Ordi extremement lent....Fermé

Question

Bonjour à tous.
J'ai de gros problème avec mon ordi il est très lent et apparais plusieurs fenètres de pub.
Je vous mets le raport hijackthis.
Merci de bien vouloir m'aider.
peanut2001.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:57:16, on 2007-07-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\qymgiljy.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfrca7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\vtuvwxy.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32	svceucj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E8148571-AEFC-421C-A675-4B34A5A1D01A} - C:\WINDOWS\system32\pmkjh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ImInstaller_Magentic] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product Magentic
O4 - HKLM\..\Run: [QuickTime Task] "C:\windows\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\aveynukc.dll",forkonce
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?5581580425ff4ece971c56de912d3dd0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?5581580425ff4ece971c56de912d3dd0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://corbeaublack.wordpress.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll
O20 - Winlogon Notify: vtuvwxy - C:\WINDOWS\SYSTEM32\vtuvwxy.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://images.staracademie.ca/fondsdecran/sa2_800_marting.jpg

wassimous · Answer

Bonjours 


D’abord fais ceci 


1.	NaviFix

Clique sur ce lien : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 
Clique sur navilog1.zip pour télécharger navilog1.exe. 

Choisis Enregistrer 

et enregistre-le sur ton bureau. 

Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le blocnote. 
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

2.	CCleaner

Télécharge ici : 
https://www.ccleaner.com/ccleaner/download 
Tutorial ici: 
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php 
ET 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm     
 
Ensuite lance CCleaner. (verifie que dans "options" puis "avancé" la case "effacer uniquement les fichiers plus vieux que 48h" est bien decoché, si non fais le)


3.GenProc


	Clique sur ce lien : (merci à lazzzy et narco4) 
http://www.alt-shift-return.org/Info/GenProc-HowTo.html 

ensuite, clique sur celui-ci et exécute le tuto du lien ci-dessus 
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip 

Poste le rapport dans ta réponse.

4.	Redémarre normalement et poste : 

copie/coller Un nouveau rapport HijackThis, toutes fenêtres et applications fermées


Rq : t’a pas de pare-feu sur ton ordi, on verra ça par la suite

wassimous · Answer

Bonjours

Avant tout, installe l’un des ces deux pare-feu : 


• Tutorial et configuration de ZoneAlarm : 

https://www.malekal.com/tutoriel-zonealarm-firewall/ (merci Malekal) 

• Tutorial et configuration de Kerio Firewall : 

http://www.malekal.com/kerio_firewall.php (merci Malekal)

Ensuite :

Pour être sûr que l’infection Vundo est bien virée 

1.	Télécharge VundoFix.exe (par Atribune) sur ton Bureau :

http://www.atribune.org/ccount/click.php?id=4 

* Double-clique VundoFix.exe afin de le lancer. 
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo 
* Clique sur le bouton Scan for Vundo. 
* Lorsque le scan est complété, clique sur le bouton Remove Vundo 
* Une invite te demandera si tu veux supprimer les fichiers, clique YES 
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK 
* Démarre ton PC à nouveau. 
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt 

2.	Double-clique VundoFix.exe afin de le lancer. 

* Lorsque l'outil se lance à nouveau, 

* Clique sur le bouton Scan for Vundo. 

* Lorsque le scan est complété, clique sur le bouton Remove Vundo 

* Une invite te demandera si tu veux supprimer les fichiers, clique YES 

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 

* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK 

* Démarre ton PC à nouveau. 

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt 

3.	Télécharge Brute Force Uninstaller (de Merijn) ici: 

http://www.merijn.org/files/bfu.zip

Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)

4.       Ensuite, télécharge Toolbar.bfu (de Chercheur) :

Fais un clik droit ici :

 http://perso.orange.fr/Chercheur-perso/scrïpts/toolbar.bfu 

et choisis "Enregistrer la cible sous..." afin de télécharger Toolbar.bfu (de Chercheur).
Sauvegarde dans le dossier créé (C:\BFU).
**Note : si tu utilises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". 

Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : toolbar.bfu et BFU.exe (très important).

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Tu as une démo animée ici (merci balltrap34):

http://perso.orange.fr/rginformatique/section%20virus/bfu%20demo.htm
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU) 
- Clique sur le petit dossier jaune, et clique sur : Toolbar.bfu
- Coches la case Show log after scrïpt ends 
- Clique sur Execute pour que le fix fasse son boulot :-) Attends que le message Complete scrïpt execution apparaîsse et clique sur OK.
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum.
Clique Exit pour fermer le programme BFU.


Ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Lyonnais92 · Answer

Bonjour,

peanut, quand tu vas télécharger ler toolbar.bfu de chercheur, tu vas avoir page non trouvée erreur 404.

Le bon lien :
http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu

wassimous, c'est un problème des forums aceboard pour empêcher l'exécution de scripts, on ne peut pas y enregistrer le mot. Il faut que tu mémoriuse cela pour changer à chaque utilisation.

Bonne suite à tous les 2.

peanut2001 · Answer

Voici les rapports.




VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 21:10:54 2007-07-31

Listing files found while scanning....

C:\WINDOWS\system32\pmkjh.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 21:44:28 2007-07-31

Listing files found while scanning....

C:\WINDOWS\system32\pmkjh.dll



VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 20:01:25 2007-07-31

Listing files found while scanning....

C:\windows\system32\adriibta.exe
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\pmkjh.dll
C:\windows\system32\qymgiljy.exe
C:\WINDOWS\system32	svceucj.dll
C:\WINDOWS\system32\vtuvwxy.dll

Beginning removal...

 Attempting to delete C:\windows\system32\adriibta.exe
C:\windows\system32\adriibta.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.tmp Has been deleted!

 Attempting to delete C:\windows\system32\qymgiljy.exe
C:\windows\system32\qymgiljy.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32	svceucj.dll
C:\WINDOWS\system32	svceucj.dll Has been deleted!

Performing Repairs to the registry.
Done!


BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 13:14:09, on 2007-08-02

Option Unload Explorer: Yes
Failed: DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Internet Explorer\msimg32.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MSN Messenger\msimg32.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\2.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\3.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\5.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\6.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\7.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\INSTAFINK\instafink.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\RXToolBar\RXToolBar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\RXToolBar\sfcont.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\1.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\2.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\3.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\4.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\5.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\6.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\7.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\8.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\9.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\a.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\b.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\c.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\d.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\e.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\f.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\i.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\l.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\8.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\b.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearchWB\bar\2.bin\NPMYSRWB.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Uninstall My Web Search.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\2.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\3.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\4.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\5.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\bar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\mybar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\installr\1.bin\myezsetp.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\6.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\7.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\8.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\9.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\a.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\b.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\c.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\d.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\1.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\2.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\3.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mywaysa\srchasde\1.bin\desrcas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mywaysa\srchasde\desrcas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\1.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\2.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\3.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\4.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\5.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\6.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\7.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\8.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\9.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\10.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\11.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\i.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\installr\1.bin\s4ezsetp.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\1.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\2.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\3.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\4.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\5.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.4.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.4.1\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.2.1\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.3.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.4.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.3.0b2f.tmp\hbt*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\Bin.7.5.0\HbtWallpaper.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\hbtv\hbtvhelper.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.6.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.11.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.13.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.6.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.9.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.9.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.3.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.6.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.7.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.8.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.6.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.8.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.11.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.13.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.1.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.5.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.6.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.9.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.0.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.2.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.5.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.8.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.9.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.0.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.1.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.3.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.6.1.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\0.4.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.10.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.1.1.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.3.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShoppingReportBin\2.0.21\ShoppingReport.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\SmartShopper\Bin\1.0.9.0\SmrtShpr.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\smartshopper\bin\2.0.1\smrtshpr.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\shoppingreport\shoppingreport.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\SmartShopper\js.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\smartshopper\shoppingreport.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware\bin\starware.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware305\bin\starware305.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware316\bin\starware316.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware343\bin\Starware343.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware354\bin\Starware354.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware370\bin\Starware370.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\minijuegos\bin\minijuegos.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware\bin\dlls\jokester.dll|1 (file not found)
Failed: DllUnregister C:\Program Files	emp\asearchassist.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\adesktopsearch.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\asearchassist.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atl71.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atoolbar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\AToolbarCN.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atts.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\mapidll.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\viewers\AThes.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\gamesbar\oberontb.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\vstoolbar\vstoolbar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\vsadd-in\vsadd-in.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.4.2\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.5.0\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.7.6\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.8.4\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\downloaded program files\hbinstie.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\instafin.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\mwsearch.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\azentretien.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\cpu.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\iasada.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\zsettings.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\azentretien.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iacad.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iasad.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iasada.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\lmhhmbhe.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32
n_bar*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\winats*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\windmy.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\winnb*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\xcite.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\zolk.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\zolker*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\ztoolb*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Uninstall Fun Web Products.dll|1 (file not found)
Failed: DllUnregister C:\Documents and Settings\Propriétaire\Bureau\a7find.dll|1 (file not found)
Failed: DllUnregister C:\Documents and Settings\Propriétaire\Bureau\wmeayl32.dll|1 (file not found)
Failed: DllUnregister C:\msearch.dll|1 (file not found)
Failed: FileDelete %USERPROFILE%\Cookies\*@overture[2].txt (operation failed)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\hbtools (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\hotbar (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\searchtoolbarcorp (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\ShopperReports (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\ShopperReportss (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\SpamBlocker (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\SpamBlockerUtility (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\starware (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\starware305 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\starware316 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\starware343 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\starware354 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\starware370 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Propriétaire\Application Data\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\hbtools (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\ShopperReports (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware305 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware316 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware343 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware354 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware370 (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\shoppingreport (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\SmartShopper (folder not found)
Failed: FolderDelete C:\Program Files\accoona (folder not found)
Failed: FolderDelete C:\Program Files\AskTBar (folder not found)
Failed: FolderDelete C:\Program Files\FunWebProducts (folder not found)
Failed: FolderDelete C:\Program Files\GamesBar (folder not found)
Failed: FolderDelete C:\Program Files\hbinst (folder not found)
Failed: FolderDelete C:\Program Files\hbtools (folder not found)
Failed: FolderDelete C:\Program Files\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Program Files\hotbar (folder not found)
Failed: FolderDelete C:\Program Files\INSTAFIN (folder not found)
Failed: FolderDelete C:\Program Files\INSTAFINK (folder not found)
Failed: FolderDelete C:\Program Files\minijuegos (folder not found)
Failed: FolderDelete C:\Program Files\myglobalsearch (folder not found)
Failed: FolderDelete C:\Program Files\mysearch (folder not found)
Failed: FolderDelete C:\Program Files\MyTotalSearch (folder not found)
Failed: FolderDelete C:\Program Files\myway (folder not found)
Failed: FolderDelete C:\Program Files\mywaysa (folder not found)
Failed: FolderDelete C:\Program Files\MyWebSearch (folder not found)
Failed: FolderDelete C:\Program Files\MyWebSearchWB (folder not found)
Failed: FolderDelete C:\Program Files\Need2Find (folder not found)
Failed: FolderDelete C:\Program Filesxtoolbar (folder not found)
Failed: FolderDelete C:\Program Files\ShopperReports (folder not found)
Failed: FolderDelete C:\Program Files\ShoppingReport (folder not found)
Failed: FolderDelete C:\Program Files\SmartShopper (folder not found)
Failed: FolderDelete C:\Program Files\SpamBlockerUtility (folder not found)
Failed: FolderDelete C:\Program Files\SpamBlockerUtility_Icons (folder not found)
Failed: FolderDelete C:\Program Files\starware (folder not found)
Failed: FolderDelete C:\Program Files\starware305 (folder not found)
Failed: FolderDelete C:\Program Files\starware316 (folder not found)
Failed: FolderDelete C:\Program Files\starware343 (folder not found)
Failed: FolderDelete C:\Program Files\starware354 (folder not found)
Failed: FolderDelete C:\Program Files\starware370 (folder not found)
Failed: FolderDelete C:\Program Files\vsadd-in (folder not found)
Failed: FolderDelete C:\Program Files\vstoolbar (folder not found)
Failed: FolderDelete C:\Program Files\YOUCOULDWINTHIS (folder not found)
Failed: FolderDelete C:\Program Files\8848 (folder not found)
Failed: FileDelete C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFF075.tmp (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\Perflib_Perfdata_648.dat (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT04778.TMP (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT0477b.TMP (operation failed)
Failed: FolderDelete C:\WINDOWS\Temp\_avast4_ (operation failed)
Script completed.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:20:23, on 2007-08-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfrca7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FCE7CD39-D473-440C-9F32-C4814C1CBE84} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?5581580425ff4ece971c56de912d3dd0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?5581580425ff4ece971c56de912d3dd0
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://corbeaublack.wordpress.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll (file missing)
O20 - Winlogon Notify: vtuvwxy - vtuvwxy.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://images.staracademie.ca/fondsdecran/sa2_800_marting.jpg

