Trojan win32 obfuscated ...

Invité

Coucou,

Bon me voilà bien embétée... colere

ouey je suis vraiment pas douée en informatique et il se trouve que j'ai une saleté de trojan qui se balade sur mon pc et qui je crois le fais ramer et m'ouvre plein de pop up...Bref pourrait-on m'aider ? hein

ça serait super sympa. J'ai vu que j'étais pas la seule à avoir ce problème mais j'ai préféré ouvrir un nouveau post histoire que ça soit plus clair. En bref méa coulpa s'il fallait pas et s'il fallait juste suivre la même manoeuvre que celle expliquée pour les autres victimes de ce trojan.

Merci d'avance.

Ha mince du coup j'en oublie de poster le rapport :::

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:11:32, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mr\Bureau\Doc\abcde.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tfqdgfhumcgepkb.com/1epsa1ZyZqUiiMc8PzfX3tL3zke1OmIs7TQiJf0AcftvyX0Ywh/iwJsKSZDF/Ysf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vtnouitfzqtqulhuujhflxsbp.com/1epsa1ZyZqVgixCA2BoG8n/hoznbEhngRjQtfKdq9IQ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BA3E37ED-92CA-16EF-36C6-FCE33577C90F} - (no file)
O2 - BHO: (no name) - {E1FDC24B-0F14-12B7-60FF-E705F1A251C3} - (no file)
O2 - BHO: (no name) - {FCAFFC14-BD46-408A-9842-CDBE1C6D37FF} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [Itch tick body settings] C:\Documents and Settings\All Users\Application Data\Webmagsitchtick\Proc idol.exe
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [THIS BLAH] C:\DOCUME~1\Mr\APPLIC~1\ThirdHtm\MealSecond.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://espacemorbide.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Mr/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeuxenligne.orange.fr/GameShell/online/fr/Diner_Dash/DinerDash.1.0.0.4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/Mr/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{831E7180-3418-4097-A80D-64C6E495E78F}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{831E7180-3418-4097-A80D-64C6E495E78F}: NameServer = 80.10.246.1 80.10.246.132
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kavsvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 12391 bytes

Bonjour Alindwi

Tu as bien fait d'ouvrir un nouveau sujet niquel

Rien de bien grave nous allons régler ton problème

Télécharge lopxp
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip

dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fais un copier-coller du rapport puis mets le ici

Invité

Coucou et merci de ta réponse ultra rapide. Merci aussi pour ce forum, je suis entrain de fureter un peu partout et on y apprend des choses bien utiles !!!

Voilà le rapport :

Rapport lopxpMH2 version 2.0 fait à 14:54:44,59 le 16/08/2007
C:\Documents and Settings\Mr\Bureau\lop\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\All Users\Application Data

04/12/2002 18:06 <REP> .
04/12/2002 18:06 <REP> ..
17/08/2006 12:12 <REP> Anti-Virus Personal
06/09/2006 23:00 <REP> CanonBJ
21/09/2006 17:34 <REP> Google
15/08/2007 22:38 <REP> Grisoft
27/10/2004 09:05 <REP> HEART EXIT CREATIVE CAST
02/05/2005 22:55 <REP> Macrovision
02/06/2005 14:28 <REP> Messenger Plus!
04/12/2002 18:06 <REP> Microsoft
27/01/2003 19:25 <REP> MSN6
03/08/2007 15:55 <REP> PlayFirst
05/08/2007 00:09 <REP> PopCap
25/01/2007 11:45 <REP> QuickTime
22/10/2006 21:09 <REP> Sandlot Games
04/12/2002 18:21 <REP> SBSI
07/01/2007 12:17 <REP> ScanSoft
13/08/2004 13:46 <REP> Spybot - Search & Destroy
06/09/2006 22:57 <REP> SSScanAppDataDir
06/09/2006 22:57 <REP> SSScanWizard
28/01/2003 17:20 <REP> Symantec
29/01/2007 15:16 <REP> TEMP
06/03/2005 18:04 <REP> TuneUp Software
31/08/2005 09:27 <REP> Webmagsitchtick
27/07/2005 23:04 <REP> Windows Genuine Advantage
04/07/2007 18:59 <REP> WinZip
01/08/2004 17:03 <REP> Zylom
14/02/2006 15:26 305 addr_file.html
04/12/2002 18:06 62 desktop.ini
2 fichier(s) 367 octets
27 Rép(s) 26 665 709 568 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\Default User\Application Data

04/12/2002 18:06 <REP> .
04/12/2002 18:06 <REP> ..
10/01/2003 11:52 <REP> Adobe
04/12/2002 18:14 <REP> Identities
10/01/2003 11:52 <REP> InterTrust
10/01/2003 11:52 <REP> InterVideo
04/12/2002 18:06 <REP> Microsoft
10/01/2003 11:52 <REP> OFFICE One v6
04/12/2002 18:06 62 desktop.ini
10/01/2003 11:52 281 OFFICE One v6response.oon
2 fichier(s) 343 octets
8 Rép(s) 26 665 697 280 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

04/12/2002 18:06 <REP> .
04/12/2002 18:06 <REP> ..
10/01/2003 11:52 <REP> ApplicationHistory
10/01/2003 11:52 <REP> Microsoft
10/01/2003 11:52 135 fusioncache.dat
10/01/2003 11:52 5 319 592 IconCache.db
2 fichier(s) 5 319 727 octets
4 Rép(s) 26 665 697 280 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\LocalService\Application Data

04/12/2002 18:19 <REP> .
04/12/2002 18:19 <REP> ..
04/12/2002 18:19 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 26 665 697 280 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

04/12/2002 18:19 <REP> .
04/12/2002 18:19 <REP> ..
04/12/2002 18:19 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 26 665 697 280 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\Mr\Application Data

10/01/2003 11:53 <REP> .
10/01/2003 11:53 <REP> ..
10/01/2003 11:53 <REP> Adobe
03/12/2004 17:58 <REP> Atari
29/01/2007 17:30 <REP> ATI
19/08/2006 10:38 <REP> BitTorrent
06/09/2006 23:21 <REP> Canon
20/06/2007 12:08 <REP> eMule
12/06/2004 09:58 <REP> FUJIFILM
21/09/2006 17:51 <REP> Google
15/08/2007 22:38 <REP> Grisoft
10/02/2003 17:46 <REP> Help
10/01/2003 11:53 <REP> Identities
20/05/2007 21:22 <REP> InstallShield
10/01/2003 11:53 <REP> InterTrust
10/01/2003 11:53 <REP> InterVideo
24/10/2004 12:07 <REP> Lavasoft
21/11/2005 17:18 <REP> Lionhead Studios
04/08/2006 19:17 <REP> log show
13/05/2003 17:20 <REP> Macromedia
10/01/2003 11:53 <REP> Microsoft
30/04/2003 13:30 <REP> Microsoft Web Folders
13/06/2004 19:46 <REP> Mozilla
27/01/2003 19:25 <REP> MSN6
10/01/2003 11:53 <REP> OFFICE One v6
04/09/2004 16:02 <REP> Orphée Développement
13/06/2004 19:46 <REP> Phoenix
03/08/2007 15:55 <REP> PlayFirst
02/02/2004 00:08 <REP> Real
06/09/2006 22:57 <REP> ScanSoft
29/01/2007 17:00 <REP> SecondLife
17/08/2006 12:12 <REP> SpamTest
10/05/2007 08:26 <REP> Sun
28/01/2003 17:20 <REP> Symantec
29/10/2004 23:01 <REP> Talkback
14/01/2006 18:19 <REP> teamspeak2
01/05/2006 10:27 <REP> ThirdHtm
26/10/2004 12:53 <REP> TuneUp Software
24/01/2007 20:57 <REP> vlc
22/10/2006 21:09 <REP> Zylom
10/01/2003 11:53 62 desktop.ini
10/01/2003 11:53 271 OFFICE One v6response.oon
2 fichier(s) 333 octets
40 Rép(s) 26 665 693 184 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\Mr\Local Settings\Application Data

