd.exe" -k runservice (file missing)
 O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b​\bin\mysqld-nt.exe
 




 Merci, Cordialement


(Publicité)
May CastleCops live forever in our memories.
curson
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 12/01/2009 à 22:13:31  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 Quel est ton antivirus ?

 Il y a des éléments de BitDefender, Kaspersky, Avast et Panda Antivirus sur ton système.

chill26
  1. Posté le 12/01/2009 à 22:23:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,
 A la base kaspersky mais je ne suis pas arrivé a suprimer tout les reste des autres antivirus

May CastleCops live forever in our memories.
curson
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 12/01/2009 à 22:54:00  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 1) Désinstalle FlashGet via ajout/suppression de programmes.


 2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
 



KILLALL::

 Driver::
 Bonjour Service
 ndisprot
 aswSP
 ShldDrv
 AvFlt
 ComFiltr
 FILESpy
 gsplittm
 vgatvnt
 ypcmcia
 aswFsBlk
 cpoint
 PavProc

 Registry::
 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "C:\\Documents and Settings\\Marie\\Mes documents\\My Completed Downloads\\FILE\\update.exe"=-
 "C:\\Documents and Settings\\Marie\\Mes documents\\AdO`ScRiPt\\AdOs`Sc​RipT.exe"=-
 "C:\\mIRC\\mirc.exe"=-
 "C:\\Program Files\\FlashGet\\flashget.exe"​=-
 "C:\\Program Files\\Bonjour\\mDNSResponder.​exe"=-

 File::
 C:\Documents and Settings\Marie\Application Data\wklnhst.dat
 C:\Delme.bat
 C:\Documents and Settings\Mah\Application Data\wklnhst.dat
 C:\Documents and Settings\Marie\Mes documents\My Completed Downloads\FILE\update.exe
 C:\WINDOWS\system32\drivers\av​5flt.sys
 C:\WINDOWS\system32\DRIVERS\CO​MFiltr.sys
 C:\DOCUME~1\Marie\LOCALS~1\Tem​p\gsplittm.sys
 C:\WINDOWS\system32\drivers\nd​isprot.sys
 C:\Documents and Settings\vgatvnt.sys
 C:\DOCUME~1\Marie\LOCALS~1\Tem​p\ypcmcia.sys
 C:\WINDOWS\system32\DRIVERS\as​wFsBlk.sys
 C:\WINDOWS\system32\Drivers\cp​oint.sys
 C:\WINDOWS\system32\DRIVERS\Pa​vProc.sys

 Folder::
 C:\32788R22FWJFW
 C:\Program Files\Bonjour
 C:\Program Files\FlashGet
 C:\Documents and Settings\Marie\Mes documents\AdO`ScRiPt
 C:\Program Files\Softwin\BitDefender Desktop
 C:\mIRC




 - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 http://i261.photobucket.com/al​bums/ii49/Malekal_morte/CFScri​pt-2.gif

 - Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
 - Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
 Ne touche à rien tant que le scan n'est pas terminé.
 - Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

 - Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


 3) Affiche les fichiers et les dossiers cachés ainsi que les fichiers protégés du système d'exploitation. Tutorial.


 5) J'aimerais que tu scannes les fichiers suivant sur VirusTotal ; Tutorial : http://forum.malekal.com/viewt [...] amp;t=9828
 



C:\WINDOWS\system32\FC8913EC0C​.sys



 Poste les rapports de scan ici.


 5) Télécharge OTViewIt de OldTimer sur ton bureau.

 - Fermes toutes les fenêtres et applications.
 - Double clique sur OTViewIt.exe pour le lancer.
 - Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
 - Clique sur le bouton "Run Scan".
 - Patiente quelques minutes.
 - le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.

 Si le bloc note ne s'ouvre pas, tu les trouveras ton bureau : OTViewIt.txt et Extras.txt

(Publicité)
chill26
  1. Posté le 15/01/2009 à 17:59:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour, Voici les différents log dans l'ordre si aucun logiciel antivrus n'es apparu c'est que j'ai désinstaller kaspersky pour installer la nouvelle version par la suite.
 Les mises a jour qui paravant ne voulait pas se faire a cause de ce trojan ont pu ce faire.
 J'éspére que mon ordinateur n'es plus infecté par d'autre trojan ou virus.
 Merci.

 



ComboFix 09-01-13.04 - Marie 2009-01-15 13:19:44.3 - NTFSx86
 Microsoft Windows XP Édition familiale  5.1.2600.3.1252.1.1036.18.511.​90 [GMT 1:00]
 Lancé depuis: c:\documents and settings\Marie\Bureau\Combo-Fi​x.exe
 Commutateurs utilisés :: c:\documents and settings\Marie\Bureau\CFScript​.txt
 AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
 AV: Panda Titanium 2006 Antivirus + Antispyware *On-access scanning disabled* (Outdated)
 FW: Panda Titanium 2006 Personal Firewall *disabled*
 * Un nouveau point de restauration a été créé

