Virus ne veut pas se suprimé

Hello Almontacer

Commence par m envoyer un rapport HijackThis, fais ce qui suit :

Télécharge hijackthis sur ton Bureau.


Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.

Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .

Puis clique sur "Do a system scan and save a logfile"

Ferme HijackThis et fais un copier-coller du rapport en entier et poste le ici en réponse.

Note : le rapport se trouve dans C:\Program Files\Trend Micro\HijackThis

Tuto : "générer un rapport" http://pageperso.aol.fr/balltrap34/demohijack.htm

@ suivre.

merci pour ton aide
voici le rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:32, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.blingo.com/search?q=blingo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/search?q=blingo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.blingo.com/friends?ref=k0mqBd7jWXVZ_ysP80cjUOrMT2A
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {583C122D-26BC-419D-BEE2-E7CB8AD6986B} - C:\WINDOWS\system32\nnnkJDwT.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D75034FB-2333-4CB0-B30B-6543BA777E98} - C:\WINDOWS\system32\nnnnLdde.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [System Updater Machine] system.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System Updater Machine] system.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O20 - Winlogon Notify: nnnkJDwT - C:\WINDOWS\SYSTEM32\nnnkJDwT.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
End of file - 7706 bytes

encor merci pour ton aide

mon nod35 detect toujour le virus

voici le nouveau rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:34, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.blingo.com/search?q=blingo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/search?q=blingo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.blingo.com/friends?ref=k0mqBd7jWXVZ_ysP80cjUOrMT2A
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {583C122D-26BC-419D-BEE2-E7CB8AD6986B} - C:\WINDOWS\system32\nnnkJDwT.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0CDAB24-EE86-4019-A61A-FF525D5F8E18} - C:\WINDOWS\system32\nnnnLdde.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O20 - Winlogon Notify: nnnkJDwT - C:\WINDOWS\SYSTEM32\nnnkJDwT.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
End of file - 7211 bytes


voici le rapport de SDFix



[b]SDFix: Version 1.181
Run by Almontacer on 09/05/2008 at 22:06

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\SYSTEM.EXE - Deleted
C:\m.exe - Deleted
C:\WINDOWS\b153.exe - Deleted
C:\Documents and Settings\Almontacer\Application Data\addon.dat - Deleted
C:\Windows.exe - Deleted
C:\WINDOWS\system32\system.exe - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted



Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\xInsIDE - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed


Removing Temp Files

[b]ADS Check :



[b]Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-05-09 22:25:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpoli­cy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable­d:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:dna"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpoli­cy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable­d:@xpsp2res.dll,-22019"

[b]Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes :

Sun 30 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Wed 7 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT1AA.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT1B1.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT1B9.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1A9.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT1B2.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT1AD.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8f3e004a562e1247e8b254b9e4fee21c\BIT134.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT1B5.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT1B0.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6e228e44f2018dd79eeb427a0b47d06\BIT1D5.tmp­"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT1B3.tmp­"

[b]Finished!

Re

Il nous reste deux dll pas sympas :
C:\WINDOWS\system32\nnnkJDwT.dll et C:\WINDOWS\system32\nnnnLdde.dll

Peux tu faire cela stp

1) Rends toi sur VIRUS TOTAL http://www.virustotal.com/fr/

* Clique sur "parcourir" : C:\WINDOWS\system32\nnnkJDwT.dll

* Recherche le fichier à analyser, puis clique ensuite sur "send".

Il faut patienter car tu es sur une file d'attente.
Le rapport ne sera complet que lorsque tu verras la mention "FINISHED"sur la droite.

Dépose le dans ta prochaine réponse.

Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

Note : Il est possible que tu es besoin d'avoir accès aux dossiers et fichiers cachés, pour cela "Affiche les dossiers cachés" Aide toi de B ) ici http://forum.pcastuces.com/sujet.asp?f=25&s=3902 si besoin.

Fais de même pour C:\WINDOWS\system32\nnnnLdde.dll

Et poste les deux rapports puis on les eliminera ensemble.

2) Envoie ces deux dll sur http://www.bleepingcomputer.com/submit-malware.php?channel=4

Merci.