wassimous · Answer

Bonjours 
Voila ce qu’on a à faire :
1)	Relance HijackThis. 

Choisis Do a scan only 

Coche la case devant les lignes suivantes 

•	O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
•	O2 - BHO: (no name) - {FCE7CD39-D473-440C-9F32-C4814C1CBE84} - C:\WINDOWS\system32\pmkjh.dll (file missing)
•	O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
•	O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
•	O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
•	O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
•	O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
•	O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll (file missing)
•	O20 - Winlogon Notify: vtuvwxy - vtuvwxy.dll (file missing)

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur. 

Clique sur fix checked. 

Ferme Hijackthis.

2)	Ensuite assure-toi que tu as accès aux fichiers cachés.
 
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage 
"Afficher les fichiers et dossiers cachés" ->coché 
"Masquer les extensions des fichiers dont le type est connu" ->décoché) 

Et cherche-moi ce fichier (avec ton chercheur explorateur):
PowerReg Scheduler.exe
Tu le trouve probablement à cette adresse 
C:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage

Si tu le trouve :
Va sur ce site : http://www.virustotal.com/en/indexf.html.. 

1\ Clique sur "Distribute" une fois pour obtenir un trait rouge barrant l'icône. 

2\ Clique ensuite sur le bouton [b"Parcourir..."[/b] puis sélectionne le fichier recherché:
 
3\ Pour finir, clique sur "Send" pour faire analyser le fichier, 

Dis moi ensuite le résultat en fesant un copier/coller , ainsi que l’adresse du fichier

1)	Redémarre ton Ordi  et copie/colle  un nouveau log Hijackthis !

2)	Aussi, si tu a fais passer  les outils cités par GenProc (VundoFix, BFU…) avant que je demande de le faire, et que tu garde toujours leurs rapports, colle les dans ta prochaine réponse.

Et on passera par la suite au problème de ralentissement,

peanut2001 · Answer

Salut merci de ta patience, quand je clique sur le lien http://www.virustotal.com/en/indexf.html.. j'ai error 404 le lien n'est plus bon...

Lyonnais92 · Answer

Bonsoir,

le lien a changé récemment :
https://www.virustotal.com/gui/ désormais.

Bonne suite.

peanut2001 · Answer

Voici le résultat.
File PowerReg_Scheduler.exe received on 08.03.2007 01:50:40 (CET)Antivirus Version Last Update Result 
AhnLab-V3 2007.8.3.0 2007.08.02 - 
AntiVir 7.4.0.57 2007.08.02 - 
Authentium 4.93.8 2007.08.02 - 
Avast 4.7.1029.0 2007.08.02 - 
AVG 7.5.0.476 2007.08.02 - 
BitDefender 7.2 2007.08.03 Application.Powerreg.Scheduler.C 
CAT-QuickHeal 9.00 2007.08.01 - 
ClamAV 0.91 2007.08.02 - 
DrWeb 4.33 2007.08.02 - 
eSafe 7.0.15.0 2007.07.31 - 
eTrust-Vet 31.1.5028 2007.08.03 - 
Ewido 4.0 2007.08.02 - 
FileAdvisor 1 2007.08.03 High threat detected 
Fortinet 2.91.0.0 2007.08.02 Misc/Powerreg 
F-Prot 4.3.2.48 2007.08.02 - 
F-Secure 6.70.13030.0 2007.08.02 - 
Ikarus T3.1.1.8 2007.08.02 - 
Kaspersky 4.0.2.24 2007.08.03 - 
McAfee 5089 2007.08.02 - 
Microsoft 1.2704 2007.08.03 Program:Win32/PowerRegScheduler 
NOD32v2 2434 2007.08.02 - 
Norman 5.80.02 2007.08.02 - 
Panda 9.0.0.4 2007.08.02 Application/PRScheduler 
Prevx1 V2 2007.08.03 - 
Rising 19.34.32.00 2007.08.02 - 
Sophos 4.19.0 2007.08.01 - 
Sunbelt 2.2.907.0 2007.08.03 - 
Symantec 10 2007.08.03 - 
TheHacker 6.1.7.160 2007.08.01 Trojan/Powerreg 
VBA32 3.12.2.2 2007.08.01 - 
VirusBuster 4.3.26:9 2007.08.02 - 
Webwasher-Gateway 6.0.1 2007.08.02 - 
 
Additional information 
File size: 256000 bytes 
MD5: 748492545412b161e3b1fd4d1b40f620 
SHA1: c429b4694d0cee3501fa255905a0a9bd2753da15 
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=748492545412b161e3b1fd4d1b40f620 

Je ne sais pas si c'est cela que tu veut   C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage

peanut2001 · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:15:33, on 2007-08-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfrca7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?5581580425ff4ece971c56de912d3dd0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?5581580425ff4ece971c56de912d3dd0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://corbeaublack.wordpress.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://images.staracademie.ca/fondsdecran/sa2_800_marting.jpg

wassimous · Answer

Re, 
désolé pour le lien « Merci Lyonnais » j’été pas au courant.

pour le log HijackThis ça va beaucoup mieu

1) Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
et sauvegarde le sur ton bureau et pas ailleurs! 

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider. 
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.


•	Relance HijackThis. 

Choisis Do a scan only 

Coche la case devant la ligne suivante

O4 - Startup: PowerReg Scheduler.exe

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur. 

Clique sur fix checked. 

Ferme Hijackthis.

•	Ensuite supprime le fichier PowerReg Scheduler.exe (dont tu connais le chemin) si il existe encore.
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage

•	Rend toi dans démarrer ---> exécuter et tape "msconfig" (sans les guillemets) Puis dans l'onglet démarrage, décoche la case correspondant à PowerReg Scheduler


Redémarre, fais un nouveau scan hijackthis puis poste le rapport.