 FILE ::
 C:\Delme.bat
 c:\docume~1\Marie\LOCALS~1\Tem​p\gsplittm.sys
 c:\docume~1\Marie\LOCALS~1\Tem​p\ypcmcia.sys
 c:\documents and settings\Mah\Application Data\wklnhst.dat
 c:\documents and settings\Marie\Application Data\wklnhst.dat
 c:\documents and settings\Marie\Mes documents\My Completed Downloads\FILE\update.exe
 c:\documents and settings\vgatvnt.sys
 c:\windows\system32\DRIVERS\as​wFsBlk.sys
 c:\windows\system32\drivers\av​5flt.sys
 c:\windows\system32\DRIVERS\CO​MFiltr.sys
 c:\windows\system32\Drivers\cp​oint.sys
 c:\windows\system32\drivers\nd​isprot.sys
 c:\windows\system32\DRIVERS\Pa​vProc.sys
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 C:\Delme.bat
 c:\documents and settings\Mah\Application Data\wklnhst.dat
 c:\documents and settings\Marie\Application Data\wklnhst.dat
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\addrbk.in​i
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\AdOs`ScRi​pT.exe
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\AdOs`ScRi​pT.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\aliases.i​ni
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\a​ntipv.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\d​ll\dialog.mdx
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\d​ll\listfiles.dll
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\d​ll\MDX.DLL
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\d​ll\nCluf.dll
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\d​ll\VIEWS.MDX
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\1.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\10.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\11.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\12.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\13.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\14.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\15.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\2.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\3.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\4.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\5.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\6.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\7.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\8.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\9.ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\i​mages\Thumbs.db
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\l​istmsg.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\anti-pv\l​istpv.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\backup\ir​cintro.hlp
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\backup\mi​rc.exe
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\backup\mi​rc.hlp
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\backup\re​adme.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\backup\ve​rsions.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​channels.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​Coolsmile.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​EpiKnet.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​Fantasya.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​FunTChat.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​irc.tchatalor.fr.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​Lyzea.Com.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​MindForge.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\channels\​tchat-ados.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\control.i​ni
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\3​D rouge.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\3​D.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\A​rgis.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\b​lanc.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\B​leu.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\c​urseur2.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\C​URSOR.DLL
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\F​lèche bleue 2.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\F​lèche bleue.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\F​lèche crème 2.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\F​lèche crème.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\F​lèche verte 2.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\F​lèche verte.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\g​ris.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\G​ros Blanc.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\j​aune.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\M​ini bleue.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\M​ini crème.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\M​ini rouge.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\M​ini verte.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\n​oir.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\s​cript1.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Curseur\v​ert.cur
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\help.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Images\bl​okg.bmp
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Images\bl​okh.bmp
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Images\Fo​nt.bmp
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Images\Fo​nt1.bmp
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Images\Th​umbs.db
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\listpv.tx​t
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\mirc.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ac​am.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ac​opv.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ap​m.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ar​ac.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\be​lge.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\bl​onde.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ca​m.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\co​pv.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\de​vine.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\fl​d.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\fl​ood.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\fu​n.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\if​.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\in​s.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\in​sultes.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ki​ckban\fld.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ki​ckban\ins.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ki​ckban\mj.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ki​ckban\mp.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ki​ckban\pb.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ki​ckban\sx.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ki​f.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ma​j.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\mj​.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\pb​.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\pm​.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ps​d.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\ps​eudo.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\pu​b.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\Ra​c.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\se​x.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\motifs\sx​.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\BARS.​MDX
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\Contr​ole.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\CTL_G​EN.MDX
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\dialo​g.mdx
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\Icone​s.dll
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\MDX.D​LL
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\Mp3-P​l.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\Mp3__​.jpg
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\POPUP​S.DLL
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3\VIEWS​.MDX
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3Aliase​s.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Mp3Player​.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\NotifySav​e.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\PatchWise​.bak\mirc.exe
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\PatchWise​.bak\mirc.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\popups.in​i
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\1.​ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\2.​ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\3.​ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\4.​ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\5.​ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\6.​ico
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\BA​RS.MDX
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\Ex​plications.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\MD​X.DLL