10/01/2003 11:53 <REP> .
10/01/2003 11:53 <REP> ..
10/01/2003 11:53 <REP> ApplicationHistory
29/01/2007 17:30 <REP> ATI
21/09/2006 17:51 <REP> Google
10/02/2003 17:46 <REP> Help
28/01/2003 18:00 <REP> Identities
10/01/2003 11:53 <REP> Microsoft
03/08/2007 15:55 <REP> Oberon Media
31/03/2004 12:10 <REP> Panda Software
29/01/2003 17:43 182 272 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
10/01/2003 11:53 125 fusioncache.dat
28/06/2004 11:56 23 072 GDIPFONTCACHEV1.DAT
10/01/2003 11:53 2 109 662 IconCache.db
4 fichier(s) 2 315 131 octets
10 Rép(s) 26 665 693 184 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\NetworkService\Application Data

04/12/2002 18:19 <REP> .
04/12/2002 18:19 <REP> ..
04/12/2002 18:19 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 26 665 693 184 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

04/12/2002 18:19 <REP> .
04/12/2002 18:19 <REP> ..
04/12/2002 18:19 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 26 665 693 184 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

04/12/2002 18:18 <REP> .
04/12/2002 18:18 <REP> ..
10/01/2003 11:52 <REP> Adobe
04/12/2002 18:18 <REP> Identities
10/01/2003 11:52 <REP> InterTrust
10/01/2003 11:52 <REP> InterVideo
04/12/2002 18:18 <REP> Microsoft
10/01/2003 11:52 <REP> OFFICE One v6
30/12/2003 09:10 <REP> Symantec
04/12/2002 18:18 62 desktop.ini
10/01/2003 11:52 281 OFFICE One v6response.oon
2 fichier(s) 343 octets
9 Rép(s) 26 665 689 088 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

04/12/2002 18:18 <REP> .
04/12/2002 18:18 <REP> ..
10/01/2003 11:52 <REP> ApplicationHistory
10/01/2003 11:52 <REP> Microsoft
10/01/2003 11:52 135 fusioncache.dat
10/01/2003 11:52 5 319 592 IconCache.db
2 fichier(s) 5 319 727 octets
4 Rép(s) 26 665 689 088 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

C:\WINDOWS\Tasks\A697937790A40673.job
s "ˆ!Ö 1 c : \ d o c u m e ~ 1 \ m r \ a p p l i c ~ 1 \ t h i r d h t m \ B y t e P o p A c i d . e x e M r € 0 Ë

C:\WINDOWS\Tasks\Maintenance
Maintenance inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4B2-4A93

Répertoire de C:\Program Files

15/08/2007 22:38 <REP> .
15/08/2007 22:38 <REP> ..
04/12/2002 19:06 <REP> Adobe
13/12/2002 13:16 <REP> ahead
06/09/2006 22:54 <REP> ArcSoft
13/08/2007 18:46 <REP> a-squared Free
29/01/2007 17:22 <REP> ATI Technologies
06/09/2006 22:53 <REP> Canon
05/02/2007 20:52 <REP> directx
19/02/2003 20:04 <REP> DivX
04/01/2005 20:26 <REP> ECI Telecom
20/06/2007 12:08 <REP> eMule
11/08/2007 20:27 <REP> Fichiers communs
22/01/2007 19:40 <REP> FinePixViewer
04/12/2002 18:17 <REP> Formation Multimédia Interactive
21/09/2006 18:11 <REP> Google
15/08/2007 22:38 <REP> Grisoft
24/04/2007 15:02 <REP> GUILD WARS
12/03/2005 13:54 806 INSTALL.LOG
04/08/2007 19:53 <REP> Internet Explorer
10/01/2003 11:53 <REP> InterVideo
10/05/2007 08:25 <REP> Java
13/08/2007 21:43 <REP> jeuxpc
04/01/2004 15:41 <REP> K-Lite Codec Pack
22/09/2006 21:34 <REP> Lavasoft
11/02/2005 10:44 <REP> messenger
13/12/2006 10:21 <REP> Micro Application
30/04/2003 13:29 <REP> microsoft frontpage
13/12/2005 12:47 <REP> Microsoft Office
30/04/2003 13:33 <REP> Microsoft Visual Studio
27/10/2004 08:57 <REP> Movie Maker
29/10/2004 11:16 <REP> MSN
04/12/2002 18:11 <REP> MSN Gaming Zone
27/03/2007 23:28 <REP> MSN Messenger
18/11/2006 15:03 <REP> MSXML 4.0
27/10/2004 08:53 <REP> NetMeeting
05/12/2002 13:30 <REP> NVIDIA DEMOS
30/04/2003 13:26 <REP> OFFICE One6.0
04/08/2007 00:24 <REP> orange
13/06/2007 23:42 <REP> Outlook Express
28/02/2006 00:26 <REP> Philips ToUcam Camera
12/06/2004 09:44 <REP> PIXELA
25/10/2004 11:31 <REP> Plus!
24/01/2007 20:51 <REP> QuickTime
15/02/2003 17:35 <REP> quik
28/02/2006 11:25 <REP> Real
24/10/2004 12:03 <REP> RegCleaner
12/06/2004 09:39 <REP> REGSHAVE
06/09/2006 22:56 <REP> ScanSoft
04/12/2002 18:13 <REP> Services en ligne
24/01/2007 15:33 <REP> SLD Codec Pack
13/02/2007 17:05 <REP> Smotus
02/05/2007 10:39 <REP> SystemRequirementsLab
14/01/2006 18:19 <REP> Teamspeak2_RC2
04/12/2002 18:59 <REP> Trend Micro
12/06/2007 14:29 <REP> TuneUp Utilities 2004
28/02/2006 00:24 <REP> Ulead Systems
05/02/2007 20:52 <REP> VGA USB Camera
24/01/2007 20:52 <REP> VideoLAN
28/02/2006 00:25 <REP> VideoLink Mail
28/02/2003 19:35 <REP> Viewpoint
16/08/2007 13:02 <REP> Wanadoo
25/08/2005 17:18 <REP> Winamp3
17/11/2005 01:17 <REP> Windows Journal Viewer
18/02/2006 02:10 <REP> Windows Media Player
27/10/2004 08:52 <REP> Windows NT
23/01/2005 18:22 <REP> WinRAR
02/08/2007 12:53 <REP> World of Warcraft
30/07/2007 23:27 <REP> WowCartographe
04/12/2002 18:15 <REP> xerox
1 fichier(s) 806 octets
69 Rép(s) 26 665 684 992 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.jdr-walachia.org REG_BINARY
*.zylomgames.com REG_BINARY 00000000
*.zylom.com REG_BINARY 00000000
dns-look-up.com REG_SZ
www.dns-look-up.com REG_SZ
searchweb2.com REG_SZ
www.searchweb2.com REG_SZ
*.system-processes.com REG_BINARY