@ suivre.

je suis vrémaint désole pour le derangemenet et encoe merci
sur www.virustotal.com/fr/ il mon dit que le fichier a déjà été analysé mais quan j'ai cliqué sur reanalyse
il mon afficher le rappot

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.09 TR/Vundo.Gen
Authentium 4.93.8 2008.05.08 -
Avast 4.8.1169.0 2008.05.07 Win32:TratBHO
AVG 7.5.0.516 2008.05.08 Vundo.O
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.09 -
ClamAV 0.92.1 2008.05.09 Trojan.Vundo-2787
DrWeb 4.44.0.09170 2008.05.09 -
eSafe 7.0.15.0 2008.05.09 -
eTrust-Vet 31.4.5771 2008.05.08 Win32/Vundo!generic
Ewido 4.0 2008.05.09 -
F-Prot 4.4.2.54 2008.05.08 -
F-Secure 6.70.13260.0 2008.05.09 W32/Vundo.dam
Fortinet 3.14.0.0 2008.05.10 W32/Virtum!tr
Ikarus T3.1.1.26.0 2008.05.09 Win32.Rigel.6468
Kaspersky 7.0.0.125 2008.05.10 Trojan.Win32.Monder.gen
McAfee 5291 2008.05.08 -
Microsoft 1.3408 2008.05.10 Trojan:Win32/Vundo.gen!D
NOD32v2 3090 2008.05.09 -
Norman 5.80.02 2008.05.08 Vundo.gen167
Panda 9.0.0.4 2008.05.09 Spyware/Virtumonde
Prevx1 V2 2008.05.10 Cloaked Malware
Rising 20.43.42.00 2008.05.09 -
Sophos 4.29.0 2008.05.09 Mal/Generic-A
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.09 -
TheHacker 6.2.92.305 2008.05.08 Trojan/Monder.gen
VBA32 3.12.6.5 2008.05.08 -
VirusBuster 4.3.26:9 2008.05.09 -
Webwasher-Gateway 6.6.2 2008.05.09 Trojan.Vundo.Gen
Information additionnelle
File size: 42496 bytes
MD5...: 77b5a78bf5597375a4e7dccecc26cfcc
SHA1..: 510262030f334a59fc8e23b527497dc3069c8020
SHA256: 95c105b86426269b11a751f443d32ea1960820fa83f2c356c41060fe8465e007
SHA512: bd0c806b8f1acbd403663de41b48f07568a68fcb569edd4fc8deb2f62af61e37
3acf2d0548ef2a260b4edc879105759af26e08b5e141b6800050fd20a16a4f8d
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100060dc
timedatestamp.....: 0x71fe32f2 (Fri Aug 09 05:43:14 2030)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e000 0x5600 7.75 4ade69ad8c77fcf5aa85c02896fb651e
.data 0x1f000 0x5000 0x4200 7.97 0cba38dc4467647ed61338acb2cbfb0a
.rdata 0x24000 0x1000 0x400 5.81 d89b7a22346b670d98c33f26ef4bbd28
.idata 0x25000 0x1000 0x600 3.04 7ed5227698d4668113c1954b7a0bc659

( 3 imports )
> user32.dll: EnableWindow, CreateMDIWindowA, CreateDesktopW, CopyRect, wsprintfA
> kernel32.dll: SetCurrentDirectoryA, lstrcpynA, lstrcmpiA, lstrcatA, WriteFile, Sleep, EnumResourceTypesA, GetModuleHandleA, GetSystemTime, GetSystemTimeAsFileTime, GetTimeFormatA, LeaveCriticalSection, LocalAlloc, MapViewOfFile
> oleaut32.dll: SafeArrayCreate, SetErrorInfo, SysReAllocString, VarBstrCat, SafeArrayAllocDescriptor, OleLoadPicture

( 0 exports )

packers (Kaspersky): PE_Patch
Prevx info: http://info.prevx.com/...

pour C:\WINDOWS\system32\nnnnLdde.dll

quand je clik sue send voila ce quil me donne
0 bytes size received / Se ha recibido un archivo vacio

t la ???

Re

J'avais bougé chez un pote.

Télécharge Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien tant que le scan n'est pas terminé.

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.

Note : Le rapport se trouve également là : C:\Combofix.txt+

@ suivre

re et merci pour ton aide

voila le rapport de ComboFix


ComboFix 08-05-09.1 - Almontacer 2008-05-10 10:33:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.168 [GMT 0:00]
Endroit: C:\Documents and Settings\Almontacer\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\WINDOWS\b151.exe.bin
C:\WINDOWS\system32\eddLnnnn.ini
C:\WINDOWS\system32\eddLnnnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnkJDwT.dll
C:\WINDOWS\system32\ssqQhiHx.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))))))
.