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\qu​otes.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\qu​otes.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Quotes\Wi​nRgn.dll
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\remote.in​i
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Remotes\C​ouleurs.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Remotes\D​étécteur.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Remotes\H​ightLight.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Remotes\R​accourcis.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Remotes\R​aw.ini
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Remotes\s​ajoin.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Remotes\S​ons.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\d​ata.txt
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\d​ialog.mdx
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\m​dx.dll
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\p​opups.dll
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\s​canner.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\s​cript1.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\s​cript2.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\s​cript3.mrc
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\scanner\v​iews.mdx
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\servers.i​ni
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\Ba​ng.WAV
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\Co​nnect.wav
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\hl​.WAV
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\Jo​in.WAV
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\Ki​ck.wav
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\no​tice.WAV
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\Pa​rt.wav
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\Po​p.WAV
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\sounds\pv​.WAV
 c:\documents and settings\Marie\Mes documents\AdO`ScRiPt\Uninstal.​exe
 c:\documents and settings\Marie\Mes documents\My Completed Downloads\FILE\update.exe
 C:\mIRC
 c:\mirc\addons\ascii-es.mrc
 c:\mirc\addons\ascii\2DEDOS2.A​SC
 c:\mirc\addons\ascii\MACARENA.​ASC
 c:\mirc\addons\ascii\navego.as​c
 c:\mirc\addons\stn.mrc
 c:\mirc\aliases.ini
 c:\mirc\backup\aliases.ini
 c:\mirc\backup\ircintro.hlp
 c:\mirc\backup\mirc.exe
 c:\mirc\backup\mirc.hlp
 c:\mirc\backup\mirc.ini
 c:\mirc\backup\popups.ini
 c:\mirc\backup\readme.txt
 c:\mirc\backup\servers.ini
 c:\mirc\backup\urls.ini
 c:\mirc\backup\versions.txt
 c:\mirc\channels\channels.txt
 c:\mirc\ircap.ini
 c:\mirc\ircintro.hlp
 c:\mirc\lng\cat\billar.ini
 c:\mirc\lng\cat\cat.id
 c:\mirc\lng\cat\ccfg.lnh
 c:\mirc\lng\cat\conn.lnh
 c:\mirc\lng\cat\fserver.lnh
 c:\mirc\lng\cat\jabber.lnh
 c:\mirc\lng\cat\menu.lnh
 c:\mirc\lng\cat\misc.ini
 c:\mirc\lng\cat\msg.ini
 c:\mirc\lng\cat\setup.ini
 c:\mirc\lng\cat\setup.lnh
 c:\mirc\lng\cat\tip.txt
 c:\mirc\lng\cat\tool.lnh
 c:\mirc\lng\de\billar.ini
 c:\mirc\lng\de\ccfg.lnh
 c:\mirc\lng\de\conn.lnh
 c:\mirc\lng\de\de.id
 c:\mirc\lng\de\fserver.lnh
 c:\mirc\lng\de\jabber.lnh
 c:\mirc\lng\de\menu.lnh
 c:\mirc\lng\de\misc.ini
 c:\mirc\lng\de\msg.ini
 c:\mirc\lng\de\servers.txt
 c:\mirc\lng\de\setup.ini
 c:\mirc\lng\de\setup.lnh
 c:\mirc\lng\de\tip.txt
 c:\mirc\lng\de\tool.lnh
 c:\mirc\lng\ek\billar.ini
 c:\mirc\lng\ek\ccfg.lnh
 c:\mirc\lng\ek\conn.lnh
 c:\mirc\lng\ek\ek.id
 c:\mirc\lng\ek\fserver.lnh
 c:\mirc\lng\ek\jabber.lnh
 c:\mirc\lng\ek\menu.lnh
 c:\mirc\lng\ek\misc.ini
 c:\mirc\lng\ek\msg.ini
 c:\mirc\lng\ek\setup.ini
 c:\mirc\lng\ek\setup.lnh
 c:\mirc\lng\ek\tip.txt
 c:\mirc\lng\ek\tool.lnh
 c:\mirc\lng\en\billar.ini
 c:\mirc\lng\en\ccfg.lnh
 c:\mirc\lng\en\conn.lnh
 c:\mirc\lng\en\en.id
 c:\mirc\lng\en\fserver.lnh
 c:\mirc\lng\en\jabber.lnh
 c:\mirc\lng\en\menu.lnh
 c:\mirc\lng\en\misc.ini
 c:\mirc\lng\en\msg.ini
 c:\mirc\lng\en\servers.txt
 c:\mirc\lng\en\setup.ini
 c:\mirc\lng\en\setup.lnh
 c:\mirc\lng\en\tip.txt
 c:\mirc\lng\en\tool.lnh
 c:\mirc\lng\es\billar.ini
 c:\mirc\lng\es\ccfg.lnh
 c:\mirc\lng\es\conn.lnh
 c:\mirc\lng\es\es.id
 c:\mirc\lng\es\fserver.lnh
 c:\mirc\lng\es\jabber.lnh
 c:\mirc\lng\es\menu.lnh
 c:\mirc\lng\es\misc.ini
 c:\mirc\lng\es\msg.ini
 c:\mirc\lng\es\servers.txt
 c:\mirc\lng\es\setup.ini
 c:\mirc\lng\es\setup.lnh
 c:\mirc\lng\es\tip.txt
 c:\mirc\lng\es\tool.lnh
 c:\mirc\lng\fr\billar.ini
 c:\mirc\lng\fr\ccfg.lnh
 c:\mirc\lng\fr\conn.lnh
 c:\mirc\lng\fr\fr.id
 c:\mirc\lng\fr\fserver.lnh
 c:\mirc\lng\fr\jabber.lnh
 c:\mirc\lng\fr\menu.lnh
 c:\mirc\lng\fr\misc.ini
 c:\mirc\lng\fr\msg.ini
 c:\mirc\lng\fr\servers.txt
 c:\mirc\lng\fr\setup.ini
 c:\mirc\lng\fr\setup.lnh
 c:\mirc\lng\fr\tip.txt
 c:\mirc\lng\fr\tool.lnh
 c:\mirc\lng\ga\billar.ini
 c:\mirc\lng\ga\ccfg.lnh
 c:\mirc\lng\ga\conn.lnh
 c:\mirc\lng\ga\fserver.lnh
 c:\mirc\lng\ga\ga.id
 c:\mirc\lng\ga\jabber.lnh
 c:\mirc\lng\ga\menu.lnh
 c:\mirc\lng\ga\misc.ini
 c:\mirc\lng\ga\msg.ini
 c:\mirc\lng\ga\setup.ini
 c:\mirc\lng\ga\setup.lnh
 c:\mirc\lng\ga\tip.txt
 c:\mirc\lng\ga\tool.lnh
 c:\mirc\lng\it\billar.ini
 c:\mirc\lng\it\ccfg.lnh
 c:\mirc\lng\it\conn.lnh
 c:\mirc\lng\it\fserver.lnh
 c:\mirc\lng\it\it.id
 c:\mirc\lng\it\jabber.lnh
 c:\mirc\lng\it\menu.lnh
 c:\mirc\lng\it\misc.ini
 c:\mirc\lng\it\msg.ini
 c:\mirc\lng\it\servers.txt
 c:\mirc\lng\it\setup.ini
 c:\mirc\lng\it\setup.lnh
 c:\mirc\lng\it\tip.txt
 c:\mirc\lng\it\tool.lnh
 c:\mirc\lng\pl\billar.ini
 c:\mirc\lng\pl\ccfg.lnh
 c:\mirc\lng\pl\conn.lnh
 c:\mirc\lng\pl\fserver.lnh
 c:\mirc\lng\pl\jabber.lnh
 c:\mirc\lng\pl\menu.lnh
 c:\mirc\lng\pl\misc.ini
 c:\mirc\lng\pl\msg.ini
 c:\mirc\lng\pl\pl.id
 c:\mirc\lng\pl\servers.txt
 c:\mirc\lng\pl\setup.ini
 c:\mirc\lng\pl\setup.lnh
 c:\mirc\lng\pl\tip.txt
 c:\mirc\lng\pl\tool.lnh
 c:\mirc\lng\pt\billar.ini
 c:\mirc\lng\pt\ccfg.lnh
 c:\mirc\lng\pt\conn.lnh
 c:\mirc\lng\pt\fserver.lnh
 c:\mirc\lng\pt\jabber.lnh
 c:\mirc\lng\pt\menu.lnh
 c:\mirc\lng\pt\misc.ini
 c:\mirc\lng\pt\msg.ini
 c:\mirc\lng\pt\pt.id
 c:\mirc\lng\pt\servers.txt
 c:\mirc\lng\pt\setup.ini
 c:\mirc\lng\pt\setup.lnh
 c:\mirc\lng\pt\tip.txt
 c:\mirc\lng\pt\tool.lnh
 c:\mirc\logs\#Accueil.log
 c:\mirc\logs\#Blablatons.log
 c:\mirc\logs\#coolfunny.log
 c:\mirc\logs\#Free_Style.log
 c:\mirc\logs\#paradize.log
 c:\mirc\logs\#Tchat.log
 c:\mirc\logs\SPAM.log
 c:\mirc\mirc.exe
 c:\mirc\mirc.hlp
 c:\mirc\mirc.ini
 c:\mirc\mod\Billar\Billar.ini
 c:\mirc\mod\Billar\Billar.mrc
 c:\mirc\mod\Billar\bolas.bmp
 c:\mirc\mod\Billar\mesa.png
 c:\mirc\mod\Billar\punto.wav
 c:\mirc\mod\Billar\taco.wav
 c:\mirc\mod\Billar\tiro.wav
 c:\mirc\mod\Canalprot\canalpro​t.ini
 c:\mirc\mod\Canalprot\canalpro​t.mrc
 c:\mirc\mod\cartel\cartel.ini
 c:\mirc\mod\cartel\cartel.mrc
 c:\mirc\mod\cartel\setup_carte​l.mrc
 c:\mirc\mod\Fserver\fserver.in​i
 c:\mirc\mod\Fserver\fserver.mr​c
 c:\mirc\mod\Fserver\fserver.pn​g
 c:\mirc\mod\Fserver\setup_fser​ver.mrc
 c:\mirc\mod\Jabber\jabber.ini
 c:\mirc\mod\Jabber\Jabber.mrc
 c:\mirc\mod\Jabber\jabber2.mrc
 c:\mirc\mod\Jabber\online.wav
 c:\mirc\mod\Jabber\setup_jabbe​r.mrc
 c:\mirc\mod\mp3player\mp3playe​r.ini
 c:\mirc\mod\mp3player\mp3playe​r.mrc
 c:\mirc\mod\mp3player\mp3vario​s.mrc
 c:\mirc\mod\mp3player\playlist​.mrc
 c:\mirc\mod\mp3player\setup_mp​3player.mrc
 c:\mirc\mod\Trivial\Colorines.​trv
 c:\mirc\mod\Trivial\ircap69.tr​v
 c:\mirc\mod\Trivial\ircaptrivi​al.ini
 c:\mirc\mod\Trivial\ircaptrivi​al.mrc
 c:\mirc\mod\Trivial\japon.TXT
 c:\mirc\mod\Trivial\Monocromo.​trv
 c:\mirc\mod\Trivial\trivial.in​i
 c:\mirc\motd.txt
 c:\mirc\popups.ini
 c:\mirc\readme.txt
 c:\mirc\s\alias.mrc
 c:\mirc\s\banners\banners.ini
 c:\mirc\s\banners\ircap.com.jp​g
 c:\mirc\s\botgui.mrc
 c:\mirc\s\canalcfg.mrc
 c:\mirc\s\conn.mrc
 c:\mirc\s\creditos.mrc
 c:\mirc\s\dina.mrc
 c:\mirc\s\gmod.mrc
 c:\mirc\s\inicio.mrc
 c:\mirc\s\ircap1.mrc
 c:\mirc\s\IRsys\instala\arrseq​.txt
 c:\mirc\s\IRsys\instala\away.t​xt
 c:\mirc\s\IRsys\instala\banner​smp3.txt
 c:\mirc\s\IRsys\instala\bounce​r.txt
 c:\mirc\s\IRsys\instala\canalg​lobal.ini
 c:\mirc\s\IRsys\instala\correc​tor.hash
 c:\mirc\s\IRsys\instala\fserve​rbanner.txt
 c:\mirc\s\IRsys\instala\IRcapE​stilos.eti
 c:\mirc\s\IRsys\instala\minico​nos.bmp
 c:\mirc\s\IRsys\instala\nickco​mpletion.txt
 c:\mirc\s\IRsys\instala\nicks.​txt
 c:\mirc\s\IRsys\instala\quits.​txt
 c:\mirc\s\IRsys\instala\topics​.txt
 c:\mirc\s\IRsys\ircap.ico
 c:\mirc\s\IRsys\paises.txt
 c:\mirc\s\listador.mrc
 c:\mirc\s\log\nicks.log
 c:\mirc\s\menu_bar.mrc
 c:\mirc\s\menu_canal.mrc
 c:\mirc\s\menu_nlist.mrc
 c:\mirc\s\menu_priv.mrc
 c:\mirc\s\menu_status.mrc
 c:\mirc\s\net\aol.com.net
 c:\mirc\s\net\azzurra.org.net
 c:\mirc\s\net\brasnet.org.net
 c:\mirc\s\net\croom.inb
 c:\mirc\s\net\dal.net.net
 c:\mirc\s\net\dalnet.inb
 c:\mirc\s\net\elsitio.com.net
 c:\mirc\s\net\epiknet.org.net
 c:\mirc\s\net\freenode.net.net
 c:\mirc\s\net\globalchat.org.n​et
 c:\mirc\s\net\hispano.inb
 c:\mirc\s\net\icq.com.net
 c:\mirc\s\net\irc-hispano.org.​net
 c:\mirc\s\net\irc.cl.net
 c:\mirc\s\net\ircitalia.net.ne​t
 c:\mirc\s\net\ircitaly.net.net
 c:\mirc\s\net\mindforge.org.ne​t