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://www.tfqdgfhumcgepkb.com/1epsa1ZyZqUiiMc8PzfX3tL3zke1OmIs7TQiJf0AcftvyX0Ywh/iwJsKSZDF/Ysf.html

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Itch tick body settings REG_SZ C:\Documents and Settings\All Users\Application Data\Webmagsitchtick\Proc idol.exe
KAVPersonal50 REG_SZ "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe" /minimize

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
THIS BLAH REG_SZ C:\DOCUME~1\Mr\APPLIC~1\ThirdHtm\MealSecond.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

*************** Fin du rapport ****************

Bien, fais ceci dans l'odre

¤ Fais ce nettoyage: à faire réguliérement

*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.clubic.com/telecharger-fiche14492-ccleaner.html

- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.

- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"

Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
---> http://redir.fr/gmll

¤ C:\Documents and Settings\All Users\Application Data

- HEART EXIT CREATIVE CAST
- Webmagsitchtick

C:\Documents and Settings\Mr\Application Data

- ThirdHtm

¤ Clic sur démarrer, poste de travail, C:, Windows, cherche le dossier ci-dessous et supprime son contenu :

- Tasks

**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked" (si des lignes n'apparaissent pas ce n'est pas grave)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tfqdgfhumcgepkb.com/1epsa1ZyZqUiiMc8PzfX3tL3zke1OmIs7TQiJf0AcftvyX0Ywh/iwJsKSZDF/Ysf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vtnouitfzqtqulhuujhflxsbp.com/1epsa1ZyZqVgixCA2BoG8n/hoznbEhngRjQtfKdq9IQ.html
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BA3E37ED-92CA-16EF-36C6-FCE33577C90F} - (no file)
O2 - BHO: (no name) - {E1FDC24B-0F14-12B7-60FF-E705F1A251C3} - (no file)
O2 - BHO: (no name) - {FCAFFC14-BD46-408A-9842-CDBE1C6D37FF} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Itch tick body settings] C:\Documents and Settings\All Users\Application Data\Webmagsitchtick\Proc idol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: Interface Chat Wanadoo - http://chat9.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://espacemorbide.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Mr/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeuxenligne.orange.fr/GameShell/online/fr/Diner_Dash/DinerDash.1.0.0.4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/Mr/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab

¤ Télécharge et double-clic sur ce fichier et accepte la fusion au registre, cela permettra de supprimer des traces de l'infection.
---> http://www.mediafire.com/?axzherzgkne

¤ Télécharge Clean
----> http://www.malekal.com/download/clean.zip

Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu ici stp

Invité

Ro lala j'ai bien cru que j'allais me jeter par la fenêtre...

Donc j'ai commencé à faire tout ce que tu m'avais dis sans aucun problème et je me suis arrêté à l'étape où il fallait que j'efface des fichier ( Webmagsitchtick et thirdHtm etc...). Ces deux là ne voulant pas partir j'ai voulu redémarrer en mode sans échec...et là malheur... mon pc n'a plus voulu démarrer...que dalle. IL arrivait à un écran bleu... et s'éteignait...pendant deux heures il m'a fait ça...j'ai bien cru que j'allais devoir formater..... j'en avais la larme à l'oeil sérieux....
Est ce que tu crois que c'est le nettoyage de ccleaner qui a destabilisé mon pc ? j'ai un peu peur de redémarrer maintenant.... sérieux si je peux plus jouer à wow...hahahh je me pends...(j'rigole hein,allez je m'auto-flagelle seulement) colere

Si tu as suivis ce que je t'ai indiqué avec CCleaner pas de problème à avoir, maintenant, si tu as fais à ta guise, il se peut qu'il y est des problèmes, mais rien de grvae puisque CCleaner sert à effectuer le nettoyage et ton PC en avait bien besoin à mon avis.

Dis-moi où tu en es, car je doute que ton PC soit propre $clin d\\'oeil$

Invité

Arg ça m'énerve.... j'essaie de redémarrer le pc en mode sans échec mais quand je fais ça il ne démarre plus. Et il faut que je le laisse éteint au moins un quart d'heure pour qu'il veuille bien démarrer normalement donc je sais pas du tout d'où ça vient. Donc je n'ai tjrs pas supprimer les deux fichiers que tu m'a indiqué (Webmagsitchtick et thirdHtm), donc j'imagine que c'est pas la peine que je fasse la suite de ce que tu m'a indiqué si ?

Rend toi sur cette page et télécharge unlocker.
https://kerio.probb.fr/Windows-c1/Apprendre-a-mieux-maitriser-Windows-f4/Supprimer-un-fichier-qui-vous-resiste-t40.htm
Installe-le, retourne à l'endroit ou sont situé les deux dossiers, tu fais un clic droit dessus, tu choisis unlocker, tu clic sur "tout débloquer" si besoin et ensuite un nouveau clic droit dessus, choisis unlocker et là tu choisis "effacer".

Ensuite, dès qu'ils sont effacés, tu peux faire la suite

Invité

Excuse moi mais tu veux dire quoi par ''accepte la fusion au registre '' ? car j'ai bien le fichier sur mon pc mais quand je double clique il se passe rien.

Double-clic gauche ne donne rien ? Si tel est le cas, passe à la suite on y reviendra dessus plus tard $clin d\\'oeil$

Invité

Okay voila mon rapport avec Clean

16/08/2007 a 20:08:49,17

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\UnGins.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\bho plugin" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !

Avec Unlocker, supprime ces dossiers et ce processus

C:\Program Files\bho plugin
C:\Program Files\Viewpoint
C:\WINDOWS\UnGins.exe

Dès que c'est fait, fais ceci :

¤ Télécharge ComboFix sur ton bureau
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ferme ton navigateur web avant d'exécuter ce programme.
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici

PS : il se peut qu'il y est un autre rapport colle son contenu ici aussi.

Invité

Okay alors il doit y avoir un bleme parce que quand je lance combofix il me met un message d'erreur c/windows/regedit.exe is missing...