peanut · Answer

ComboFix 07-08-03.4 - "Propri‚taire" 2007-08-03 11:00:36.1 [GMT -4:00] - NTFS Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.3084.18.Vrai * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\hosts D:\Autorun.inf ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 ))))))))))))))))))))))))))))))) 2007-08-03 10:58 51,200 --a------ C:\WINDOWS ircmd.exe 2007-08-02 13:00 d----c--- C:\BFU 2007-07-31 20:01 d----c--- C:\VundoFix Backups 2007-07-30 10:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-07-30 10:44 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-07-30 10:43 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-07-30 10:43 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-07-30 10:43 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-07-30 10:43 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-07-30 10:43 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-07-30 10:43 221,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-30 10:43 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-07-30 10:43 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-07-30 10:43 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-07-30 10:42 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-07-30 10:41 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-07-30 10:41 d-------- C:\WINDOWS\system32\ZoneLabs 2007-07-30 10:40 d-------- C:\WINDOWS\Internet Logs 2007-07-28 18:26 d-------- C:\Program Files\CCleaner 2007-07-28 16:45 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-28 16:44 d-------- C:\Program Files\Navilog1 2007-07-25 21:16 d-------- C:\WINDOWS\BDOSCAN8 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-03 11:13 3644 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-28 18:28 --------- d-------- C:\Program Files\Yahoo! 2007-07-28 16:29 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\HP 2007-06-26 20:13 --------- d-------- C:\Program Files\MSN Messenger 2007-06-21 07:07 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM 2007-06-20 22:16 --------- d-------- C:\Program Files\Windows Live Toolbar 2007-06-20 22:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ArcSoft 2007-06-20 22:00 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Panasonic 2007-06-20 21:47 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-06-20 21:47 --------- d-------- C:\Program Files\ArcSoft 2007-06-20 21:44 --------- d-------- C:\Program Files\ISL 2007-06-20 21:40 --------- d-------- C:\Program Files\Panasonic 2007-06-04 10:25 56490 --a--c--- C:\WINDOWS\system32\perfc00C.dat 2007-06-04 10:25 430582 --a--c--- C:\WINDOWS\system32\perfh00C.dat 2007-05-16 11:13 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 11:13 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 11:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 11:13 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 11:13 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 11:13 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-04 08:59 3085312 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05] "KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56] "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01] "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 03:19] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2004-09-03 23:04] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 02:01] "IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2006-10-31 15:06] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 07:33] "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 09:31] [HKEY_USERS\.default\software\microsoft\windows\currentversion un] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ PowerReg Scheduler.exe [2005-04-24 14:37:20] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys R3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys S3 QCMerced;Logitech QuickCam Messenger;C:\WINDOWS\system32\DRIVERS\LVCM.sys S3 QV2KUX;Appareil photo num‚rique Casio;C:\WINDOWS\system32\DRIVERS\qv2kux.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys S3 ZSMC302;USB(VGA) Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys Contents of the 'Scheduled Tasks' folder 2007-06-08 14:19:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-08-02 20:03:00 C:\WINDOWS\Tasks\Calendrier Microsoft Works.job - C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\WksCal.exe 2007-08-03 00:36:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-03 11:15:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU] "FlushCacheFiles"=str(7):"\x6264\2\xb900b2\0\xfff0\xffff\x9020\x160\x1020\x161\x3033\x5434\xffe0\xffff\x6b76\b\16\0\x6740c\1\0\0014\x7041\x4770\x6172\x6564\xffe8\xffffApartment\0\xfff8\xffff\xb860b\xffe8\xffffstdout\0\0\0\x540f\xffe8\xffff\x6b76\0N\0\x52e8\x11d\1\0\0\x1652\xffd0\xffff\x6b76\21\4\x8000\0\0\4\0\1b\x6e41\x6974\x6956\x7572\x4f73\x6576\x7272\x6469e\0\xfc10\0\xffe8\xffff\x6b76\0N\0\xb638\xbc\1\0\0\x540f\xffe8\xffff\x6b76\0&\0\xb6f8\xbc\1\0\0\x6564\xfff0\xffff1.0\0\x1948\31\xfff0\xffff\x6210\x127\x63b8\x127\x3032\x3030\xfff0\xffff\x42b8\xa4\x2e98\xcb\xf575\x540f\xffa0\xffff\x6b6e \xb976\x9e22\x8763\x1c3\0\0\x9078_\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\0\0\0\0\0\0\0\0\0\0\f\0\x4f50\x4557\x5052\x544e\x452e\x4558\x6b53\x6e69\xffa0\xffff\x6b6e \xb976\x9e22\x8763\x1c3\0\0\x9078_\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\0\0\0\0\0\0\0\0\x330\0\v\0\x4957\x574e\x524f\x2e44\x5845\x5645\x8b31\x1c2\xff98\xffff\x6b6e \xb976\x9e22\x8763\x1c3\0\0\x2610j\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\0\0\0\0\0\0\0\0\x88\0\24\0\x6853\x6d69\x6c44\x496c\x636e\x756c\x6973\x6e6f\x694c\x7473{B\xff98\xffff\x6b6e \xb976\x9e22\x8763\x1c3\0\0\x2610j\3\0\0\0\x7308#\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\30\0\0\0\0\0\0\0\0\0\24\0\x6853\x6d69\x6c44\x456c\x6378\x756c\x6973\x6e6f\x694c\x7473\xbd68b\xffa0\xffff\x6b6e \xb976\x9e22\x8763\x1c3\0\0\xbb38b\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\0\0\0\0\0\0\0\0\0\0\f\0\x4d46\x4c50\x5941\x5245\x442e\x4c4c\x6b76\0\xfff8\xffff\xefe0b\xfff8\xffff\xeaa0b\xffa0\xffff\x6b6e \xb976\x9e22\x8763\x1c3\0\0\xbb38b\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\0\0\0\0\0\0\0\0\xbba0b\v\0\x5748\x5541\x4944\x2e4f\x4c44L\x6b6e \xffa0\xffff\x6b6e \xb976\x9e22\x8763\x1c3\0\0\xbb38b\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\0\0\0\0\0\0\0\0\x4d57\x5450 \0\x4158\x5443\x504d\x442e\x4c4c\x7267\x312e\0\xff98\xffffC:\Program Files\Windows Media Player\mpvis.dll\0F1\xffa8\xffff\x6b6e \xd264\x9d8c\x4298\x1c7\0\0\x5a50j\1\0\0\0\xbd90b\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\24\0\0\0\0\0\0\0h\0\a\0\x6c41\x6863\x6d65\x179\xfff0\xffff\x686c\1\x0be8d\xe141\xc736\xffb8\xffffres://mpvis.dll/RT_STRING/#100\0d\xe141\xc736\xff80\xffff\x6b6e \x40b8\x5397\x8b31\x1c2\0\0\x3b0\0\2\0\0\0\xbfd0b\xffff\xffff\1\0\xbec8b\x1e0\0\xffff\xffff\f\0\0\0\0\0B\0\0\0/\0\x4d57\x4153\x6d64\x6e69\x6f43\x6d6d\x6e6f\x654e\x5374\x756f\x6372\x2e65\x4d57\x4153\x6d64\x6e69\x6f43\x6d6d\x6e6f\x654e\x5374\x756f\x6372e\xffe8\xffff\x6b76\0B\0\xbe80b\1\0\0\0\xffb8\xffffWMS Common NetSource Admin class\0\0\xfff8\xffff\xbe68b\xffa8\xffff\x6b6e \x40b8\x5397\x8b31\x1c2\0\0\xbde8b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xbf98b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xbf40b\1\0\0\0\xffa8\xffff{C5A7D9B0-3428-4390-B7A2-8C685F93C084}\0\0\0\0\xfff8\xffff\xbf28b\xfff8\xffff\xbfe8b\xfff8\xffff\xc208b\xffe8\xffff\x6b76\0d\0\xc078b\1\0\0\0\xfff8\xffff\xbfb0b\xffe8\xffff\x686c\2\xbed0b\x8b5b\x7b8\xc020b\x4bf\x1ead\xffe8\xffff\x6b76\0B\0\xc168b\1\0\0\0\x6268\x6e69\xc000b\x1000\0\xfc75\xdb33\x7d89\xe8e0\xb4ba\xffff\x7539\x74dc\xff14\xf475\xffa8\xffff\x6b6e \x40b8\x5397\x8b31\x1c2\0\0\xbde8b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xbfc8b\x1e0\0\xffff\xffff\0\0\0\0\0\0d\0\0\0\6\0\x7543\x5672\x7265\0\xff98\xffffWMSAdminCommonNetSource.WMSAdminCommonNetSource.5\0\xff78\xffff\x6b6e \x40b8\x5397\x8b31\x1c2\0\0\x3b0\0\1\0\0\0\xc278b\xffff\xffff\1\0\xbfa0b\x1e0\0\xffff\xffff \0\0\0\0\0B\0\0\0001\0\x4d57\x4153\x6d64\x6e69\x6f43\x6d6d\x6e6f\x654e\x5374\x756f\x6372\x2e65\x4d57\x4153\x6d64\x6e69\x6f43\x6d6d\x6e6f\x654e\x5374\x756f\x6372\x2e655\0\0\0\xffb8\xffffWMS Common NetSource Admin class\0\0\xffa8\xffff\x6b6e \x40b8\x5397\x8b31\x1c2\0\0\xc0e0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xbfa8b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xc220b\1\0\0\0\xffa8\xffff{C5A7D9B0-3428-4390-B7A2-8C685F93C084}\0\0\0\0\xfff0\xffff\x686c\1\xc1b0b\x8b5b\x7b8\xff88\xffff\x6b6e \xca20\x53a0\x8b31\x1c2\0\0\x3b0\0\2\0\0\0\xc508b\xffff\xffff\1\0\xc350b\x1e0\0\xffff\xffff\f\0\0\0\0\0.