 c:\mirc\s\net\PTlink.net.net
 c:\mirc\s\net\ptnet.org.net
 c:\mirc\s\net\quakenet.inb
 c:\mirc\s\net\quakenet.org.net
 c:\mirc\s\net\red-latina.org.n​et
 c:\mirc\s\net\terra.cl.net
 c:\mirc\s\net\undernet.inb
 c:\mirc\s\net\undernet.org.net
 c:\mirc\s\net\webchat.org.net
 c:\mirc\s\sbar\sba.bandw.mrc
 c:\mirc\s\sbar\sba.buscador.mr​c
 c:\mirc\s\sbar\sba.ircom.mrc
 c:\mirc\s\sbar\sba.jabber.mrc
 c:\mirc\s\sbar\sba.lag.mrc
 c:\mirc\s\sbar\sba.notify.mrc
 c:\mirc\s\sbar\sba.plist.mrc
 c:\mirc\s\sbar\sba.Reloj.mrc
 c:\mirc\s\sbar\sba.switch.mrc
 c:\mirc\s\sbar\Tierra.png
 c:\mirc\s\setup.mrc
 c:\mirc\s\setup_escritu.mrc
 c:\mirc\s\setup_red.mrc
 c:\mirc\s\setup_skins.mrc
 c:\mirc\s\usuario.niv
 c:\mirc\s\util\g-canalfav.mrc
 c:\mirc\s\util\g-dccs.mrc
 c:\mirc\s\util\g-infodom.mrc
 c:\mirc\s\util\g-leelog.mrc
 c:\mirc\s\util\g-memosend.mrc
 c:\mirc\s\util\g-siguenick.mrc
 c:\mirc\s\util\g-ulista.mrc
 c:\mirc\s\util\liserv.mrc
 c:\mirc\s\util\memolee.mrc
 c:\mirc\s\validamrc.mrc
 c:\mirc\s\variables.var
 c:\mirc\servers.ini
 c:\mirc\skin\BASE\abrew.wav
 c:\mirc\skin\BASE\bar.png
 c:\mirc\skin\BASE\base.ewv
 c:\mirc\skin\BASE\Base.tti
 c:\mirc\skin\BASE\bip.wav
 c:\mirc\skin\BASE\c-audio.png
 c:\mirc\skin\BASE\cierraw.wav
 c:\mirc\skin\BASE\clones.wav
 c:\mirc\skin\BASE\ctcp.wav
 c:\mirc\skin\BASE\cuac.wav
 c:\mirc\skin\BASE\deop.wav
 c:\mirc\skin\BASE\fallo.wav
 c:\mirc\skin\BASE\flood.wav
 c:\mirc\skin\BASE\fondoico.png
 c:\mirc\skin\BASE\join.wav
 c:\mirc\skin\BASE\key.wav
 c:\mirc\skin\BASE\kick.wav
 c:\mirc\skin\BASE\login.wav
 c:\mirc\skin\BASE\MECAI.WAV
 c:\mirc\skin\BASE\miniconos.bm​p
 c:\mirc\skin\BASE\notice.wav
 c:\mirc\skin\BASE\op.wav
 c:\mirc\skin\BASE\Opt.bmp
 c:\mirc\skin\BASE\Ring.wav
 c:\mirc\skin\BASE\send.wav
 c:\mirc\skin\BASE\setup.png
 c:\mirc\skin\BASE\skin-away.pn​g
 c:\mirc\skin\BASE\skin-dcc.png
 c:\mirc\skin\BASE\skin-help.pn​g
 c:\mirc\skin\BASE\skin-irc.png
 c:\mirc\skin\BASE\skin-log.png
 c:\mirc\skin\BASE\skin-mail.pn​g
 c:\mirc\skin\BASE\skin-mod.png
 c:\mirc\skin\BASE\skin-notas.p​ng
 c:\mirc\skin\BASE\skin-server.​png
 c:\mirc\skin\BASE\skin-tool.pn​g
 c:\mirc\skin\BASE\skin-ulist.p​ng
 c:\mirc\skin\BASE\skin-web.png
 c:\mirc\skin\BASE\skin-wri.png
 c:\mirc\skin\BASE\skin.ini
 c:\mirc\skin\Neablue\bar.png
 c:\mirc\skin\Neablue\c-audio.p​ng
 c:\mirc\skin\Neablue\miniconos​.bmp
 c:\mirc\skin\Neablue\Opt.bmp
 c:\mirc\skin\Neablue\setup.png
 c:\mirc\skin\Neablue\skin-away​.png
 c:\mirc\skin\Neablue\skin-bot.​png
 c:\mirc\skin\Neablue\skin-dcc.​png
 c:\mirc\skin\Neablue\skin-help​.png
 c:\mirc\skin\Neablue\skin-irc.​png
 c:\mirc\skin\Neablue\skin-log.​png
 c:\mirc\skin\Neablue\skin-mail​.png
 c:\mirc\skin\Neablue\skin-mod.​png
 c:\mirc\skin\Neablue\skin-nota​s.png
 c:\mirc\skin\Neablue\skin-serv​er.png
 c:\mirc\skin\Neablue\skin-tool​.png
 c:\mirc\skin\Neablue\skin-ulis​t.png
 c:\mirc\skin\Neablue\skin-web.​png
 c:\mirc\skin\Neablue\skin-wri.​png
 c:\mirc\skin\Neablue\skin.ini
 c:\mirc\skin\temastxt\Bitchx-e​n.tti
 c:\mirc\skin\temastxt\Bitchx-e​s.tti
 c:\mirc\skin\temastxt\IRcap751​-es.tti
 c:\mirc\skin\temastxt\Tribe-en​.tti
 c:\mirc\skin\temastxt\Tribe-es​.tti
 c:\mirc\skin\temastxt\ViagraPo​wer-es.tti
 c:\mirc\urls.ini
 c:\mirc\usr\arrseq.txt
 c:\mirc\usr\away.txt
 c:\mirc\usr\bannersmp3.txt
 c:\mirc\usr\bouncer.txt
 c:\mirc\usr\canalglobal.ini
 c:\mirc\usr\copiavariables.ca8
 c:\mirc\usr\corrector.hash
 c:\mirc\usr\fserverbanner.txt
 c:\mirc\usr\infrac.tmp
 c:\mirc\usr\IRcapEstilos.eti
 c:\mirc\usr\ircapusr.cfg
 c:\mirc\usr\nickcompletion.txt
 c:\mirc\usr\nicks.txt
 c:\mirc\usr\quits.txt
 c:\mirc\usr\Tchat.cch
 c:\mirc\usr\topics.txt
 c:\mirc\versions.txt
 c:\program files\Bonjour
 c:\program files\Bonjour\About Bonjour.rtf
 c:\program files\Bonjour\mdnsNSP.dll
 c:\program files\Bonjour\mDNSResponder.ex​e
 c:\program files\FlashGet
 c:\program files\FlashGet\Config\BITS.ini
 c:\program files\FlashGet\Config\DHTTable​.dat
 c:\program files\FlashGet\Config\UPnP.ini
 c:\program files\FlashGet\Default.bk1
 c:\program files\FlashGet\Default.bk2
 c:\program files\FlashGet\Default.bk3
 c:\program files\FlashGet\Default.jcd
 c:\program files\FlashGet\Default.jcd.bak
 c:\program files\FlashGet\fgbhocfg.ini
 c:\program files\FlashGet\fgmgr.dll
 c:\program files\FlashGet\FGMule\config\c​ore.cfg
 c:\program files\FlashGet\FGMule\config\c​ore.ed2k.svr
 c:\program files\FlashGet\FGMule\config\F​GEMCORE.cfg
 c:\program files\FlashGet\FGMule\log\stat​.db
 c:\program files\FlashGet\fgres1.ini
 c:\program files\FlashGet\FGUpdate1.ini
 c:\program files\FlashGet\FGUpdate2.ini
 c:\program files\FlashGet\FGUpdate3.ini
 c:\program files\FlashGet\flashget-00846A​41.dmp
 c:\program files\FlashGet\flashget-00846A​41.rpt
 c:\program files\FlashGet\FlashGet_LOGO.g​if
 c:\program files\FlashGet\Torrent\Daft Punk - Alive 2007.torrent
 c:\program files\FlashGet\Torrent\Daft Punk - Alive 2007.torrent.~tmp
 c:\program files\FlashGet\Torrent\Daft Punk - Alive 2007.torrent.bits
 c:\program files\FlashGet\Torrent\Daft Punk - Alive 2007.torrent.filelist
 c:\program files\FlashGet\Torrent\Daft Punk - Alive 2007.torrent.seeds
 c:\program files\Softwin\BitDefender Desktop
 c:\program files\Softwin\BitDefender Desktop\asdict.dat
 c:\program files\Softwin\BitDefender Desktop\ashist.dat
 c:\program files\Softwin\BitDefender Desktop\asstat.ini
 c:\program files\Softwin\BitDefender Desktop\vshield.log
 c:\windows\system32\drivers\nd​isprot.sys