Ton PC est pas en forme !
Normal que la correction avec le fichier .reg ne fonctionne pas..

Télécharge ceci. Tu as le fichier regedit.exe
Tu le prends et tu le places dans le dossier C:/WINDOWS
http://www.mediafire.com/?42uw0cmu1il

Dès que c'est fait, redémarre ton PC normalement.
Dès que celui-ci a redémarré, double-clic sur le fichier .reg de tout à l'heure puis essaye à nouveau de faire Combofix

Invité

OUey c'est clair j'ai même l'impression qu'il va falloir que je formate tout ... donc quand je double clique sur le fichier.reg ça me met :
impossible d'importer c:\documents and settings\mr\bureau\Alindwi.reg : erreur d'acces au registre

Et quand je lance combofix l'ordi redémarre après un moment mais ensuite combofix ne peut pas afficher de rapport car ''le chemin d'acces est introuvable""

Le formatage solutionnera certainement ton problème, mais est-ce vraiment une solution ? $clin d\\'oeil$

Tu peux laisser regedit où il est, pas de problème

Fais ceci

¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 90 days
- Registry Run Key
- Loaded modules

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

Invité

Voici le rapport

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 2007-08-16
Time: 23:25:08

Output limited to:
-Recent files
-Registry Run Keys
-Loaded Dlls

===================== Recent files (90 days old)=====================

----- recent files in C:\
04-08-2007 23:07:51 56039 byte 12 days old -- playground.log
13-08-2007 12:12:56 24866636 byte 3 days old -- xscan.txt
13-08-2007 19:09:56 4607 byte 3 days old -- install_comp.txt
16-08-2007 16:13:54 (DIR) 0 byte 0 days old -- Config.Msi
16-08-2007 20:09:03 357 byte 0 days old -- rapport_clean.txt
16-08-2007 20:20:30 (DIR) 0 byte 0 days old -- Program Files
16-08-2007 21:02:01 (DIR) 0 byte 0 days old -- WINDOWS
16-08-2007 21:06:33 (DIR) 0 byte 0 days old -- QooBox
16-08-2007 21:27:57 (DIR) 0 byte 0 days old -- ComboFix
16-08-2007 23:11:59 (DIR)402653184 byte 0 days old -- pagefile.sys
16-08-2007 23:12:09 536399872 byte 0 days old -- hiberfil.sys
16-08-2007 23:25:07 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
03-08-2007 15:52:05 (DIR) 0 byte 13 days old -- Help
05-08-2007 22:54:35 286720 byte 11 days old -- PATCH.EXE
05-08-2007 22:54:36 69689 byte 11 days old -- UNZIP.DLL
05-08-2007 22:54:36 507904 byte 11 days old -- TMUPDATE.DLL
05-08-2007 22:59:18 (DIR) 0 byte 11 days old -- AU_Backup
24-05-2007 00:20:56 (DIR) 0 byte 84 days old -- $NtUninstallKB927891$
13-06-2007 15:22:28 1037312 byte 64 days old -- explorer.exe
13-06-2007 23:39:59 (DIR) 0 byte 64 days old -- $NtUninstallKB935839$
13-06-2007 23:42:06 (DIR) 0 byte 64 days old -- $NtUninstallKB935840$
13-06-2007 23:42:18 (DIR) 0 byte 64 days old -- $NtUninstallKB929123$
17-06-2007 00:11:58 51200 byte 60 days old -- nircmd.exe
21-06-2007 12:50:40 (DIR) 0 byte 56 days old -- SoftwareDistribution
20-07-2007 00:47:22 109056 byte 27 days old -- catchme.exe
13-08-2007 10:21:02 170 byte 3 days old -- GetServer.ini
13-08-2007 10:22:29 86094 byte 3 days old -- BPMNT.dll
13-08-2007 10:22:29 37899441 byte 3 days old -- LPT$VPN.647
13-08-2007 10:22:29 37899441 byte 3 days old -- VPTNFILE.647
13-08-2007 10:22:31 267845 byte 3 days old -- tsc.exe
13-08-2007 10:22:31 71749 byte 3 days old -- HCExtOutput.dll
13-08-2007 10:22:31 1163344 byte 3 days old -- vsapi32.dll
13-08-2007 10:22:33 (DIR) 0 byte 3 days old -- AU_Temp
13-08-2007 10:22:33 1859486 byte 3 days old -- tsc.ptn
13-08-2007 10:23:14 (DIR) 0 byte 3 days old -- report
13-08-2007 12:12:56 823 byte 3 days old -- TSC.ini
16-08-2007 12:44:31 (DIR) 0 byte 0 days old -- $hf_mig$
16-08-2007 14:54:44 (DIR) 0 byte 0 days old -- Prefetch
16-08-2007 16:07:18 (DIR) 0 byte 0 days old -- Minidump
16-08-2007 16:13:28 (DIR) 0 byte 0 days old -- $NtUninstallKB936782_WMP10$
16-08-2007 16:13:53 (DIR) 0 byte 0 days old -- WinSxS
16-08-2007 16:13:54 (DIR) 0 byte 0 days old -- Installer
16-08-2007 16:17:14 (DIR) 0 byte 0 days old -- $NtUninstallKB938829$
16-08-2007 16:17:24 (DIR) 0 byte 0 days old -- $NtUninstallKB921503$
16-08-2007 16:17:34 (DIR) 0 byte 0 days old -- $NtUninstallKB938828$
16-08-2007 16:17:43 (DIR) 0 byte 0 days old -- $NtUninstallKB936021$
16-08-2007 16:21:44 90112 byte 0 days old -- DUMP4d16.tmp
16-08-2007 16:31:04 (DIR) 0 byte 0 days old -- inf
16-08-2007 17:14:10 90112 byte 0 days old -- DUMP2c7e.tmp
16-08-2007 18:20:47 (DIR) 0 byte 0 days old -- Tasks
16-08-2007 18:26:09 90112 byte 0 days old -- DUMP2cdc.tmp
16-08-2007 18:59:13 (DIR) 0 byte 0 days old -- Debug
16-08-2007 19:39:58 (DIR) 0 byte 0 days old -- Downloaded Program Files
16-08-2007 20:22:21 (DIR) 0 byte 0 days old -- system32
16-08-2007 20:35:57 153088 byte 0 days old -- regedit.exe
16-08-2007 20:36:29 748 byte 0 days old -- setupapi.log
16-08-2007 21:06:52 (DIR) 0 byte 0 days old -- erdnt
16-08-2007 23:12:19 2048 byte 0 days old -- bootstat.dat
16-08-2007 23:13:13 0 byte 0 days old -- wiaservc.log
16-08-2007 23:13:35 159 byte 0 days old -- wiadebug.log
16-08-2007 23:13:57 0 byte 0 days old -- 0.log
16-08-2007 23:15:14 1565303 byte 0 days old -- WindowsUpdate.log
16-08-2007 23:18:01 (DIR) 0 byte 0 days old -- Temp
11-07-2007 22:54:17 (DIR) 0 byte 36 days old -- $NtUninstallKB936357$
12-07-2007 08:30:25 (DIR) 0 byte 35 days old -- assembly
12-07-2007 08:30:30 (DIR) 0 byte 35 days old -- Microsoft.NET