\0\0\0$\0\x4d57\x4353\x696c\x6e65\x4e74\x7465\x614d\x616e\x6567\x2e72\x6c43\x6569\x746e\x654e\x4d74\x6e61\x6761\x7265\0\0\xffe8\xffff\x6b76\0.\0\xc318b\1\0\0\0\xffc8\xffffClientNetManager Class\0\0\0\0\xfff8\xffff\xc300b\xffa8\xffff\x6b6e \xca20\x53a0\x8b31\x1c2\0\0\xc288b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc420b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xc3c8b\1\0\0\0\xffa8\xffff{CD12A3CE-9C42-11D2-BEED-0060082F2054}\0\0\0\0\xfff8\xffff\xc3b0b\xfff8\xffff\xc598b\xfff8\xffff\xc640b\xffa8\xffff\x6b6e \xca20\x53a0\x8b31\x1c2\0\0\xc288b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc500b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\6\0\x7543\x5672\x7265\0\xffe8\xffff\x6b76\0N\0\xc4a8b\1\0\0\0\xffa8\xffffWMSClientNetManager.ClientNetManager.1\0\0\0\0\xfff8\xffff\xc490b\xffe8\xffff\x686c\2\xc358b\x8b5b\x7b8\xc438b\x4bf\x1ead\xff88\xffff\x6b6e \xca20\x53a0\x8b31\x1c2\0\0\x3b0\0\1\0\0\0\xc6b0b\xffff\xffff\1\0\xc428b\x1e0\0\xffff\xffff \0\0\0\0\0.\0s &\0\x4d57\x4353\x696c\x6e65\x4e74\x7465\x614d\x616e\x6567\x2e72\x6c43\x6569\x746e\x654e\x4d74\x6e61\x6761\x7265\x312ew\xffe8\xffff\x6b76\0.\0\xc5b0b\1\0\0"\xffc8\xffffClientNetManager Class\0\0\0\0\xffa8\xffff\x6b6e \xca20\x53a0\x8b31\x1c2\0\0\xc520b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc430b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xc658b\1\0\0\x736e\xffa8\xffff{CD12A3CE-9C42-11D2-BEED-0060082F2054}\0\0\0\0\xfff0\xffff\x686c\1\xc5e8b\x8b5b\x7b8\xff90\xffff\x6b6e \x2c7a\x53a3\x8b31\x1c2\0\0\x3b0\0\2\0\0\0\xc930b\xffff\xffff\1\0\xc788b\x1e0\0\xffff\xffff\f\0\0\0\0\0<\0\0\0\37\0\x4d57\x4453\x4e4b\x6d61\x7365\x6170\x6563\x4e2e\x6d61\x7365\x6170\x6563\x6146\x7463\x726fy\xffe8\xffff\x6b76\0<\0\xc748b\1\0\0\0\xffc0\xffffWMSDSK NamespaceFactory Class\0\xfff8\xffff\xc730b\xffa8\xffff\x6b6e \x2c7a\x53a3\x8b31\x1c2\0\0\xc6c0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc858b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xc800b\1\0\0\0\xffa8\xffff{203b1eed-db9f-40fb-87bd-1990982017d2}\0\0\0\0\xfff8\xffff\xc7e8b\xfff8\xffff\xc9c0b\xfff8\xffff\xca70b\xffa8\xffff\x6b6e \x2c7a\x53a3\x8b31\x1c2\0\0\xc6c0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc928b\x1e0\0\xffff\xffff\0\0\0\0\0\0D\0\0\0\6\0\x7543\x5672\x7265\0\xffe8\xffff\x6b76\0D\0\xc8e0b\1\0\0\0\xffb8\xffffWMSDKNamespace.NamespaceFactory.1\0\xfff8\xffff\xc8c8b\xffe8\xffff\x686c\2\xc790b\x8b5b\x7b8\xc870b\x4bf\x1ead\xff88\xffff\x6b6e \xca20\x53a0\x8b31\x1c2\0\0\x3b0\0\1\0\0\0\xcae0b\xffff\xffff\1\0\xc860b\x1e0\0\xffff\xffff \0\0\0\0\0:\0\0\0!\0\x4d57\x4453\x4e4b\x6d61\x7365\x6170\x6563\x4e2e\x6d61\x7365\x6170\x6563\x6146\x7463\x726f\x2e791\0\0\0\xffe8\xffff\x6b76\0:\0\xc9d8b\1\0\0\0\xffc0\xffffWMSDK NamespaceFactory Class\0\0\xffa8\xffff\x6b6e \x2c7a\x53a3\x8b31\x1c2\0\0\xc948b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc868b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xca88b\1\0\0\0\xffa8\xffff{203b1eed-db9f-40fb-87bd-1990982017d2}\0\0\0\0\xfff0\xffff\x686c\1\xca18b\x8b5b\x7b8\xffa8\xffff\x6b6e \xba48\x22b9\xa48e\x1c4\0\0\x3b0\0\2\0\0\0\xcdd8b\xffff\xffff\3\0\xcc40b\x1e0\0\xffff\xffff\26\0\0\0.\0Z\0\xd1b8|\a\0\x4d57\x4653\x6c69e\xffe8\xffff\x6b76\0Z\0\xcb60b\1\0\0\0\xffa0\xffffFichier d'apparence du Lecteur Windows Media\0\0\xfff8\xffff\xccb0b\xffd8\xffff\x6b76\20F\0\xcbf0b\1\0\1\0\x7246\x6569\x646e\x796c\x7954\x6570\x614e\x656d\xffb0\xffff@C:\WINDOWS\inf\unregmp2.exe,-9915\0\0\0\0\xfff0\xffff\xcb48b\xcbc8b\xf7e0\xca\xffa0\xffff\x6b6e \x5960\xa4a1\xa490\x1c4\0\0\xcaf0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xcbc0b\x1e0\0\xffff\xffff\0\0\0\0\0\0p\0\0\0\v\0\x6544\x6166\x6c75\x4974\x6f63n\0\0\xffe8\xffff\x6b76\0H\0\xccc8b\1\0\0\0\xff88\xffffC:\WINDOWS\system32\wmploc.dll,-617\0r\wmplayer.exe,-120\0\0\0\xfff8\xffff\xce48b\xfff8\xffff\xcee0b\xffa8\xffff\x6b6e \xded2\x56e0\x8b31\x1c2\0\0\xcaf0b\1\0\0\0\xce78b\xffff\xffff\1\0\xcdd0b\x1e0\0\xffff\xffff\b\0\0\0\0\0 \0\0\0\5\0\x6873\x6c65l\0\xffe8\xffff\x6b76\0 \0\xcdc0b\1\0\0\0\xfff0\xffffopen\0\0\xfff8\xffff\xcda8b\xffe8\xffff\x686c\2\xcc50b\xf9e6\xe06f\xcd50b\xb890\x97e\xffa8\xffff\x6b6e \xded2\x56e0\x8b31\x1c2\0\0\xcd50b\1\0\0\0\xcf80b\xffff\xffff\1\0\xcd40b\x1e0\0\xffff\xffff\16\0\0\0\0\0\20\0\0\0\4\0\x706f\x6e65\0\0\xffe8\xffff\x6b76\0\20\0\xce60b\1\0\0}\xffe8\xffff&Ouvrir\0\0\0\xfff0\xffff\x686c\1\xcdf0b\xc54a>\xffa8\xffff\x6b6e \xded2\x56e0\x8b31\x1c2\0\0\xcdf0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xcd48b\x1e0\0\xffff\xffff\0\0\0\0\0\0\x84\0\0\0\a\0\x6f63\x6d6d\x6e61d\xffe8\xffff\x6b76\0\x84\0\xcef8b\1\0\0|\xff78\xffff"C:\Program Files\Windows Media Player\wmplayer.exe" /layout:""\0\xfff0\xffff\x686c\1\xce88b\x76f\x559f\xff90\xffff\x6b6e \x7c04\x5392\x8b31\x1c2\0\0\x3b0\0\2\0\0\0\xd208b\xffff\xffff\1\0\xd060b\x1e0\0\xffff\xffff\f\0\0\0\0\0"\0\0\0\36\0\x4d57\x4853\x5454\x5350\x756f\x6372\x5065\x756c\x6967\x2e6e\x5448\x5054\x6f53\x7275\x6563\0\x6268\x6e69\xd000b\x1000\0\x75c0\x8b34\x850e\x74c9\xff02\x83d1\x4c6\xf73b\xed72\xc085\xffe8\xffff\x6b76\0"\0\xd038b\1\0\0\0\xffd8\xffffHTTPSource Class\0\0\xfff8\xffff\xd020b\xffa8\xffff\x6b6e \x7c04\x5392\x8b31\x1c2\0\0\xcf90b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd130b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xd0d8b\1\0\0\0\xffa8\xffff{636CCDDE-0D74-11d3-8694-00C04F6890ED}\0\0\0\0\xfff8\xffff\xd0c0b\xfff8\xffff\xd290b\xfff8\xffff\xd328b\xffa8\xffff\x6b6e \x7c04\x5392\x8b31\x1c2\0\0\xcf90b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd200b\x1e0\0\xffff\xffff\0\0\0\0\0\0B\0\0\0\6\0\x7543\x5672\x7265\0\xffe8\xffff\x6b76\0B\0\xd1b8b\1\0\0\0\xffb8\xffffWMSHTTPSourcePlugin.HTTPSource.1\0\0\xfff8\xffff\xd1a0b\xffe8\xffff\x686c\2\xd068b\x8b5b\x7b8\xd148b\x4bf\x1ead\xff90\xffff\x6b6e \x7c04\x5392\x8b31\x1c2\0\0\x3b0\0\1\0\0\0\xd398b\xffff\xffff\1\0\xd138b\x1e0\0\xffff\xffff \0\0\0\0\0"\0\0\0 \0\x4d57\x4853\x5454\x5350\x756f\x6372\x5065\x756c\x6967\x2e6e\x5448\x5054\x6f53\x7275\x6563\x312e\xffe8\xffff\x6b76\0"\0\xd2a8b\1\0\0\0\xffd8\xffffHTTPSource Class\0\0\xffa8\xffff\x6b6e \x7c04\x5392\x8b31\x1c2\0\0\xd220b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd140b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xd340b\1\0\0\0\xffa8\xffff{636CCDDE-0D74-11d3-8694-00C04F6890ED}\0\0\0\0\xfff0\xffff\x686c\1\xd2d0b\x8b5b\x7b8\xff90\xffff\x6b6e \x19aa\x5390\x8b31\x1c2\0\0\x3b0\0\2\0\0\0\xd600b\xffff\xffff\1\0\xd458b\x1e0\0\xffff\xffff\f\0\0\0\0\0 \0\0\0\34\0\x4d57\x4d53\x534d\x6f53\x7275\x6563\x6c50\x6775\x6e69\x4d2e\x534d\x6f53\x7275\x6563\0\0\xffe8\xffff\x6b76\0 \0\xd430b\1\0\0w\xffd8\xffffMMSSource Class\0\0\0\xfff8\xffff\xd418b\xffa8\xffff\x6b6e \x19aa\x5390\x8b31\x1c2\0\0\xd3a8b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd528b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xd4d0b\1\0\0"\xffa8\xffff{39AAF44E-1256-11d3-869A-00C04F6890ED}\0\0\0\0\xfff8\xffff\xd4b8b\xfff8\xffff\xd688b\xfff8\xffff\xd720b\xffa8\xffff\x6b6e \x19aa\x5390\x8b31\x1c2\0\0\xd3a8b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd5f8b\x1e0\0\xffff\xffff\0\0\0\0\0\0>\0\0\0\6\0\x7543\x5672\x7265\0\xffe8\xffff\x6b76\0>\0\xd5b0b\1\0\0\0\xffb8\xffffWMSMMSSourcePlugin.MMSSource.1\0\0\0\0\xfff8\xffff\xd598b\xffe8\xffff\x686c\2\xd460b\x8b5b\x7b8\xd540b\x4bf\x1ead\xff90\xffff\x6b6e \x19aa\x5390\x8b31\x1c2\0\0\x3b0\0\1\0\0\0\xd790b\xffff\xffff\1\0\xd530b\x1e0\0\xffff\xffff \0\0\0\0\0 \0\W\36\0\x4d57\x4d53\x534d\x6f53\x7275\x6563\x6c50\x6775\x6e69\x4d2e\x534d\x6f53\x7275\x6563\x312es\xffe8\xffff\x6b76\0 \0\xd6a0b\1\0\0\0\xffd8\xffffMMSSource Class\0\x736e\x6174\xffa8\xffff\x6b6e \x19aa\x5390\x8b31\x1c2\0\0\xd618b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd538b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0:\5\0\x4c43\x4953DW\xffe8\xffff\x6b76\0N\0\xd738b\1\0\0$\xffa8\xffff{39AAF44E-1256-11d3-869A-00C04F6890ED}\0\0\0\0\xfff0\xffff\x686c\1\xd6c8b\x8b5b\x7b8\xff90\xffff\x6b6e \xde5e\x5394\x8b31\x1c2\0\0\x3b0\0\2\0\0\0\xd9f8b\xffff\xffff\1\0\xd850b\x1e0\0\xffff\xffff\f\0\0\0\0\0"\0\0\0\36\0\x4d57\x4d53\x4253\x4344\x696c\x6e65\x5074\x756c\x6967\x2e6e\x534d\x4442\x6f53\x7275\x6563\0\xffe8\xffff\x6b76\0"\0\xd828b\1\0\0\0\xffd8\xffffMSBDSource Class\0\0\xfff8\xffff\xd810b\xffa8\xffff\x6b6e \xde5e\x5394\x8b31\x1c2\0\0\xd7a0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd920b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xd8c8b\1\0\0\0\xffa8\xffff{39AAF450-1256-11d3-869A-00C04F6890ED}\0\0\0\0\xfff8\xffff\xd8b0b\xfff8\xffff\xda80b\xfff8\xffff\xdb18b\xffa8\xffff\x6b6e \xde5e\x5394\x8b31\x1c2\0\0\xd7a0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd9f0b\x1e0\0\xffff\xffff\0\0\0\0\0\0B\0\0\0\6\0\x7543\x5672\x7265\0\xffe8\xffff\x6b76\0B\0\xd9a8b\1\0\0\0\xffb8\xffffWMSMSBDClientPlugin.MSBDSource.1\0\0\xfff8\xffff\xd990b\xffe8\xffff\x686c\2\xd858b\x8b5b\x7b8\xd938b\x4bf\x1ead\xff90\xffff\x6b6e \xde5e\x5394\x8b31\x1c2\0\0\x3b0\0\1\0\0\0\xdb88b\xffff\xffff\1\0\xd928b\x1e0\0\xffff\xffff \0\0\0\0\0"\0\0\0 \0\x4d57\x4d53\x4253\x4344\x696c\x6e65\x5074\x756c\x6967\x2e6e\x534d\x4442\x6f53\x7275\x6563\x312e\xffe8\xffff\x6b76\0"\0\xda98b\1\0\0\0\xffd8\xffffMSBDSource Class\0\0\xffa8\xffff\x6b6e \xde5e\x5394\x8b31\x1c2\0\0\xda10b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xd930b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xdb30b\1\0\0\0\xffa8\xffff{39AAF450-1256-11d3-869A-00C04F6890ED}\0\0\0\0\xfff0\xffff\x686c\1\xdac0b\x8b5b\x7b8\xffa8\xffff\x6b6e \xccfe\x59c6\x8763\x1c3\0\0\xe2d0b\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xdc98b\x26d8\xb8\xffff\xffff\0\0\0\0\16\0<\0\0\0\5\0\x6946\x656c\x6e32\x6574\xffd8\xffff\x686c\3\xe338b\xde80\x80b\xe440b\xde81\x80b\xdb98b\xde82\x80bP\0Wi\xffc0\xffffC:\WINDOWS\System32\wmpcd.dll\0\xffe0\xffff\x6b76\6\4\x80000\0\1\0\1\0\x6e49\x7250\x636f\0\xffe0\xffff\x6b76\4\f\0\xe3a0b\1\0\1b\x6953\x657a\x9e\x3b00\xffe8\xffff\xe498b\xe5d8b\xdc58b\xdc78b\xdcb0b\xffe0\xffff\x6b76\a\26\0\xdcd0b\1\0\1b\x6556\x7372\x6f69\xff6e\xffe0\xffff9.0.0.2980\0\x6166\x6c75\x4974\xffd8\xffff\x6b76 \4\x8000\0\1\3\0\1b\x6445\x7469\x6c46\x6761s\0wm\xffa8\xffff\x6b6e \x2528\x8ade\x4298\x1c7\0\0\xa198l\3\0\0\0\xaa70j\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\32\0\0\0\0\0\0\0\xffff\xffff\a\0\x6353\x6568\x656ds\xffa0\xffff\x6b6e \x35be\x5e3f\x8763\x1c3\0\0\xdd18b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe390b\x5be0\xb9\xffff\xffff\0\0\0\0\16\0\4\0en \0\x6e76\x2e64\x736d\x772e\x686d\x6d74\x686c\0\xfff0\xffff\x686c\1\x6f0\xcd\xb890\x97e\xffe0\xffff\x6b76\a\4\x8000\1\0\4\0\1b\x7552\x746e\x6d69e\xffd0\xffff\x6b76\24`\0\xde30b\1\0\1\xffff\x654d\x6174\x6164\x6174\x6554\x706d\x616c\x6574\x4473\x7269\4\0\xff98\xffffC:\Program Files\Windows Media Player\Templates\0\xdf30b\xffd8\xffff\x2670j\x26f0j\x2768j\x2790j\x2818j\x1e40j\x28c0j\xde00b\x6e61d\xffa0\xffff\x6b6e \x9818\x5e41\x8763\x1c3\0\0\xab30c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xeff8b\x5be0\xb9\xffff\xffff\0\0\0\0\f\0\16\0mp\v\0\x6e49\x7473\x6c61\x4e6c\x6d61ee \xffd8\xffff\x686c\3\xabf8c\x725f\x1a55\xdec0b\xb24\x1a59\xaea0c\xb890\x97e\xde68b\x76f\x559f\xffe0\xffff\x6b76\6\16\0\xdf68b\1\0\1b\x434f\x614e\x656d\0\xffe8\xffffWMPOCM\0\xffff\xffff\xffff\xffb0\xffff*.asx;*.wax;*.m3u;*.wpl;*.wvx;*.wmx\0\xdfa0b\xffd0\xffff\x6b76\24\2\x8000\0\0\1\0\1?\x534d\x4d57\x4250\x7275\x436e\x4f44\x416e\x7272\x7669\x6c61\0\0\x6268\x6e69\xe000b\x1000\0jj\x75ff\xff0c\x875\xff50\x1051\x5eb\x5b8@\xffa0\xffff\x6b6e \x13ba\x58ca\x8763\x1c3\0\0\x3ca8m\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x5be0\xb9\xffff\xffff\0\0\0\0\0\0\0\0\0\0\17\0\x7676\x6469\x6f65\x782f\x6d2d\x2d73\x6d77p\xfe10\xffff\x686c'\xa768\xc8\x9e31\xb2c8\x3d08m\xaa84\x3d7c\x4020m\xf431\xf74f\x42e8m\xf447\xf74f\x45d8m\x1b1b\xea22\x48f8m\x9b27\xd704\x4bf0m\xd91b\x6e1c\x4e98m\x6130\xea2b\x5188m\xda0d\x6e1c\x5490m\x86c2\xea2b\x5700m\x722d\xa648\x59a0m\xda21\x6e1c\x5c48m\xd7f\x6e1d\x5430m\xdf48\x6c4e\x6280m\x2a84\xd96a\x6548m\x255d\x6c58\x6810m\x2b76\xd96a\x6ab8m\x4aef\x6c58\x6d60m\x6e06\x79e4\x5f00m\x2b8a\xd96a\x7318m\x557f\x646c\x7590m\x5724\x646c\x7868m\x5ee8\xd96a\x7b20m\x6db0\xac84\x7de0m\x9aec\x11fe\x7e80m\xdf5a\x32e6\x8140m\x6dfb\x5b67\x8490m\x1ea6\x32e7\x7020m\x92d5\x8e3b\x8de8m\xcac0\xf5af\x9130m\x443b\xd913\x9498m\x670a\xd956\x9780m\xa3de\x7db6\x9a70m\x219c\x826a\x9d08m\xdbe2\xd956\x9f98m\xdbe4\xd956\xa270m\xdd31\xd956\xa500m\x41e6\x6e17\xe020b\xe0a2\x41dc\xe020b\xe0a2\x41dc\xe020b\xe0a2\x41dc\x1c8\0\x6b6e \xa93e\x5669\x8b31\x1c2\0\0\xe0e0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xde60b\xffff\xffff\xffff\xffff\0\0\0\0\0\0\32\0\0\0\v\0\x6544\x6166\x6c75\x4974\x6f63n\v\08\0\x6b76\0\32\0\xe248b\1\0\0\0 \0wmplayer.exe\0y\20\0&O\xffa0\xffff\x6b6e \xa97a\x5e73\x8763\x1c3\0\0\xe2e8\xc7\3\0\0\0\xe240\xc8\xffff\xffff\6\0\xdcc0\xc8\x26d8\xb8\xffff\xffff\24\0\0\0\32\0\x204\0\0\0\f\0\x6c70\x7961\x6162\x6b63\x575f\x504d\x3937\x342d\xffa8\xffff\x6b6e \xccfe\x59c6\x8763\x1c3\0\0\xe270b\3\0\0\0\xdbf0b\xffff\xffff\0\0\xffff\xffff\x26d8\xb8\xffff\xffff \0\0\0\0\0\0\0\x80\0\5\0\x6946\x656c\x8773\x1c3\xfff0\xffff\x686c\1\xefa8\xc8\xdea3\x80b\xffa8\xffff\x6b6e \x33a2\x596c\x8763\x1c3\0\0\xe2d0b\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xe3e8b\x26d8\xb8\xffff\xffff\0\0\0\0\16\0<\0\1\0\5\0\x6946\x656c\xe330b\xfff8\xffff\xdde0b\xfff8\xffff\xe7c0b\xfff0\xffff20480\0\xffe0\xffff\x6b76\4\20\0\xe3d0b\1\0\1\xffff\x6953\x657a\xe468b\xffe8\xffff1404928\0N\0\xffe8\xffff\x2850 \xbfd8R\xc218R\xe3b0b\xe400b\xffe0\xffff\x6b76\a\26\0\xe420b\1\0\1:\x6556\x7372\x6f69n\xffe0\xffff8.0.0.4487\0002\w\xffa8\xffff\x6b6e \x3234\x598b\x8763\x1c3\0\0\xe2d0b\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xe580b\x26d8\xb8\xffff\xffff\0\0\0\0\16\08\0\x8a52\x58c0\5\0\x6946\x656c\xe231b\xffe8\xffff\x6b76\0<\0\xdc18b\1\0\0\x80b\xffe8\xffff\x6b76\08\0\xe4c8b\1\0\0\0\xffc0\xffffC:\WINDOWS\System32\wmp.ocx\0\xe4d8b\xffe0\xffff\x6b76\3\4\x80000\0\1\0\1?\x6c44l\x6b6e \xffe0\xffff\x6b76\6\4\x80000\0\1\0\1\0\x6e49\x7250\x636f\xffff\xffe0\xffff\x6b76\4\16\0\xe568b\1\0\1\0\x6953\x657aN\0\xffe8\xffff188416\0\0\x6b76\0\xffe8\xffff\xe4b0b\xe508b\xe528b\xe548b\xe598b\xffe0\xffff\x6b76\a\26\0\xe5b8b\1\0\1I\x6556\x7372\x6f69n\xffe0\xffff8.0.0.4487\0xe \xffe0\xffff\x6b76\3\4\x80000\0\1\0\1\0\x6c44l\x76f\x559f\xffa8\xffff\x6b6e \x1ca2\x22bc\xa48e\x1c4\0\0\x3b0\0\3\0\0\0\xedf0b\xffff\xffff\4\0\xf0d8\xca\x1e0\0\xffff\xffff\26\0\0\0.