2008-05-09 21:54 . 2008-05-09 21:54 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-09 21:48 . 2008-05-09 22:31 <REP> d-------- C:\SDFix
2008-05-09 21:23 . 2008-05-09 21:23 <REP> d-------- C:\Program Files\Trend Micro
2008-05-06 16:30 . 2008-05-06 16:30 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-02 20:47 . 2008-05-02 20:47 281,600 --a------ C:\WINDOWS\system32\nnnnLdde.Vdll
2008-05-02 20:47 . 2008-05-02 20:47 281,600 --a------ C:\WINDOWS\system32\nnnnLdde.V00dll
2008-05-01 19:53 . 2008-05-04 15:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 19:53 . 2008-05-01 19:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 18:07 . 2008-05-09 20:17 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-05-01 17:40 . 2008-05-09 18:00 <REP> d-------- C:\Program Files\Norton Security Scan
2008-05-01 17:38 . 2008-05-03 13:25 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-04-28 12:35 . 2008-04-28 12:35 281,600 --------- C:\WINDOWS\system32\nnnnLdde.dll
2008-04-26 21:13 . 2008-04-27 22:31 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-04-26 18:33 . 2008-04-26 18:33 <REP> d-------- C:\Documents and Settings\Almontacer\Application Data\Apple Computer
2008-04-23 18:06 . 2008-04-23 18:06 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-04-20 19:42 . 2008-04-20 19:42 <REP> d-------- C:\Program Files\LAventure
2008-04-14 12:57 . 2008-04-14 12:57 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-14 12:54 . 2007-04-17 09:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-14 12:54 . 2007-03-08 05:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-14 12:54 . 2008-03-01 12:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-14 12:54 . 2008-03-01 12:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-14 12:54 . 2008-02-22 10:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-14 12:53 . 2008-03-01 12:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-14 12:53 . 2008-03-01 12:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-14 12:53 . 2008-03-01 12:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-14 12:53 . 2008-03-01 12:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 16:54 . 2008-04-12 16:54 <REP> d-------- C:\WINDOWS\Sun
2008-04-11 15:46 . 2008-04-11 15:47 <REP> d-------- C:\WINDOWS\Fichiers d'installation de Windows Update
2008-04-11 15:46 . 2008-04-11 15:46 5,730 --a------ C:\WINDOWS\Active Setup Log.BAK

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 10:41 --------- d-----w C:\Documents and Settings\Almontacer\Application Data\BitTorrent DNA
2008-05-07 16:21 --------- d-----w C:\Documents and Settings\Almontacer\Application Data\BitTorrent
2008-04-14 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-11 15:50 --------- d-----w C:\Program Files\Menara
2008-03-30 22:59 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-30 22:52 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-30 10:57 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 18:17 --------- d-----w C:\Program Files\Audacity
2008-03-18 11:10 --------- d-----w C:\Program Files\Shareaza
2008-03-18 10:16 --------- d-----w C:\Documents and Settings\Almontacer\Application Data\Shareaza
2008-03-16 12:14 --------- d-----w C:\Program Files\Google
2008-03-16 11:18 --------- d-----w C:\Program Files\Windows Live
2008-03-16 11:17 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-16 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-16 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 22:40 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-03-15 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20F438FA-3CA6-40ED-9E1D-C7B4CFF5AE0D}]
2008-04-28 12:35 281600 --------- C:\WINDOWS\system32\nnnnLdde.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 15:19 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2008-02-10 16:31 286016]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-17 19:52 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-10 16:36 949376]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Almontacer^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\Almontacer\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0/u00StTHK]
--a------ 2001-06-23 18:28 24576 C:\WINDOWS\system32\[u]0/u00StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0/u0THotkey]
--a------ 2004-08-11 09:36 253952 C:\WINDOWS\system32\[u]0/u0THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-02-20 13:00 88363 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 2003-10-30 14:46 192512 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-01-26 17:03 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-01-26 17:03 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-09-26 13:43 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2006-07-21 10:00 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
--a------ 2003-08-03 14:01 86073 C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2004-03-30 11:51 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-17 19:52 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
-ra------ 2003-12-02 12:15 73728 C:\WINDOWS\system32\TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMERzCtl.EXE]
--a------ 2004-08-19 14:56 86016 C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE]
--a------ 2004-04-13 10:14 126976 C:\Program Files\TOSHIBA\TME3\TMESRV31.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
--a------ 2003-03-11 11:58 122880 C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2004-06-28 09:39 266240 C:\WINDOWS\system32\TPSMain.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicat­ions\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=