----- recent files in C:\WINDOWS\Downloaded Program Files\
15-06-2007 09:02:06 632392 byte 62 days old -- OberonGameHost.dll
09-07-2007 12:27:04 2377088 byte 38 days old -- Rawflow.ocx

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
03-08-2007 06:34:10 16789464 byte 13 days old -- MRT.exe
19-06-2007 15:32:25 282112 byte 58 days old -- gdi32.dll
26-06-2007 08:09:14 1104896 byte 51 days old -- msxml3.dll
27-06-2007 09:00:33 161792 byte 50 days old -- ieakui.dll
27-06-2007 10:27:04 63488 byte 50 days old -- ie4uinit.exe
27-06-2007 10:27:05 13824 byte 50 days old -- ieudinit.exe
27-06-2007 15:22:39 124928 byte 50 days old -- advpack.dll
27-06-2007 15:22:40 153088 byte 50 days old -- ieakeng.dll
27-06-2007 15:22:40 132608 byte 50 days old -- extmgr.dll
27-06-2007 15:22:42 230400 byte 50 days old -- ieaksie.dll
27-06-2007 15:22:45 383488 byte 50 days old -- ieapfltr.dll
27-06-2007 15:22:48 384512 byte 50 days old -- iedkcs32.dll
27-06-2007 15:23:23 44544 byte 50 days old -- iernonce.dll
27-06-2007 15:23:23 6058496 byte 50 days old -- ieframe.dll
27-06-2007 15:23:25 267776 byte 50 days old -- iertutil.dll
27-06-2007 15:23:31 1824256 byte 50 days old -- inetcpl.cpl
27-06-2007 15:23:31 27648 byte 50 days old -- jsproxy.dll
27-06-2007 15:23:32 459264 byte 50 days old -- msfeeds.dll
27-06-2007 15:23:32 52224 byte 50 days old -- msfeedsbs.dll
27-06-2007 15:24:06 477696 byte 50 days old -- mshtmled.dll
27-06-2007 15:24:07 193024 byte 50 days old -- msrating.dll
27-06-2007 15:24:09 671232 byte 50 days old -- mstime.dll
27-06-2007 15:24:09 102400 byte 50 days old -- occache.dll
27-06-2007 15:24:10 105984 byte 50 days old -- url.dll
27-06-2007 15:24:14 1152000 byte 50 days old -- urlmon.dll
27-06-2007 15:24:15 232960 byte 50 days old -- webcheck.dll
27-06-2007 15:24:19 823808 byte 50 days old -- wininet.dll
19-07-2007 08:58:09 3583488 byte 28 days old -- mshtml.dll
22-07-2007 18:39:27 279552 byte 25 days old -- swreg.exe
13-08-2007 19:09:53 (DIR) 0 byte 3 days old -- Macromed
16-08-2007 16:12:01 459100 byte 0 days old -- perfh00C.dat
16-08-2007 16:12:01 992290 byte 0 days old -- PerfStringBackup.INI
16-08-2007 16:12:01 392872 byte 0 days old -- perfh009.dat
16-08-2007 16:12:01 58790 byte 0 days old -- perfc009.dat
16-08-2007 16:12:01 71058 byte 0 days old -- perfc00C.dat
16-08-2007 16:17:44 (DIR) 0 byte 0 days old -- dllcache
16-08-2007 18:40:22 1158 byte 0 days old -- wpa.dbl
16-08-2007 20:35:39 (DIR) 0 byte 0 days old -- CatRoot2
16-08-2007 21:02:18 (DIR) 0 byte 0 days old -- drivers
16-08-2007 21:07:04 (DIR) 0 byte 0 days old -- config
22-04-2009 21:24:48 256 byte -615 days old -- imail40.rtl

----- recent files in C:\WINDOWS\system32\drivers\
30-05-2007 14:10:42 10872 byte 78 days old -- AvgAsCln.sys
08-08-2007 19:16:11 18048 byte 8 days old -- lirsgt.sys
08-08-2007 19:16:14 271360 byte 8 days old -- atksgt.sys
16-08-2007 21:21:26 (DIR) 0 byte 0 days old -- etc

----- recent files in C:\WINDOWS\temp\
16-08-2007 23:12:33 255 byte 0 days old -- WGAErrLog.txt
16-08-2007 23:14:42 409 byte 0 days old -- WGANotify.settings

----- recent files in C:\Program Files\
02-08-2007 12:53:50 (DIR) 0 byte 14 days old -- World of Warcraft
04-08-2007 00:24:08 (DIR) 0 byte 12 days old -- orange
13-06-2007 23:42:20 (DIR) 0 byte 64 days old -- Outlook Express
20-06-2007 12:08:19 (DIR) 0 byte 57 days old -- eMule
30-07-2007 23:27:20 (DIR) 0 byte 17 days old -- WowCartographe
13-08-2007 18:46:50 (DIR) 0 byte 3 days old -- a-squared Free
13-08-2007 21:43:53 (DIR) 0 byte 3 days old -- jeuxpc
13-08-2007 21:43:53 (DIR) 0 byte 3 days old -- InstallShield Installation Information
15-08-2007 22:38:17 (DIR) 0 byte 1 days old -- Grisoft
16-08-2007 15:59:53 (DIR) 0 byte 0 days old -- CCleaner
16-08-2007 16:15:10 (DIR) 0 byte 0 days old -- Internet Explorer
16-08-2007 19:05:05 (DIR) 0 byte 0 days old -- Unlocker
16-08-2007 23:16:48 (DIR) 0 byte 0 days old -- Wanadoo
11-08-2007 20:27:27 (DIR) 0 byte 5 days old -- Fichiers communs
12-06-2007 14:29:21 (DIR) 0 byte 65 days old -- TuneUp Utilities 2004

----- recent files in C:\Program Files\Fichiers communs\
04-08-2007 00:24:08 (DIR) 0 byte 12 days old -- Oberon Media
13-06-2007 23:42:20 (DIR) 0 byte 64 days old -- System
13-08-2007 21:57:42 (DIR) 0 byte 3 days old -- Sandlot Shared

----- recent files in C:\Documents and Settings\Mr\Application Data\
03-08-2007 15:55:41 (DIR) 0 byte 13 days old -- PlayFirst
20-05-2007 21:22:15 (DIR) 0 byte 88 days old -- InstallShield
20-06-2007 12:08:18 (DIR) 0 byte 57 days old -- eMule
23-07-2007 18:47:32 (DIR) 0 byte 24 days old -- Canon
15-08-2007 22:38:33 (DIR) 0 byte 1 days old -- Grisoft
16-08-2007 23:14:03 271 byte 0 days old -- OFFICE One v6response.oon

Invité

la suite :