 .
 ((((((((((((((((((((((((((((((​(((((((((   Pilotes/Services   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .

 -------\Legacy_ASWFSBLK
 -------\Legacy_ASWSP
 -------\Legacy_AVFLT
 -------\Legacy_BONJOUR_SERVICE
 -------\Legacy_COMFILTR
 -------\Legacy_CPOINT
 -------\Legacy_GSPLITTM
 -------\Legacy_NDISPROT
 -------\Legacy_PAVPROC
 -------\Legacy_SHLDDRV
 -------\Legacy_YPCMCIA
 -------\Service_aswFsBlk
 -------\Service_aswSP
 -------\Service_AvFlt
 -------\Service_Bonjour Service
 -------\Service_ComFiltr
 -------\Service_cpoint
 -------\Service_FILESpy
 -------\Service_gsplittm
 -------\Service_Ndisprot
 -------\Service_PavProc
 -------\Service_ShldDrv
 -------\Service_vgatvnt
 -------\Service_ypcmcia


 (((((((((((((((((((((((((((((   Fichiers créés du 2008-12-15 au 2009-01-15  ))))))))))))))))))))))))))))))​))))))
 .

 2009-01-13 19:27 . 2009-01-13 19:27 <REP> d-------- c:\program files\Brutus 2006
 2009-01-13 14:08 . 2009-01-14 15:21 1,374 --a------ c:\windows\imsins.BAK
 2009-01-06 14:58 . 2009-01-06 14:58 <REP> d-------- c:\program files\Ultra Tag Editor
 2009-01-06 13:35 . 2009-01-06 13:35 <REP> d-------- c:\program files\iPod
 2009-01-06 13:34 . 2009-01-06 13:35 <REP> d-------- c:\program files\iTunes
 2009-01-06 13:34 . 2009-01-06 13:35 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_​CA64CB79BCF6}
 2009-01-02 20:15 . 2009-01-02 20:18 <REP> d-------- c:\program files\FrostWire
 2008-12-16 11:00 . 2008-12-16 11:00 <REP> d-------- c:\documents and settings\Marie\Application Data\Iomatic
 2008-12-16 10:58 . 2008-12-16 10:58 <REP> d-------- c:\program files\FCleaner
 2008-12-16 10:58 . 2008-12-16 10:58 <REP> d-------- c:\documents and settings\All Users\Application Data\FTWeak

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2009-01-15 12:28 --------- d-----w c:\program files\Wanadoo
 2009-01-15 12:28 --------- d-----w c:\program files\DNA
 2009-01-15 12:28 --------- d-----w c:\documents and settings\Marie\Application Data\DNA
 2009-01-15 12:21 --------- d-----w c:\program files\Softwin
 2009-01-14 20:10 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
 2009-01-10 11:05 --------- d-----w c:\documents and settings\Marie\Application Data\TransRender
 2009-01-08 19:53 --------- d-----w c:\program files\Notepad++
 2009-01-07 17:34 --------- d-----w c:\documents and settings\Marie\Application Data\Temporary
 2009-01-06 12:35 --------- d-----w c:\program files\Fichiers communs\Apple
 2009-01-06 12:29 --------- d-----w c:\program files\QuickTime
 2009-01-04 18:02 --------- d-----w c:\documents and settings\Marie\Application Data\FrostWire
 2008-12-20 09:26 --------- d--h--w c:\program files\InstallShield Installation Information
 2008-12-16 11:18 --------- d-----w c:\program files\Fichiers communs\Adobe
 2008-12-15 19:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
 2008-12-14 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\EyePowerGames
 2008-12-14 12:00 --------- d-----w c:\documents and settings\Marie\Application Data\muvee Technologies
 2008-12-14 11:07 --------- d-----w c:\documents and settings\Marie\Application Data\Creative
 2008-12-14 10:35 --------- d-----w c:\program files\Creative
 2008-12-14 10:28 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
 2008-12-14 10:26 --------- d-----w c:\program files\SightSpeed
 2008-12-13 19:19 --------- d-----w c:\documents and settings\Marie\Application Data\MuldeR
 2008-12-13 19:09 --------- d-----w c:\program files\CDex_170b2
 2008-12-13 14:41 --------- d-----w c:\documents and settings\Marie\Application Data\BitTorrent
 2008-12-13 14:09 --------- d-----w c:\program files\Java
 2008-12-13 13:52 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
 2008-12-13 11:45 --------- d-----w c:\program files\CCleaner
 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\sr​v.sys
 2008-12-06 15:32 --------- d-----w c:\program files\Rockstar Games
 2008-11-29 10:06 --------- d-----w c:\program files\AviSynth 2.5
 2008-11-22 16:49 --------- d-----w c:\program files\EasyPHP 2.0b1
 2008-11-16 16:10 --------- d-----w c:\program files\eMule
 2008-11-15 19:23 --------- d-----w c:\documents and settings\Marie\Application Data\uTorrent
 2008-11-15 10:53 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
 2007-02-12 08:08 357 ----a-w c:\documents and settings\Marie\.cb_layout.bin
 2006-05-10 09:27 774,144 ----a-w c:\program files\RngInterstitial.dll
 2007-06-06 16:38 56 --sh--r c:\windows\system32\FC8913EC0C​.sys
 2007-06-06 16:38 3,350 --sha-w c:\windows\system32\KGyGaAvL.s​ys
 .

 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "WOOKIT"="c:\program files\Wanadoo\GestMaj.exe" [2004-10-14 32768]
 "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
 "swg"="c:\program files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2007-08-21 68856]
 "ctfmon.exe"="c:\windows\syste​m32\ctfmon.exe" [2008-04-14 15360]
 "BgMonitor_{79662E04-7C6C-4d9f​-84C7-88D8A56B10AA}"="c:\progr​am files\Fichiers communs\Ahead\Lib\NMBgMonitor.​exe" [2007-01-15 147456]
 "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
 "Google Update"="c:\documents and settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdat​e.exe" [2008-11-13 133104]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "WOOWATCH"="c:\progra~1\Wanado​o\Watch.exe" [2004-08-23 20480]
 "WOOTASKBARICON"="c:\progra~1\​Wanadoo\GestMaj.exe" [2004-10-14 32768]
 "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
 "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]
 "HPDJ Taskbar Utility"="c:\windows\system32\​spool\drivers\w32x86\3\hpztsb1​0.exe" [2004-03-04 172032]
 "DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-04-25 280064]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e" [2008-11-10 136600]
 "V0350Mon.exe"="c:\windows\V03​50Mon.exe" [2007-06-04 32768]
 "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
 "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
 "SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="c:\windows\syste​m32\CTFMON.EXE" [2008-04-14 15360]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "VIDC.PIM1"= PCLEPIM1.dll
 "msacm.l3codec"= l3codecp.acm

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\session manager]
 BootExecute REG_MULTI_SZ    autocheck autochk *\0OODBS

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Crea​tive Live! Cam Manager]
 --------- 2007-06-07 14:01 155648 c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\FTweakFCleaner]
 --a------ 2008-12-12 15:28 1589760 c:\program files\FCleaner\FCleaner.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\NeroFilterCheck]
 --a------ 2006-01-12 15:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.ex​e

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%windir%\\system32\\sessmgr.e​xe"=
 "c:\\Program Files\\eMule\\emule.exe"=
 "c:\\Program Files\\BitTorrent\\bittorrent.​exe"=
 "c:\\WINDOWS\\system32\\dplays​vr.exe"=
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "c:\\WINDOWS\\system32\\rtcsha​re.exe"=
 "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
 "c:\\Program Files\\mIRC\\mirc.exe"=
 "c:\\Program Files\\Wanadoo\\WOOBrowser\\WO​OBrowser.exe"=
 "c:\\WINDOWS\\system32\\java.e​xe"=
 "c:\\Program Files\\VirtualDJ\\virtualdj_tr​ial.exe"=
 "c:\\Program Files\\FileZilla\\FileZilla.ex​e"=
 "c:\\Program Files\\Messenger\\msmsgs.exe"=
 "c:\\WINDOWS\\pchealth\\helpct​r\\binaries\\helpctr.exe"=
 "c:\\wamp\\bin\\apache\\apache​2.2.8\\bin\\httpd.exe"=
 "c:\\Program Files\\DNA\\btdna.exe"=
 "c:\\Documents and Settings\\Marie\\Bureau\\Mathi​eu\\My Progams\\CubiX\\CubiX.exe"=
 "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"​=
 "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
 "c:\\Program Files\\FrostWire\\FrostWire.ex​e"=
 "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
 "c:\\Program Files\\SightSpeed\\SightSpeed.​exe"=
 "c:\\Program Files\\iTunes\\iTunes.exe"=