\0F\0\0\0\a\0\x4d57\x4656\x6c69e\xffd8\xffff\x6b76 \4\x8000\0\1\3\0\1\0\x6445\x7469\x6c46\x6761s\0\0\0\xffe8\xffff\x6b76\0D\0\xe690b\1\0\0\0\xffb8\xffffFichier audio/vid\xe9o Windows Media\0\xfff0\xffff\xbe0z\xec20~\xe6e8b\xffd8\xffff\x6b76\20F\0\xe710b\1\0\1\0\x7246\x6569\x646e\x796c\x7954\x6570\x614e\x656d\xffb0\xffff@C:\WINDOWS\inf\unregmp2.exe,-9914\0\0\0\0\xffa0\xffff\x6b6e \xa92\xfa68\x4295\x1c7\0\0\xe5f8b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe398b\x1e0\0\xffff\xffff\0\0\0\0\0\0p\0\0\0\v\0\x6544\x6166\x6c75\x4974\x6f63n\0\0\xffe8\xffff\x6b76\0H\0\xe7d8b\1\0\0\xc6a9\xff88\xffffC:\WINDOWS\system32\wmploc.dll,-736\00020\0mplayer.exe,-120\0\0\0\xfff8\xffff\xecf8b\xfff8\xffff\xeee0b\xffa8\xffff\x6b6e \x412c\x56e3\x8b31\x1c2\0\0\xe5f8b\2\0\0\0\xec88b\xffff\xffff\1\0\xe8e0b\x1e0\0\xffff\xffff\b\0\0\0\0\0 \0\0\0\5\0\x6873\x6c65l\0\xffe8\xffff\x6b76\0 \0\xe8d0b\1\0\0\0\xfff0\xffffplay\0\0\xfff8\xffff\xe8b8b\xfff0\xffff\x686c\1\xee18b\x5673\xeb42\xfff8\xffff\xefc8b\xffa8\xffff\x6b6e \x412c\x56e3\x8b31\x1c2\0\0\xe860b\2\0\0\0\xebb0b\xffff\xffff\2\0\xe9b0b\x1e0\0\xffff\xffff\24\0\0\0\32\0\20\0\0\0\4\0\x706f\x6e65\0\0\xffe8\xffff\x6b76\0\20\0\xe970b\1\0\0\0\xffe8\xffff&Ouvrir\0\0\0\xffd8\xffff\x6b76 \2\x8000\0\0\1\0\1\0\x654c\x6167\x7963\x6944\x6173\x6c62e\0\xfff0\xffff\xe958b\xe988b\x851\x6eb\xffa8\xffff\x6b6e \xbdfa\x9f6b\x8763\x1c3\0\0\xe900b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xeab8b\x1e0\0\xffff\xffff\0\0\0\0\0\0\x98\0\0\0\a\0\x6f63\x6d6d\x6e61d\xffe8\xffff\x6b76\0\x98\0\xca10\xca\1\0\0\0\xffe0\xffff\x6b76\aJ\0\xea50b\2\0\1a\x554d\x5649\x7265b\xffb0\xffff@ystemRoot\inf\unregmp2.exe,-9991\0 \xffe8\xffff\x6b76\0\x80\0\xd588\xca\1\0\0\0\xfff8\xffff\xea18b\xfff0\xffff\x49f0\x196\x4b50\x196\x76f\x559f\xffa0\xffff\x6b6e \x412c\x56e3\x8b31\x1c2\0\0\xe900b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xeba8b\x1e0\0\xffff\xffff\0\0\0\0 \0N\0\0\0 \0\x7244\x706f\x6154\x6772\x7465\0\0\0\xffe0\xffff\x6b76\5N\0\xeb50b\1\0\1\0\x4c43\x4953D\0\xffa8\xffff{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\0\0\0\0\xfff8\xffff\xeb30b\xffe8\xffff\x686c\2\xe9c0b\x76f\x559f\xead0b\xf714\x1b49\xffa8\xffff\x6b6e \xa92\xfa68\x4295\x1c7\0\0\xe860b\2\0\0\0\x6d88\x196\xffff\xffff\3\0\xec78b\x1e0\0\xffff\xffff\24\0\0\0\32\0J\0\0\0\4\0\x6c70\x7961\0\0\xffe8\xffff\x6b76\0\22\0\xec38b\1\0\0\0\xffe8\xffff&Lecture\0\0\xffd8\xffff\x6b76 \2\x8000\0\0\1\0\1\0\x654c\x6167\x7963\x6944\x6173\x6c62e\0\xfff0\xffff\xec20b\xec50b\xea30b\xffe8\xffff\x686c\2\xe900b\xc54a>\xebc8b\x753a?\xffa8\xffff\x6b6e \xbdfa\x9f6b\x8763\x1c3\0\0\xebc8b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe850b\x1e0\0\xffff\xffff\0\0\0\0\0\0\x98\0\0\0\a\0\x6f63\x6d6d\x6e61d\xffe8\xffff\x6b76\0\x98\0\xcd28\xca\1\0\0\0\xffa0\xffff\x6b6e \xbdfa\x9f6b\x8763\x1c3\0\0\xc6f8\1\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xcad0\xca\x5be0\xb9\xffff\xffff\0\0\0\0\16\0\0\0ay\17\0\x704f\x6e65\x6957\x6874\x7250\x676f\x6449s\xffd8\xffff\x686c\3\xc818\1\x54c2\x711f\xed10b\xaa6\x4cb5\xc8f8\1\x3a37\xaac9L"\0\0\xffa8\xffff\x6b6e \x7f54\x56a0\x8b31\x1c2\0\0\xe5f8b\1\0\0\0\xe8e8b\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff&\0\0\0\0\0\0\0\0\0\a\0\x6873\x6c65\x656cx\xffd8\xffff\x686c\3\xe760b\xf9e6\xe06f\xe860b\xb890\x97e\xed98b\x461\xc6a9\xa04\2\x7500\xf63\xff98\xffff\x6b6e \x924e\xd93b\x4295\x1c7\0\0\xed98b\2\0\0\0\x92d0\xca\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff"\0\0\0\0\0\0\0\0\0\23\0\x6f43\x746e\x7865\x4d74\x6e65\x4875\x6e61\x6c64\x7265s\0\0\xffa0\xffff\x6b6e \x7f54\x56a0\x8b31\x1c2\0\0\xee18b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe858b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\20\0\x4d57\x4150\x6464\x6f54\x6c50\x7961\x696c\x7473\xffe8\xffff\x6b76\0N\0\xeef8b\1\0\0\0\xffa8\xffff{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\0\0\0\0\xfff0\xffff\x5710\x80\x8928\x83\xf180b\xff98\xffff\x6b6e \x7f54\x56a0\x8b31\x1c2\0\0\xee18b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xe8f8b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\21\0\x4d57\x5050\x616c\x4179\x5073\x616c\x6c79\x7369t\0\0\0\xffe8\xffff\x6b76\0N\0\xf020b\1\0\0\0\xffe8\xffff\x6b76\0$\0\xc8e0\xc9\1\0\0\x4de8\xfff8\xffff\xdf48b\x6268\x6e69\xf000b\x1000\0\xf00\x284\5\x3300\x39c9\x44e\x850f\x51b\0\x1db8\xffa8\xffff{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\0\0\0\0\xffa8\xffff\x6b6e \xe156\x22c0\xa48e\x1c4\0\0\x3b0\0\2\0\0\0\xf380b\xffff\xffff\4\0\xf180\xca\x1e0\0\xffff\xffff\26\0\0\0.\0^\0\0\0\a\0\x4d57\x465a\x6c69e\xffd8\xffff\x6b76 \4\x8000\0\1\3\0\1\0\x6445\x7469\x6c46\x6761s\0\0\0\xfff8\xffff\xf258b\xffe8\xffff\x6b76\0^\0\xf118b\1\0\0\0\xff98\xffffEnsemble d'apparences du Lecteur Windows Media\0\0\0\0\xffd8\xffff\x6b76\20F\0\xf1a8b\1\0\1\0\x7246\x6569\x646e\x796c\x7954\x6570\x614e\x656d\xffb0\xffff@C:\WINDOWS\inf\unregmp2.exe,-9916\0\0\0\0\xffa0\xffff\x6b6e \x5960\xa4a1\xa490\x1c4\0\0\xf078b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf0f8b\x1e0\0\xffff\xffff\0\0\0\0\0\0p\0\0\0\v\0\x6544\x6166\x6c75\x4974\x6f63n\0\0\xffe8\xffff\x6b76\0H\0\xf270b\1\0\0\0\xff88\xffffC:\WINDOWS\system32\wmploc.dll,-617\0r\wmplayer.exe,-120\0\0\0\xfff8\xffff\xf3f0b\xfff8\xffff\xf488b\xffa8\xffff\x6b6e \x5e0\x56e8\x8b31\x1c2\0\0\xf078b\1\0\0\0\xf420b\xffff\xffff\1\0\xf378b\x1e0\0\xffff\xffff\b\0\0\0\0\0 \0\0\0\5\0\x6873\x6c65l\0\xffe8\xffff\x6b76\0 \0\xf368b\1\0\0\0\xfff0\xffffopen\0\0\xfff8\xffff\xf350b\xffe8\xffff\x686c\2\xf1f8b\xf9e6\xe06f\xf2f8b\xb890\x97e\xffa8\xffff\x6b6e \x5e0\x56e8\x8b31\x1c2\0\0\xf2f8b\1\0\0\0\xf528b\xffff\xffff\1\0\xf2e8b\x1e0\0\xffff\xffff\16\0\0\0\0\0\20\0\0\0\4\0\x706f\x6e65\0\0\xffe8\xffff\x6b76\0\20\0\xf408b\1\0\0\0\xffe8\xffff&Ouvrir\0\0\0\xfff0\xffff\x686c\1\xf398b\xc54a>\xffa8\xffff\x6b6e \x5e0\x56e8\x8b31\x1c2\0\0\xf398b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf2f0b\x1e0\0\xffff\xffff\0\0\0\0\0\0\x84\0\0\0\a\0\x6f63\x6d6d\x6e61d\xffe8\xffff\x6b76\0\x84\0\xf4a0b\1\0\0\0\xff78\xffff"C:\Program Files\Windows Media Player\wmplayer.exe" /layout:""\0\xfff0\xffff\x686c\1\xf430b\x76f\x559f\xff98\xffff\x6b6e \x318e\x4d4\x8b31\x1c2\0\0\x3b0\0\5\0\0\0\xfce8b\xffff\xffff\3\0\xf688b\x1e0\0\xffff\xffff\26\0\0\0 \0t\0\0\0\22\0\x6f57\x6472\x6170\x2e64\x6f44\x7563\x656d\x746e\x312e\0\0\0\xffe8\xffff\x6b76\0"\0\xf5b8b\1\0\0\26\xffd8\xffffDocument WordPad\0\0\xfff8\xffff\xf760b\xffd8\xffff\x6b76\20t\0\xf610b\2\0\1\0\x7246\x6569\x646e\x796c\x7954\x6570\x614e\x656d\xff88\xffff@"ProgramFiles\Windows NT\Accessoires\WORDPAD.EXE",-209\0\xfff0\xffff\xf5a0b\xf5e8b\xf698b\xffe0\xffff\x6b76\bJ\0\xf6b8b\1\0\1\0\x6954\x656c\x6e49\x6f66\xffb0\xffffprop:DocTitle;DocAuthor;DocPageCount\0\0\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xf538b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf5e0b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\xf778b\1\0\0\xcb5\xffa8\xffff{73FDDC80-AEA9-101A-98A7-00AA00374959}\0\0\0\0\xfff8\xffff\xf948b\xfff8\xffff\xf8d0b\xffa0\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xf538b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf8c8b\x1e0\0\xffff\xffff\0\0\0\0\0\0l\0\0\0\v\0\x6544\x6166\x6c75\x4974\x6f63n\0\0\xffe8\xffff\x6b76\0l\0\xf858b\2\0\0\x8ad0\xff90\xffff"ProgramFiles\Windows NT\Accessoires\WORDPAD.EXE",1\0\xfff8\xffff\xf840b\xffe8\xffff\x6b76\0\2\x8000\0\0\1\0\0\0\xffa0\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xf538b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf7d0b\x1e0\0\xffff\xffff\0\0\0\0\0\0\2\0\0\0 \0\x6e49\x6573\x7472\x6261\x656c\0\0\0\xffe8\xffff\x6b76\0\2\x8000\0\0\1\0\0\26\xfff8\xffff\xff28b\xfff8\xffff\xfeb8b\xffe8\xffff\x6b76\0r\0\xfdd8b\2\0\0\0\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xf538b\1\0\0\0\xfa60b\xffff\xffff\1\0\xf7d8b\x1e0\0\xffff\xffff\34\0\0\0\0\0\2\0\0\0\b\0\x7250\x746f\x636f\x6c6f\xffa0\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xf988b\2\0\0\0\xfbe0b\xffff\xffff\1\0\xfa58b\x1e0\0\xffff\xffff\f\0\0\0\0\0\2\0\0\0\16\0\x7453\x4664\x6c69\x4565\x6964\x6974\x676e\0\xffe8\xffff\x6b76\0\2\x8000\0\0\1\0\0\0\xfff8\xffff\xfa40b\xfff0\xffff\x686c\1\xf9e0b\xa9b3\xc426\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xf9e0b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfb50b\x1e0\0\xffff\xffff\0\0\0\0\0\0h\0\0\0\6\0\x6553\x7672\x7265\0\xffe8\xffff\x6b76\0h\0\xfae0b\2\0\0\0\xff90\xffff"ProgramFiles\Windows NT\Accessoires\WORDPAD.EXE"\0\0\0\xfff8\xffff\xfac8b\xfff8\xffff\xfc50b\xfff8\xffff\xf970b\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xf9e0b\1\0\0\0\xfc80b\xffff\xffff\1\0\xfbd8b\x1e0\0\xffff\xffff\2\0\0\0\0\0\2\0\0\0\4\0\x6556\x6272\0\0\xffe8\xffff\x6b76\0\2\x8000\0\0\1\0\0\0\xfff8\xffff\xfbc0b\xffe8\xffff\x686c\2\xfa70b\x22ff\x5f05\xfb68b\xf557C\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xfb68b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfb58b\x1e0\0\xffff\xffff\0\0\0\0\0\0\24\0\0\0\1\0000\0\0\0\xffe8\xffff\x6b76\0\24\0\xfc68b\1\0\0\0\xffe8\xffff&Modifier\0\xfff0\xffff\x686c\1\xfbf8b0\0\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xf538b\3\0\0\0\xffd0b\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\16\0\0\0\0\0\0\0\0\0\5\0\x6873\x6c65l\0\xffc0\xffff\x686c\5\xf708b\x8b5b\x7b8\xf7e0b\xf9e6\xe06f\xf8e8b\x827d\xcb5\xf988b\xc76\x8ad0\xfc90b\xb890\x97e\xb70f\x1845\x5d8b\xc108\x10ee\x5056\xcb8b\x6be8\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xfc90b\1\0\0\0\xfe50b\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\16\0\0\0\0\0\0\0\0\0\4\0\x706f\x6e65\0\0\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xfd28b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfb60b\x1e0\0\xffff\xffff\0\0\0\0\0\0r\0\0\0\a\0\x6f63\x6d6d\x6e61d\xff88\xffff"ProgramFiles\Windows NT\Accessoires\WORDPAD.EXE" ""\0\0\xfff0\xffff\x686c\1\xfd80b\x76f\x559f\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xfc90b\1\0\0\0\xffc0b\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\16\0\0\0\0\0\0\0\0\0\5\0\x7270\x6e69t\0\xffe8\xffff\x6b76\0\x98\0\x00d0c\2\0\0\0\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xfe60b\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf960b\x1e0\0\xffff\xffff\0\0\0\0\0\0x\0\0\0\a\0\x6f63\x6d6d\x6e61d\xffe8\xffff\x6b76\0x\0\xff40b\2\0\0\0\xff80\xffff"ProgramFiles\Windows NT\Accessoires\WORDPAD.EXE" /p ""\0\0\0\xfff0\xffff\x686c\1\xfed0b\x76f\x559f\xffd8\xffff\x686c\3\xfd28b\xc54a>\xfe60b\xbe15\x930 c\x8ac0\x25a8\x4589\x7410\x5050\x15ff\xfff8\xffff\x0320c\x6268\x6e69\0c\x1000\0\x6868\x71da\xff60\x90b6\0\xe800\x384c\3\xf883\x6a02\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\xfc90b\1\0\0\0\x0170c\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\16\0\0\0\0\0\0\0\0\0\a\0\x7270\x6e69\x7474o\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0 c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf968b\x1e0\0\xffff\xffff\0\0\0\0\0\0\x98\0\0\0\a\0\x6f63\x6d6d\x6e61d\xff60\xffff"ProgramFiles\Windows NT\Accessoires\WORDPAD.EXE" /pt "" "" "" ""\0\0\0\xfff0\xffff\x686c\1xc\x76f\x559f\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\x3b0\0\3\0\0\0\x0500c\xffff\xffff\2\0\x02b8c\x1e0\0\xffff\xffff\26\0\0\0 \0t\0\0\0\a\0\x7277\x6669\x6c69e\xffd8\xffff\x6b76\20t\0\x0200c\2\0\1\0\x7246\x6569\x646e\x796c\x7954\x6570\x614e\x656d\xff88\xffff@"ProgramFiles\Windows NT\Accessoires\WORDPAD.EXE",-208\0\xffe8\xffff\x6b76\0\36\0\x0290c\1\0\0\0\xffd8\xffffDocument Write\0\0\0\0\xfff0\xffff\x01d8c\x0278c\0\xff56\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\x0180c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfff8b\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\x0338c\1\0\0\0\xffa8\xffff{73FDDC80-AEA9-101A-98A7-00AA00374959}\0\0\0\0\xfff8\xffff\x0738c\xfff8\xffff\x06c8c\xffa0\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\x0180c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0488c\x1e0\0\xffff\xffff\0\0\0\0\0\0l\0\0\0\v\0\x6544\x6166\x6c75\x4974\x6f63n\0\0\xffe8\xffff\x6b76\0l\0\x0418c\2\0\0\0\xff90\xffff"ProgramFiles\Windows NT\Accessoires\WORDPAD.EXE",2\0\xfff8\xffff\x0400c\xffe8\xffff\x6b76\0v\0\x05d8c\1\0\0\0\xffa8\xffff\x6b6e \x9f28\xb8d7\x8b30\x1c2\0\0\x0180c\3\0\0\0\x0838c\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\16\0\0\0\0\0\0\0\0\0\5\0\x6873\x6c65l\0\xffd8\xffff\x686c\3\x02c8c\x8b5b\x7b8\x03a0c\xf9e6\xe06f\x04a8c\xb890\x97e\x478d\x503c\x478b\x402c\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\x04a8c\1\0\0\0\x0660c\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\16\0\0\0\0\0\0\0\0\0\4\0\x706f\x6e65\0\0\xffa8\xffff\x6b6e \x3cce\xb8d5\x8b30\x1c2\0\0\x0528c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0658c\x1e0\0\xffff\xffff\0\0\0\0\0\0v\0\0\0\a\0\x6f63\x6d6d\x6e61d\xff80\xffff"C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE" ""\0\0\0\0\xfff8\xffff\x0490c\xfff0\xffff\x686c\1\x0580c\x76f\x559f\xffa8\xffff\x6b6e \x9f28\xb8d7\x8b30\x1c2\0\0\x04a8c\1\0\0\0\x07d0c\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\16\0\0\0\0\0\0\0\0\0\5\0\x7270\x6e69t\0\xffe8\xffff\x6b76\0\x9c\0\x08b8c\1\0\0\0\xffa8\xffff\x6b6e \x9f28\xb8d7\x8b30\x1c2\0\0\x0670c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0390c\x1e0\0\xffff\xffff\0\0\0\0\0\0|\0\0\0\a\0\x6f63\x6d6d\x6e61d\xffe8\xffff\x6b76\0|\0\x0750c\1\0\0\0\xff80\xffff"C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE" /p ""\0\xfff0\xffff\x686c\1\x06e0c\x76f\x559f\xffa8\xffff\x6b6e \x9f28\xb8d7\x8b30\x1c2\0\0\x04a8c\1\0\0\0\x0958c\xffff\xffff\0\0\xffff\xffff\x1e0\0\xffff\xffff\16\0\0\0\0\0\0\0\0\0\a\0\x7270\x6e69\x7474o\xffd8\xffff\x686c\3\x0528c\xc54a>\x0670c\xbe15\x930\x07e0c\x8ac0\x25a8\x8d0c\x7485\xfffb\x50ff\xffa8\xffff\x6b6e \x9f28\xb8d7\x8b30\x1c2\0\0\x07e0c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0398c\x1e0\0\xffff\xffff\0\0\0\0\0\0\x9c\0\0\0\a\0\x6f63\x6d6d\x6e61d\xff60\xffff"C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE" /pt "" "" "" ""\0\xfff0\xffff\x686c\1\x0860c\x76f\x559f\xffa0\xffff\x6b6e \x4486\x1090\x8b31\x1c2\0\0\x3b0\0\2\0\0\0\x0bb8c\xffff\xffff\1\0\x0a30c\x1e0\0\xffff\xffff\f\0\0\0\0\0F\0\0\0\17\0\x5357\x7263\x7069\x2e74\x654e\x7774\x726fk\xffe8\xffff\x6b76\0F\0\x09e0c\1\0\0\0\xffb0\xffffWindows Script Host Network Object\0\0\0\0\xfff8\xffff\x09c8c\xffa8\xffff\x6b6e \xc9ba\x90f4\xf0b\x1c6\0\0\x0968c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0b00c\x1e0\0\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0\x4c43\x4953D\0\xffe8\xffff\x6b76\0N\0\x0aa8c\1\0\0\0\xffa8\xffff{093FF999-1EA0-4079-9525-9614C3504B74}\0\0\0\0\xfff8\xffff\x0a90c\xfff8\xffff\x0c38c\xfff8\xffff\x0de0c\xffa8\xffff\x6b6e \x4486\x1090\x8b31\x1c2\0\0\x0968c\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x0bb0c\x1e0\0\xffff\xffff\0\0\0\0\0\0$\0\0\0\6\0\x7543\x5672\x7265\0\xffe8\xffff\x6b76\0$\0\x0b88c\1\0\0\0\xffd8\xffffWScript" scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-03 11:27:20 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-03 11:26 --- E O F --- Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:27:22, on 2007-08-03 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Documents and Settings\Propriétaire\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?5581580425ff4ece971c56de912d3dd0 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?5581580425ff4ece971c56de912d3dd0 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://corbeaublack.wordpress.com/ O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - http://images.staracademie.ca/fondsdecran/sa2_800_marting.jpg