----- recent files in C:\DOCUME~1\Mr\LOCALS~1\Temp\
16-08-2007 19:26:55 173 byte 0 days old -- jusched.log
16-08-2007 19:39:38 (DIR) 0 byte 0 days old -- XScanResult
16-08-2007 23:24:25 16384 byte 0 days old -- ~DF8C31.tmp
16-08-2007 23:24:27 (DIR) 0 byte 0 days old -- nsq19.tmp

===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"SoundMan"="SOUNDMAN.EXE"
"DSLAGENTEXE"="dslagent.exe USB"
"WOOWATCH"="C:\PROGRA~1\Wanadoo\watch.exe"
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\taskbaricon.exe"
"OESpamTest"="C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE"
"OpwareSE2"="\"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe\""
"OPSE reminder"="\"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe\" -r \"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini\""
"ATICCC"="\"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe\" runtime -Delay"
"KAVPersonal50"="\"C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe\" /minimize"
"!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
"UnlockerAssistant"="\"C:\Program Files\Unlocker\UnlockerAssistant.exe\""
"oov6multiuser.exe"="C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
@SACL=
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
@SACL=
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[runservices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]
@SACL=

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
@SACL=
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

Invité

la suite...

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:00000298
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"enabledcom"="y"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="1e413423"
"Pattern"=hex:0c,f1,fe,05,d6,86,58,a2,c6,c2,5e,e2,1e,21,b8,46,31,65,34,31,33,\
34,32,33,00,00,00,00,01,00,00,00,c4,01,00,00,c8,01,00,00,34,ca,06,00,45,9d,\
b5,71,04,00,00,00,10,00,00,00,00,00,00,00,d0,01,51,e8

[Lsa\GBG]
@Class="d0b2f192"
"GrafBlumGroup"=hex:e4,a5,db,07,a6,d0,74,04,b6

[Lsa\JD]
@Class="3965e898"
"Lookup"=hex:ab,95,98,44,89,59

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="51017e7e"
"SkewMatrix"=hex:f0,f9,7b,1f,6d,ff,9d,f5,6a,fd,9f,11,c4,cd,d7,30

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:be,16,e9,af,28,bc,c4,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,fd,fd,8f,41,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,74,8c,96,41,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,74,8c,96,41,86,c4,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Internet Connection Sharing"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection."

[SharedAccess\Epoch]
"Epoch"=dword:00002ce7

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{C41AC638-BB46-463C-BF2B-415A026F37AB}"=dword:00000001
"{FEDEF313-F8B9-4AE6-8C66-EED74A76081B}"=dword:00000001
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{7624FFE7-80BC-4AC9-B4C3-BFD9AD1BEDC4}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\Classes]

[VB and VBA Program Settings\Classes\PathNum]

[VB and VBA Program Settings\LaboPhotoExpress]

[VB and VBA Program Settings\LaboPhotoExpress\Brosse]

[VB and VBA Program Settings\LaboPhotoExpress\Couleur]

[VB and VBA Program Settings\LaboPhotoExpress\FenAide]

[VB and VBA Program Settings\LaboPhotoExpress\FenBrosse]

[VB and VBA Program Settings\LaboPhotoExpress\FenCalque]

[VB and VBA Program Settings\LaboPhotoExpress\FenHisto]

[VB and VBA Program Settings\LaboPhotoExpress\FenMesOutils]

[VB and VBA Program Settings\LaboPhotoExpress\FenNuan]

[VB and VBA Program Settings\LaboPhotoExpress\FenOutils]

[VB and VBA Program Settings\LaboPhotoExpress\FenPref]

[VB and VBA Program Settings\LaboPhotoExpress\FenScan]

[VB and VBA Program Settings\LaboPhotoExpress\Grille]

[VB and VBA Program Settings\LaboPhotoExpress\HWnd]

[VB and VBA Program Settings\LaboPhotoExpress\LassoMagnétique]

[VB and VBA Program Settings\LaboPhotoExpress\Nouveau]

[VB and VBA Program Settings\LaboPhotoExpress\Palier]

[VB and VBA Program Settings\LaboPhotoExpress\PanWindow]

[VB and VBA Program Settings\LaboPhotoExpress\Recent files]

[VB and VBA Program Settings\LaboPhotoExpress\Sélections]

[VB and VBA Program Settings\LaboPhotoExpress\Version]

[VB and VBA Program Settings\OFFICE One]

[VB and VBA Program Settings\OFFICE One\Chemins]

[VB and VBA Program Settings\OFFICE One\Versions]

[VB and VBA Program Settings\OFFICE One Coffre Fort v6]

[VB and VBA Program Settings\OFFICE One Coffre Fort v6\Ecran]

[VB and VBA Program Settings\OFFICE One Zip v6]

[VB and VBA Program Settings\OFFICE One Zip v6\Ecran]

[VB and VBA Program Settings\OFFICE One Zip v6\Options]

Invité

la suite.......

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]
@SACL=

[MountPoints2\A]
"BaseClass"="Drive"

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\F]
@SACL=
"BaseClass"="Drive"

[MountPoints2\G]
"BaseClass"="Drive"

[MountPoints2\H]
"BaseClass"="Drive"

[MountPoints2\I]
"BaseClass"="Drive"

[MountPoints2\J]
"BaseClass"="Drive"

[MountPoints2\K]
"BaseClass"="Drive"

[MountPoints2\L]
"BaseClass"="Drive"

[MountPoints2\{0899a4b0-5163-11da-ab67-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{22910d76-bc46-11d8-a62a-0050fc973904}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{23bb153a-9dc7-11d9-a7c3-00ff00300101}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{41f2d8b8-0bce-11dc-ae22-00ff00300101}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[MountPoints2\{41f2d8b8-0bce-11dc-ae22-00ff00300101}\shell]
@="None"

[MountPoints2\{41f2d8b8-0bce-11dc-ae22-00ff00300101}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{41f2d8b8-0bce-11dc-ae22-00ff00300101}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{41f59e89-27bf-11dc-ae4a-00ff00300101}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{451f8f90-07aa-11d7-be4f-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{451f8f91-07aa-11d7-be4f-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{451f8f92-07aa-11d7-be4f-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{451f8f93-07aa-11d7-be4f-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{64321aa9-a165-11da-abfd-00ff00300101}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{705bb821-3d87-11db-aceb-00ff00300101}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,00,00,00,00

[MountPoints2\{7166bdca-4d0a-11d8-a517-0050fc973904}]
"BaseClass"="Drive"

[MountPoints2\{7cd9440a-0de8-11d7-896b-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{7cd9440b-0de8-11d7-896b-806d6172696f}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,01,00,01,ee,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,08,\
03,00,00

[MountPoints2\{7cd9440c-0de8-11d7-896b-806d6172696f}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,df,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,e0,00,00,00,00,\
00,00,00

[MountPoints2\{7cd9440d-0de8-11d7-896b-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{7d0364be-083a-11d7-9fad-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{7d0364bf-083a-11d7-9fad-806d6172696f}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,01,00,01,ee,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,08,\
03,00,00