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\GloballyOpenPorts\L​ist]
 "1162:UDP"= 1162:UDP:Windows Media Format SDK (WOOBrowser.exe)
 "1163:UDP"= 1163:UDP:Windows Media Format SDK (WOOBrowser.exe)
 "1164:UDP"= 1164:UDP:Windows Media Format SDK (WOOBrowser.exe)
 "17348:TCP"= 17348:TCP:BitComet 17348 TCP
 "17348:UDP"= 17348:UDP:BitComet 17348 UDP
 "6346:TCP"= 6346:TCP:*:Disabled:Gnutella
 "6346:UDP"= 6346:UDP:*:Disabled:Gnutella

 R3 pctvvbi;PCTVVBI;c:\windows\sys​tem32\drivers\pctvvbi.sys [2006-04-21 6400]
 R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers​\V0350Afx.sys [2008-12-14 142656]
 R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers​\V0350Vfx.sys [2008-12-14 7424]
 R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\d​rivers\V0350Vid.sys [2008-12-14 170368]
 R4 NwSapAgent;Agent SAP;c:\windows\system32\svchos​t.exe -k netsvcs [2004-08-05 14336]
 R4 OPTENET_FILTER;Control Parental;c:\program files\Controle Parental\bin\optproxy.exe [2006-11-18 564400]
 S1 SASKUTIL;SASKUTIL;\??\c:\progr​am files\SUPERAntiSpyware\SASKUTI​L.sys --> c:\program files\SUPERAntiSpyware\SASKUTI​L.sys [?]
 S1 tvtool;tvtool;\??\c:\program files\TVTool 9.5\tvtool.sys --> c:\program files\TVTool 9.5\tvtool.sys [?]
 S3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\dr​ivers\3xHybrid.sys [2006-04-21 504832]
 S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRI​VERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\Cn​xEtP.sys [?]
 S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRI​VERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\Cn​xEtU.sys [?]
 S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRI​VERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\Cn​xTgNW.sys [?]
 .
 Contenu du dossier 'Tâches planifiées'

 2008-11-12 c:\windows\Tasks\AppleSoftware​Update.job
 - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 2009-01-15 c:\windows\Tasks\GoogleUpdateT​askUserS-1-5-21-1757981266-167​7128483-839522115-1004.job
 - c:\documents and settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdat​e.exe [2008-11-13 21:06]

 2009-01-15 c:\windows\Tasks\Maintenance en 1 clic.job
 - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

 2008-01-27 c:\windows\Tasks\Microsoft_Har​dware_Launch_IPoint_exe.job
 - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 00:52]

 2008-01-27 c:\windows\Tasks\Microsoft_Har​dware_Launch_IType_exe.job
 - c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-22 02:08]
 .
 .
 ------- Examen supplémentaire -------
 .
 uStart Page = hxxp://www.google.fr/ig?hl=fr
 uSearchMigratedDefaultURL = hxxp://search.msn.fr/spresults​.aspx?q={searchTerms}
 uInternet Connection Wizard,ShellNext = iexplore
 uInternet Settings,ProxyOverride = *.local
 IE: Set as New Emoticon - c:\docume~1\Marie\LOCALS~1\Tem​p\Répertoire temporaire 2 pour messengermixlive_1.1.zip\Messe​ngerMixLive_1.1\MixCE.htm
 IE: { - c:\program files\Messenger\msmsgs.exe
 Trusted Zone: *.localhost
 Trusted Zone: www.secuser.com

 c:\windows\Downloaded Program Files\Oberongamesloader.dll - O16 -: {E1342154-4889-42B5-BEF6-19237​577048F}
 hxxp://jeux.wanadoo.fr/online2​/bejeweled2/Oberongamesloader.​cab
 c:\windows\Downloaded Program Files\Oberongamesloader.inf
 FF - ProfilePath - c:\documents and settings\Marie\Application Data\Mozilla\Firefox\Profiles\​7lr5qy95.default\
 FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/f​irefox?client=firefox-a&rls=or​g.mozilla:fr:official
 FF - plugin: c:\documents and settings\Marie\Local Settings\Application Data\Google\Update\1.2.133.33\​npGoogleOneClick7.dll
 FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.d​ll
 .

 ******************************​******************************​**************

 catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2009-01-15 13:28:06
 Windows 5.1.2600 Service Pack 3 NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************
 .
 --------------------- CLES DE REGISTRE BLOQUEES ---------------------

 [HKEY_LOCAL_MACHINE\software\Mi​crosoft\Windows\CurrentVersion​\System*]
 "OODEFRAG08.00.00.01WORKSTATIO​N"="37B853541598C2E1406497CAF3​FDB239A46E7EFEBFF8DB4A2E58F0E1​1AC9944D19D4124C40E6DE014B2AA5​394D441B1FA05790DF87654708B811​DC0DBB3FDB58E194D9D432F01F3614​BEC014A5C82601EB78F5FEBC9E127B​ECC74CFEBC9E127BECC74CFEBC9E12​7BECC74CFEBC9E127BECC74CFEBC9E​127BECC74CFEBC9E127BECC74C8EDD​5E5BE2F6E667C038D530D6EB3452A6​A0AC4980AC7933C038D530D6EB3452​1D9D5FB1A240C7C3461916F9CF48AF​F91445A8F2F2E0675110B9339B0633​97D6166EC5F11B7ACEAA4E35E2E082​81723F85D2D9C8C240F91FC812648F​E37CFAC958FA23C10485859E648C5A​C544F45055A28A8B217F0C3A8BAB61​5947CE930E5B2C10B97C6957250B64​26FA4C48AA5340FBD71B089E7C20D3​1D93EA57248256226B39FDE2AD6DE1​7F3F5577FE93ADF62A36EA97EE6DCD​93D91ADA23BC9556C9D808CA199887​435CB0F82AB4C6030EAC5E0D38422C​8A4173242FAB45D4262052DF035A6A​23FEDD2E76A97C4F77445FD84E4BF7​95F7EB1B91DB7EBF4462B0775037F4​41026FF241E24CFD6816C25AB9D510​53A53B70D625B4CFBE13C98A607397​88889EA5CB147BF9D135CC09439CB8​6FDA1A821496E82A16F13B68B059B6​B46C9CFCD3CF6D6A1969CC25CBE073​347B670DA8123150117CE35650430B​BC88D90C64A5872C6A4D2C17A2354E​0735A225F2A69D9CDC6613EEC03871​6E9D067E0BA5716A239D3EEBCC5F61​617D1BCCB7DF39CB282E1287865C42​762576606C15F05AFAC556B947C795​14B6BAC9EEE11CD3DAC78F967F43D8​1FF111852CFE8B9D3843DAC612C84B​372477F8E4E58801C9B365852CEA09​10471ACEAFC0255A5F3C93E991128C​4A70E21CC19D1949249A0FB1DF966B​02C54867314A9B183A084C6A394EC1​DCC0EDC1C8239F4222AF2D83108442​2FCD790227A0CBC9C16388CF1773E1​6332F46B1A2F3BE4B02761964AF3C3​E9FAA96A313CCF2D5829340CF0ADEB​7ACB0F4DB710688CDF0F09AE4BC24E​0873A0E981E84CA9472046352A9099​535872B72D2319F3A51030D531E167​3A4640BDEBE3D707333076D90BAFFC​836BA34DA56C0DE420A1D4D5FAEE23​EBD2C86F029793327315936C2A941E​4EAA8A923A24AF3371E9E8E72ADCDF​14529C3CFCBB144564923AFADA2D95​DA7D3D54E081DF158059112E215710​0A57069FE869AAD323E3AC35BAAF40​764D0DA81840D3EB18BFDEB018500D​C622222905656732691141E0BFBEA6​42B8004A5DA5F2D9C5CC95A5628E24​1284D0B45372D9EDD4831301E0FDF6​4AD0D104346A567CD12CAC5FC1ADF8​4CC8DB72D3CBAA284DF912DCC6E7DB​542CE2B4149F33EED1B9AFEA94A538​A1E14A8D37D5F0A09D0EAFBDA0D1E8​BBEDCD4089EB54D051FD00EDFB6C1A​E44BB0B2E6EC54C18F21823D5261A9​0C2026362817B4BAEE1F959F632D95​29EFA67DED53"
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
 c:\windows\system32\FTRTSVC.ex​e
 c:\program files\Java\jre6\bin\jqs.exe
 c:\windows\system32\oodag.exe
 c:\windows\system32\PnkBstrA.e​xe
 c:\progra~1\Wanadoo\TaskBarIco​n.exe
 c:\program files\Fichiers communs\Portrait Displays\Shared\HookManager.ex​e
 c:\program files\Fichiers communs\Ahead\Lib\NMIndexStore​Svr.exe
 c:\program files\iPod\bin\iPodService.exe
 c:\program files\Fichiers communs\Ahead\Lib\NMIndexingSe​rvice.exe
 c:\windows\system32\wscntfy.ex​e
 c:\windows\system32\wbem\wmiap​srv.exe
 c:\program files\iTunes\iTunes.exe
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2009-01-15 13:37:04 - La machine a redémarré [Marie]
 ComboFix-quarantined-files.txt  2009-01-15 12:36:56
 ComboFix2.txt  2009-01-14 20:48:20
 ComboFix3.txt  2009-01-12 20:24:53