wassimous · Answer

Re

Est-ce que t’a toujours le problème d’apparition de  plusieurs fenêtres de pub ?


Pour le problème de ralentissement


D’abord on commence par la :


pour libérer plus d' espace 

*Désinstallas les programmes inutiles 

Va dans le Panneau de Configuration >> Ajout/Suppression de programmes, et désinstalle/supprime , tout les programmes que tu n'utilise pas 

Pour les lenteurs au démarrage : 

*Désactive les programmes inutiles au démarrage pour gagner en performance et un démarrage plus rapide : 
- Menu Démarrer puis exécuter 
- Tape msconfig dans le champs et clic sur OK 
- Dans la nouvelle fenêtre clic sur l'onglet démarrage en haut à droite 
- Décoche tous les programmes laissées coché seulement ton antivirus (symantec) et ton antispyware ( grisoft avg antispyware) 

- Clic sur OK /appliquer/redémarrer maintenant 
-au redémarrage une petite fenêtre s'affiche coche ne plus afficher ce message 


pour les lenteur global 


*Nettoyé ton ordinateur avec CCleaner : https://www.malekal.com/tutoriel-ccleaner/ 


*Désactive l'affichage des miniature des vidéos qui a tendance a faire planter le pc 


-Menu Démarrer / executer / tapes : regsvr32 -u shmedia.dll et tu clics sur OK 

*Effectues un scan disk pour réparer les erreurs 

- Va dans le Menu : Démarrer / executer / cmd et tu clics sur OK. Dans la nouvelle fenêtre, tape chkdsk /F /R c: 
Il va te dire qu'il ne peut pas scanner une partition montée et va te proposer de scanner au redémarrage, accepte et redémarre l'ordinateur. 

Au redémarrage ne touche a rien jusqu'a la fin du scan 

*Effectues une défragmentation pour gagné en performance 
https://www.thesiteoueb.net/faq-astuces/fiche-pratique-426-comment-defragmenter-un-disque-dur-sous-xp.html

télécharge et exécutes 

AVG anti spyware 
https://www.01net.com/ 

(n'oublie pas de le mettre a jour avant de lancer le scan) 


Relance AVG AS puis choisis l'onglet "Analyse" 
Puis l'onglet "Paramètres" 
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine" 
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système" 

/!\ Si un fichier est infecté en fin d'analyse /!\ 
Clique sur "Appliquer toutes les actions " 

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous" 


Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici

peanut2001 · Answer

Salut.
Pour les pages de pub plus de problème, mais je crois que j'ai encore des problèmes de spyware.
Voici le rapport.

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	21:41:11 2007-08-05

 + Résultat de l'analyse:	



C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249778.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249781.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249782.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249783.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249791.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249798.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249799.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249803.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249804.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249805.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249810.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249811.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249812.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249813.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249815.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249816.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249817.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249821.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249822.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249825.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249826.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249830.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249831.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249834.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249839.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249850.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249853.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249854.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249861.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249863.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249864.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249873.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249874.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249875.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249876.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249877.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249878.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249879.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1551\A0250895.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1527\A0243093.rbf -> Backdoor.MSNMaker.ae : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249777.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249784.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249786.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249788.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249789.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249796.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249801.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249807.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249820.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249829.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249836.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249838.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249842.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249843.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249844.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249845.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249847.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249856.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249860.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249866.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249869.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249883.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1553\A0250993.exe -> Downloader.Tiny.id : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1553\A0250996.exe -> Downloader.Tiny.id : Nettoyé.
C:\Documents and Settings\Default User\Cookies\propriétaire@dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\Default User\Cookies\propriétaire@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\Default User\Cookies\propriétaire@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Default User\Cookies\propriétaire@search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249780.exe -> Trojan.Agent.anr : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249785.exe -> Trojan.Agent.anr : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249787.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249792.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249793.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249797.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249800.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249802.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249809.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249814.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249824.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249828.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249835.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249837.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249840.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249841.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249851.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249855.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249859.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249862.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249865.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249867.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249872.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{B25867E0-BA62-407E-A9D6-B7004404E748}\RP1550\A0249881.exe -> Trojan.Agent.aoy : Nettoyé.


Fin du rapport

wassimous · Answer

Re,

Ton ordi rame toujours autant ?

aussi post un nouveau log HijackThis stp ?

@++

peanut2001 · Answer

Pour ramer oui...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:47:34, on 2007-08-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?5581580425ff4ece971c56de912d3dd0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?5581580425ff4ece971c56de912d3dd0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://corbeaublack.wordpress.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://images.staracademie.ca/fondsdecran/sa2_800_marting.jpg

peanut2001 · Answer

Salut encore.
J'ai désinstallé quelque programmes mais j'ai peur de suprimer des choses importantes.
Je post un nouveau log HijackThis.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:31:31, on 2007-08-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://corbeaublack.wordpress.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://images.staracademie.ca/fondsdecran/sa2_800_marting.jpg

wassimous · Answer

Slt

pour ton log il semble clean, pas de soucies

si t'a supprimer beaucoup de programmes, fai un défragmentage de disque

voila, di moi quoi ?

@++

peanut2001 · Answer

Merci beaucoup pour ton aide wassimous.
Je vais essayer de fonctionner comme ça pour un bout de temp, l'ordi rame encore un peu si je me tanne je vais le formater,
Merci encore peanut2001.

wassimous · Answer

Re

bon courage

@++

Ordi extremement lent....

19 réponses

Discussions similaires

Newsletters