[MountPoints2\{7d0364c0-083a-11d7-9fad-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{7d0364c1-083a-11d7-9fad-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{7d88f982-0ddd-11d7-a702-e23a37450962}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00

[MountPoints2\{7d88f982-0ddd-11d7-a702-e23a37450962}\shell]
@="None"

[MountPoints2\{7d88f982-0ddd-11d7-a702-e23a37450962}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{7d88f982-0ddd-11d7-a702-e23a37450962}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{7d88f983-0ddd-11d7-a702-e23a37450962}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{931af5b0-085c-11d7-995e-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{931af5b1-085c-11d7-995e-806d6172696f}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,01,00,01,ee,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,08,\
03,00,00

[MountPoints2\{931af5b2-085c-11d7-995e-806d6172696f}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,df,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,e0,00,00,00,00,\
00,00,00

[MountPoints2\{931af5b3-085c-11d7-995e-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{9ac76d48-f39a-11da-ac78-00ff00300101}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{b61be7c0-0ddb-11d7-a700-ddb497ca3a62}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,ee,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
03,00,00

[MountPoints2\{b61be7c0-0ddb-11d7-a700-ddb497ca3a62}\shell]
@="None"

[MountPoints2\{b61be7c0-0ddb-11d7-a700-ddb497ca3a62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{b61be7c0-0ddb-11d7-a700-ddb497ca3a62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{c22617ec-090e-11d7-bf9a-806d6172696f}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,01,01,00,5f,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,0c,\
00,00,00

[MountPoints2\{c936f786-07ab-11d7-a081-806d6172696f}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,08,\
00,00,00

[MountPoints2\{c936f787-07ab-11d7-a081-cbe2c78cf8e7}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
00,00,00

[MountPoints2\{c936f787-07ab-11d7-a081-cbe2c78cf8e7}\shell]
@="None"

[MountPoints2\{c936f787-07ab-11d7-a081-cbe2c78cf8e7}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{c936f787-07ab-11d7-a081-cbe2c78cf8e7}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{c9924dfa-3527-11da-ac73-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,01,01,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,00,00,00

[MountPoints2\{d6ddeb02-69b3-11da-ab94-0050fc973904}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,09,00,00,00

[MountPoints2\{d6ddeb02-69b3-11da-ab94-0050fc973904}\folder]
@="autorun"

[MountPoints2\{d6ddeb02-69b3-11da-ab94-0050fc973904}\_Autorun]

[MountPoints2\{d6ddeb02-69b3-11da-ab94-0050fc973904}\_Autorun\DefaultIcon]
@="F:\Runaway2.ico"

[MountPoints2\{d9c07fb6-7c95-11da-abbf-0050fc973904}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{dc2a828a-2480-11d7-a32e-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{dc2a828b-2480-11d7-a32e-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,01,01,00,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,0a,00,00,00

[MountPoints2\{dc2a828b-2480-11d7-a32e-806d6172696f}\_Autorun]

[MountPoints2\{dc2a828b-2480-11d7-a32e-806d6172696f}\_Autorun\DefaultIcon]
@="D:\Game.ico"

[MountPoints2\{dc2a828c-2480-11d7-a32e-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,09,00,00,00

[MountPoints2\{dc2a828c-2480-11d7-a32e-806d6172696f}\folder]
@="autorun"

[MountPoints2\{dc2a828c-2480-11d7-a32e-806d6172696f}\Name]
@="The Sims 2"

[MountPoints2\{dc2a828c-2480-11d7-a32e-806d6172696f}\_Autorun]

[MountPoints2\{dc2a828c-2480-11d7-a32e-806d6172696f}\_Autorun\DefaultIcon]
@="E:\datas\Wanapg.ico"

[MountPoints2\{dc2a828d-2480-11d7-a32e-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{dd4bddd6-9a10-11d9-a7be-00ff00300101}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{e327a494-a6b3-11d8-a5e9-0050fc973904}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,09,\
00,00,00

[MountPoints2\{f7450e22-0dd9-11d7-a6ff-806d6172696f}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,e0,00,00,00,09,\
00,00,00

[MountPoints2\{ff9a0c3c-873e-11d8-a5ac-0050fc973904}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,09,\
00,00,00

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

[AdvancedOptions\INTERNATIONAL]
"Text"="International*"

[AdvancedOptions\INTERNATIONAL\IDN]
"Text"="Send IDN server names"

[AdvancedOptions\INTERNATIONAL\IDN_INFOBAR]
"Text"="Show Information bar for encoded addresses"

[AdvancedOptions\INTERNATIONAL\IDN_INTRANET]
"Text"="Send IDN server names for Intranet addresses"

[AdvancedOptions\INTERNATIONAL\IDN_SHOWPUNY]
"Text"="Always show encoded addresses"

[AdvancedOptions\INTERNATIONAL\UTF8_MAILTO]
"Text"="Use UTF-8 for mailto links"

[AdvancedOptions\INTERNATIONAL\UTF8_URL]
"Text"="Send UTF-8 URLs"

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

Invité

la suite..............

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{032A6019-9DAA-40f9-A3B3-34ABB0AA0947}]
"@="Q813951"
"ComponentID"="Q813951"

[Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}]
"@="Q824145"
"ComponentID"="Q824145"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"

[Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
"@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
"ComponentID"="KB922770"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\director\swdir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 7.0.0"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
"@="Q867801"
"ComponentID"="Q867801"

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub"
"@="Lecteur Windows Media Microsoft 6.4"

[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.1.4"

[Installed Components\{2757B1D6-0367-4663-877C-93ECC5C01BF6}]
"@="Q324929"
"ComponentID"="Q324929"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{29F1A835-3071-11D6-8713-0002B3281F8B}]
"ComponentID"="S360"
"@="Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Macromedia Shockwave Director 7.0.0"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}]
"@="Q837009"
"ComponentID"="Q837009"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}]
"@="Q822925"
"ComponentID"="Q822925"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{444BB824-752C-4C26-A64E-D3BB55E6662C}]
"ComponentID"="S8674611036"
"@="Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
"@="Microsoft Data Access Components KB870669"
"ComponentID"="KB870669"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{7802CCA2-D1A2-4120-BC75-CCBAECA8737D}]
"@="Microsoft .NET Framework 1.0 Hotfix (KB928367)"
"ComponentID"="M9283671036"

[Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{795d0712-722c-43ec-906a-fc5e678eada9}]
"@="Q831167"
"ComponentID"="Q831167"

[Installed Components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
"ComponentID"="KB928365"
"@="Security Update for Microsoft .NET Framework 2.0 (KB928365)"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}]
"@="Q828750"
"ComponentID"="Q828750"

[Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
"@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"ComponentID"="KB917283"

[Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}]

[Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}\040C]

[Installed Components\{BBBC6EF3-4C1A-11D6-B6E1-00B0D049139F}]
"ComponentID"="S322035"
"@="Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)"

[Installed Components\{C34F4917-ED43-439f-9023-97B0024A2B3B}]
"@="Q810847"
"ComponentID"="Q810847"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}]
"@="Q832894"
"ComponentID"="Q832894"

[Installed Components\{F1B13231-13BE-1231-5401-486BA763DEB6}]
"@=".NET Framework"
"ComponentID"=".NETFramework"

[Installed Components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
"@="Q823353"
"ComponentID"="Q823353"

[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Q330994"
"ComponentID"="Q330994"

[Installed Components\{f5de1b93-9d38-416b-b09e-aa85a8e84309}]
"@="Q818529"
"ComponentID"="Q818529"

[Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}]
"@="Q813489"
"ComponentID"="Q813489"

Invité

La suite...................