 Avant-CF: 110 272 774 144 octets libres
 AprÞs-CF: 110,253,924,352 octets libres

 Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=1,2,3,4,5
 840 --- E O F --- 2009-01-14 14:22:49




 



a-squared 4.0.0.73 2009.01.15 -
 AhnLab-V3 2009.1.15.0 2009.01.15 -
 AntiVir 7.9.0.54 2009.01.15 -
 Authentium 5.1.0.4 2009.01.15 -
 Avast 4.8.1281.0 2009.01.15 -
 AVG 8.0.0.229 2009.01.15 -
 BitDefender 7.2 2009.01.15 -
 CAT-QuickHeal 10.00 2009.01.15 -
 ClamAV 0.94.1 2009.01.15 -
 Comodo 932 2009.01.15 -
 DrWeb 4.44.0.09170 2009.01.15 -
 eSafe 7.0.17.0 2009.01.15 -
 eTrust-Vet 31.6.6309 2009.01.15 -
 F-Prot 4.4.4.56 2009.01.15 -
 F-Secure 8.0.14470.0 2009.01.15 -
 Fortinet 3.117.0.0 2009.01.15 -
 GData 19 2009.01.15 -
 Ikarus T3.1.1.45.0 2009.01.15 -
 K7AntiVirus 7.10.584 2009.01.09 -
 Kaspersky 7.0.0.125 2009.01.15 -
 McAfee 5495 2009.01.14 -
 McAfee+Artemis 5495 2009.01.14 -
 Microsoft 1.4205 2009.01.15 -
 NOD32 3769 2009.01.15 -
 Norman 5.93.01 2009.01.15 -
 nProtect 2009.1.8.0 2009.01.15 -
 Panda 9.5.1.2 2009.01.14 -
 Prevx1 V2 2009.01.15 -
 Rising 21.12.32.00 2009.01.15 -
 SecureWeb-Gateway 6.7.6 2009.01.15 -
 Sophos 4.37.0 2009.01.15 -
 Sunbelt 3.2.1831.2 2009.01.09 -
 Symantec 10 2009.01.15 -
 TheHacker 6.3.1.4.220 2009.01.14 -
 TrendMicro 8.700.0.1004 2009.01.15 -
 VBA32 3.12.8.10 2009.01.14 -
 ViRobot 2009.1.15.1560 2009.01.15 -
 VirusBuster 4.5.11.0 2009.01.15 -




 



OTViewIt logfile created on: 15/01/2009 17:41:23 - Run
 OTViewIt by OldTimer - Version 1.0.21.0     Folder = C:\Documents and Settings\Marie\Bureau
 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
 Internet Explorer (Version = 7.0.5730.13)
 Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 511,48 Mb Total Physical Memory | 60,60 Mb Available Physical Memory | 11,85% Memory free
 1,22 Gb Paging File | 0,69 Gb Available in Paging File | 56,45% Paging File free
 Paging file location(s): C:\pagefile.sys 0 0;
 
 %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
 Drive C: | 149,04 Gb Total Space | 102,80 Gb Free Space | 68,98% Space Free | Partition Type: NTFS
 D: Drive not present or media not loaded
 E: Drive not present or media not loaded
 F: Drive not present or media not loaded
 G: Drive not present or media not loaded
 H: Drive not present or media not loaded
 I: Drive not present or media not loaded
 
 Computer Name: MARIE-FF4B17753
 Current User Name: Marie
 Logged in as Administrator.
 
 Current Boot Mode: Normal
 Scan Mode: Current user
 Whitelist: On
 File Age = 30 Days
 
 ========== Processes ==========
 
 [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 [2007/04/25 12:34:44 | 00,073,728 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
 [2004/08/23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.ex​e
 [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
 [2007/02/15 13:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
 [2006/03/02 18:10:32 | 00,564,400 | ---- | M] (Contrôle Parental) -- C:\Program Files\Controle Parental\bin\optproxy.exe
 [2007/08/02 19:13:16 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.e​xe
 [2005/12/14 17:06:00 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
 [2004/10/05 16:00:12 | 00,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\Wanadoo\TaskBarIcon.exe
 [2006/11/22 02:08:57 | 00,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
 [2007/02/06 00:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
 [2004/03/04 16:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\driv​ers\w32x86\3\hpztsb10.exe
 [2007/04/25 12:36:36 | 00,280,064 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
 [2007/04/25 12:33:58 | 00,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.ex​e
 [2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.ex​e
 [2007/06/04 18:02:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0350Mon.exe
 [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
 [2006/11/03 08:59:20 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
 [2007/08/21 09:16:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 [2007/01/15 16:14:54 | 00,147,456 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.​exe
 [2008/12/16 09:31:31 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
 [2008/11/13 21:06:12 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdat​e.exe
 [2007/01/15 16:13:50 | 01,208,320 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStore​Svr.exe
 [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
 [2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingSe​rvice.exe
 [2008/04/14 03:34:29 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.ex​e
 [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
 [2008/12/18 09:49:30 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
 [2007/10/18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
 [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
 [2007/06/07 14:10:52 | 00,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
 [2009/01/15 17:41:02 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marie\Bureau\OTViewIt​.exe
 
 ========== (O23) Win32 Services ==========
 
 [2007/06/12 20:56:12 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
 [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe -- (Apple Mobile Device [Auto | Running])
 [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Frame​work\v2.0.50727\aspnet_state.e​xe -- (aspnet_state [On_Demand | Stopped])
 [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Frame​work\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_3​2 [On_Demand | Stopped])
 [2007/04/25 12:34:44 | 00,073,728 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC [Auto | Running])
 [2004/08/23 13:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.ex​e -- (FTRTSVC [Auto | Running])
 [2007/08/20 08:18:50 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe -- (gusvc [On_Demand | Stopped])
 [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1​050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
 [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
 [2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
 [2007/05/26 09:51:42 | 00,068,096 | ---- | M] () -- C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
 [2007/01/15 17:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
 [2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingSe​rvice.exe -- (NMIndexingService [On_Demand | Running])
 [2007/02/15 13:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [Auto | Running])
 [2006/03/02 18:10:32 | 00,564,400 | ---- | M] (Contrôle Parental) -- C:\Program Files\Controle Parental\bin\optproxy.exe -- (OPTENET_FILTER [Auto | Running])
 [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
 File not found --  -- (PAVFNSVR [Auto | Stopped])
 File not found --  -- (PavPrSrv [Auto | Stopped])
 File not found --  -- (PAVSRV [Auto | Stopped])
 [2007/08/02 19:13:16 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.e​xe -- (PnkBstrA [Auto | Running])
 File not found --  -- (PSIMSVC [Auto | Stopped])
 [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
 [2008/01/18 00:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8​\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
 [2008/04/17 18:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b​\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped])
 [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
 [2006/11/03 08:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
 
 ========== Driver Services ==========
 
 [2003/09/11 08:43:04 | 00,504,832 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3x​Hybrid.sys -- (3xHybrid [On_Demand | Stopped])
 [2005/12/16 12:50:00 | 03,842,560 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\al​cxwdm.sys -- (ALCXWDM [On_Demand | Running])
 [2008/04/14 02:54:29 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\am​dk7.sys -- (AmdK7 [System | Running])
 [2007/12/28 11:10:22 | 00,278,728 | ---- | M] () -- C:\WINDOWS\system32\drivers\at​ksgt.sys -- (atksgt [Auto | Running])
 [2001/08/17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc.              ) -- C:\WINDOWS\system32\drivers\fe​tnd5.sys -- (FETNDIS [On_Demand | Running])
 [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GE​ARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
 [2008/04/14 03:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kb​dhid.sys -- (kbdhid [System | Running])
 [2006/06/15 20:51:11 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\li​rsgt.sys -- (lirsgt [Auto | Running])
 [2008/04/13 19:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nm​nt.sys -- (nm [On_Demand | Stopped])
 [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv​4_mini.sys -- (nv [On_Demand | Running])
 [2008/04/13 19:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nw​lnkipx.sys -- (NwlnkIpx [Auto | Running])
 [2004/08/05 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nw​lnknb.sys -- (NwlnkNb [Auto | Running])
 [2004/08/05 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nw​lnkspx.sys -- (NwlnkSpx [Auto | Running])
 [2003/08/04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.S​YS -- (PCANDIS5 [On_Demand | Stopped])
 [2002/11/11 18:52:54 | 00,006,400 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\system32\drivers\pc​tvvbi.sys -- (pctvvbi [On_Demand | Running])
 [2007/04/24 10:49:34 | 00,011,776 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\system32\drivers\pd​iddcci.sys -- (pdiddcci [On_Demand | Running])
 [2006/11/16 17:20:48 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\system32\drivers\Pd​iPorts.sys -- (PdiPorts [On_Demand | Running])
 [2002/06/17 13:09:56 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pf​c.sys -- (Pfc [On_Demand | Running])
 [2006/11/08 08:02:34 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\po​int32.sys -- (Point32 [On_Demand | Running])
 [2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\pt​ilink.sys -- (Ptilink [On_Demand | Running])
 [2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\px​help20.sys -- (PxHelp20 [Boot | Running])
 [2004/08/05 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ro​otmdm.sys -- (ROOTMODEM [On_Demand | Running])
 [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\se​cdrv.sys -- (Secdrv [Auto | Running])
 [2008/10/28 14:33:45 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp​td.sys -- (sptd [Boot | Running])
 [2005/12/22 11:24:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss​cdbus.sys -- (sscdbus [On_Demand | Stopped])
 [2005/12/22 11:24:52 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss​cdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
 [2005/12/22 11:24:52 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss​cdmdm.sys -- (sscdmdm [On_Demand | Stopped])
 [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ss​mdrv.sys -- (ssmdrv [System | Running])
 [2005/08/30 16:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss​_bus.sys -- (ss_bus [On_Demand | Stopped])
 [2005/08/30 16:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss​_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
 [2005/08/30 16:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss​_mdm.sys -- (ss_mdm [On_Demand | Stopped])
 [2006/07/24 15:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\St​arOpen.sys -- (StarOpen [System | Running])
 [2000/11/10 18:02:30 | 00,105,544 | ---- | M] (STMicroelectronics                                          ) -- C:\WINDOWS\system32\drivers\ST​V680.SYS -- (STV680 [On_Demand | Stopped])
 [2008/06/20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tc​pip6.sys -- (Tcpip6 [System | Running])
 [2008/04/13 19:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tu​nmp.sys -- (tunmp [On_Demand | Running])
 [2008/04/13 11:45:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\US​BAUDIO.sys -- (usbaudio [On_Demand | Running])
 [2007/06/10 18:01:02 | 00,142,656 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0​350Afx.sys -- (VF0350Afx [On_Demand | Running])
 [2007/03/05 11:45:04 | 00,007,424 | R--- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\V0​350Vfx.sys -- (VF0350Vfx [On_Demand | Running])
 [2007/05/10 18:02:00 | 00,170,368 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0​350Vid.sys -- (VF0350Vid [On_Demand | Running])
 [2004/08/05 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws​2ifsl.sys -- (WS2IFSL [System | Running])
 
 ========== (R ) Internet Explorer ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Main]
 "Default_Page_URL"=http://go.m​icrosoft.com/fwlink/?LinkId=69​157
 "Default_Search_URL"=http://go​.microsoft.com/fwlink/?LinkId=​54896
 "Default_Secondary_Page_URL"=
 "Extensions Off Page"=about:NoAdd-ons
 "Local Page"=%SystemRoot%\system32\bl​ank.htm
 "Search Page"=http://go.microsoft.com/​fwlink/?LinkId=54896
 "Security Risk Page"=about:SecurityRisk
 "Start Page"=http://go.microsoft.com/​fwlink/?LinkId=69157
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Search]
 "CustomizeSearch"=http://ie.se​arch.msn.com/{SUB_RFC1766}/src​hasst/srchcust.htm
 "SearchAssistant"=http://ie.se​arch.msn.com/{SUB_RFC1766}/src​hasst/srchasst.htm
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\Main]
 "Local Page"=C:\WINDOWS\system32\blan​k.htm
 "Page_Transitions"=
 "Search Page"=http://www.microsoft.com​/isapi/redir.dll?prd=ie&ar=ies​earch
 "SearchMigratedDefaultName"=MS​N Search
 "SearchMigratedDefaultURL"=htt​p://search.msn.fr/spresults.as​px?q={searchTerms}
 "Start Page"=http://www.google.fr/ig?​hl=fr
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\SearchURL]
 ""=http://www.microsoft.com/is​api/redir.dll?prd=ie&ar=iesear​ch
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\URLSearchHooks]
 "{08C06D61-F1F3-4799-86F8-BE1A​89362C85}" (HKLM) -- C:\Program Files\Wanadoo\SearchPageURL.dl​l ()
 "{CFBFAE00-17A6-11D0-99CB-00C0​4FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dl​l (Microsoft Corporation)
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Internet Settings]
 "ProxyEnable" = 0
 "ProxyOverride" = *.local
 
 ========== (O1) Hosts File ==========
 
 HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\et​c\Hosts
 First 25 entries...
 127.0.0.1       localhost
 
 ========== (O2) BHO's ==========
 
 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\]
 {18DF081C-E8AD-4283-A596-FA578​C2EBDC3} (HKLM) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelperShim.dll (Adobe Systems Incorporated)
 {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
 {9030D464-4C02-4ABF-8ECC-51647​60863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
 {AA58ED58-01DD-4d91-8333-CF105​77473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dl​l (Google Inc.)
 {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNoti​fier\3.1.807.1746\swg.dll (Google Inc.)
 {DBC80044-A445-435b-BC74-9C25C​1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
 {E7E6F031-17CE-4C07-BC86-EABFE​594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs​\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
 
 ========== (O3) Toolbars ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\ToolBar]
 "{2318C2B1-4965-11d4-9B18-0090​27A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dl​l (Google Inc.)
 
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\ShellBrowser]
 "{42CDD1BF-3FFB-4238-8AD1-7859​DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
 "{C4069E3A-68F1-403E-B40E-2006​6696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
 "{2318C2B1-4965-11D4-9B18-0090​27A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dl​l (Google Inc.)
 "{42CDD1BF-3FFB-4238-8AD1-7859​DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
 "{BC4FFE41-DE9F-46FA-B455-AAD4​9B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
 "{D554D8FC-B36D-4BB4-93DB-4A33​94D505E3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
 "{EF99BD32-C1FB-11D2-892F-0090​271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
 
 ========== (O4) Run Keys ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
 "DT HPW"=C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder (Portrait Displays, Inc)
 "HPDJ Taskbar Utility"=C:\WINDOWS\system32\s​pool\drivers\w32x86\3\hpztsb10​.exe (HP)
 "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
 "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
 "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
 "QuickTime T


May CastleCops live forever in our memories.
curson
Débutant confirmé (de 1 000 à 4 999 messages postés)
  1. Posté le 15/01/2009 à 18:14:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 Poste les rapports de OTViewIt dans des messages différents.

 Je te donnerai la suite de la procédure demain.

 Page :
1

Aller à :
 

Sujets relatifs
Plus de sujets relatifs à : Trojan.DNSchanger

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
affichage intempestif avec google (arrete) 13
infection myway-myweb search 11
ordinateur infecté par plusieurs virus 17
Perflib_Perfdata_ 8
Virus/trojan : vire avast, empeche install nouveau antivirus 35