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical

-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {831E7180-3418-4097-A80D-64C6E495E78F} REG_BINARY 0F000000000000000000000000000000BDBEC446F9000000000000000000000000000000BDBEC44601000000000000000000000000000000BDBEC4462B000000000000000000000000000000BDBEC4462C000000000000000000000000000000BDBEC44606000000000000000000000000000000BDBEC446
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {831E7180-3418-4097-A80D-64C6E495E78F} REG_BINARY 0F00000000000000000000000000000045A5C446F900000000000000000000000000000045A5C4460100000000000000000000000000000045A5C4462B00000000000000000000000000000045A5C4462C00000000000000000000000000000045A5C4460600000000000000000000000000000045A5C446
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Kl1 InData REG_BINARY 8054140000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Kl1 InData REG_BINARY 0000000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Kl1 OutData REG_BINARY 06FF020000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Kl1 OutData REG_BINARY 0000000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11495 (0x2CE7)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11488 (0x2CE0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{831E7180-3418-4097-A80D-64C6E495E78F} NTEContextList REG_MULTI_SZ 0x00000003\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{831E7180-3418-4097-A80D-64C6E495E78F} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{831E7180-3418-4097-A80D-64C6E495E78F} DhcpIPAddress REG_SZ 86.205.176.166
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{831E7180-3418-4097-A80D-64C6E495E78F} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{831E7180-3418-4097-A80D-64C6E495E78F} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{831E7180-3418-4097-A80D-64C6E495E78F} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{831E7180-3418-4097-A80D-64C6E495E78F} NameServer REG_SZ 80.10.246.1 80.10.246.132
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{831E7180-3418-4097-A80D-64C6E495E78F} NameServer REG_SZ

Result compared: Different

===================== loaded Dlls =====================

*** NOTE *** Process kbqidphsfq.exe belongs to SystemScan
Already known legit dlls are not shown

------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
smss.exe pid: 500
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
------------------------------------------------------------------------------
csrss.exe pid: 580
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75ad0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75ae0000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75af0000 0x4b000 5.01.2600.3103 C:\WINDOWS\system32\winsrv.dll
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
------------------------------------------------------------------------------
winlogon.exe pid: 608
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\SYSTEM32\winlogon.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x11000 6.14.0010.4132 C:\WINDOWS\SYSTEM32\Ati2evxx.dll
0x01d90000 0x3b000 1.07.0018.0005 C:\WINDOWS\SYSTEM32\WgaLogon.dll
------------------------------------------------------------------------------
services.exe pid: 652
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x76a20000 0x53000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dbc0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b80000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll
------------------------------------------------------------------------------
lsass.exe pid: 664
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x756b0000 0xb5000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x743b0000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76730000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71c50000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x74420000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x76760000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll
0x742e0000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll
0x74370000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x74300000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x74320000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
------------------------------------------------------------------------------
ati2evxx.exe pid: 824
Command line: C:\WINDOWS\system32\Ati2evxx.exe

Base Size Version Path
0x00400000 0x6c000 6.14.0010.4132 C:\WINDOWS\system32\Ati2evxx.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00ad0000 0x10000 6.14.0010.2500 C:\WINDOWS\system32\Ati2edxx.dll
------------------------------------------------------------------------------
svchost.exe pid: 856
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77680000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x76ac0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
------------------------------------------------------------------------------
svchost.exe pid: 936
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x71ea0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\wshisn.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
------------------------------------------------------------------------------
svchost.exe pid: 1028
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x76740000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x76ac0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x00c20000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x776d0000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\HNETCFG.DLL
0x76bb0000 0x2f000 5.01.2600.2180 c:\windows\system32\credui.dll
0x4f0b0000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x1a2000 7.00.6000.0374 C:\WINDOWS\system32\wuaueng.dll
0x750c0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x71990000 0x40000 5.01.2600.2180 c:\windows\system32\MSWSOCK.dll
0x77680000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\System32\MSVCP60.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x74e40000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x742d0000 0xb000 5.01.2600.2180 c:\windows\system32\WINIPSEC.DLL
0x57f70000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x5b390000 0x16000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x29000 5.01.2600.2180 C:\WINDOWS\system32\modemui.dll
0x57ff0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x71c50000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76730000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\System32\SCHANNEL.dll
0x71ee0000 0x9000 5.01.2600.0000 C:\WINDOWS\System32\ipxwan.dll
0x71fb0000 0x12000 5.01.2600.0000 C:\WINDOWS\System32\adptif.dll
0x72010000 0x1b000 5.01.2600.2180 c:\windows\system32\rasauto.dll
0x741e0000 0x4000 5.01.2600.2180 C:\WINDOWS\System32\icmp.dll
0x68f30000 0x31000 5.01.2600.3077 C:\WINDOWS\system32\upnphost.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\System32\msxml3.dll
0x74e60000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemprox.dll
------------------------------------------------------------------------------

Invité

la suite......................
------------------------------------------------------------------------------
svchost.exe pid: 1172
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x68f30000 0x31000 5.01.2600.3077 c:\windows\system32\upnphost.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\System32\msxml3.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x679d0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\httpapi.dll
------------------------------------------------------------------------------
ati2evxx.exe pid: 1396
Command line: Ati2evxx.exe -Client

Base Size Version Path
0x00400000 0x6c000 6.14.0010.4132 C:\WINDOWS\SYSTEM32\Ati2evxx.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00c30000 0x10000 6.14.0010.2500 C:\WINDOWS\SYSTEM32\Ati2edxx.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
explorer.exe pid: 1480
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0x100000 6.00.2900.3156 C:\WINDOWS\Explorer.EXE
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x75f10000 0xfd000 6.00.2900.2995 C:\WINDOWS\system32\BROWSEUI.dll
0x77720000 0x170000 6.00.2900.2987 C:\WINDOWS\system32\SHDOCVW.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5b950000 0x73000 6.00.2900.2180 C:\WINDOWS\System32\themeui.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\MSIMG32.dll
0x5ffb0000 0x33000 5.01.2600.2180 C:\WINDOWS\System32\msutb.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\System32\MSCTF.dll
0x44360000 0x5cb000 7.00.6000.16512 C:\WINDOWS\system32\ieframe.dll
0x44a40000 0x371000 7.00.6000.16525 C:\WINDOWS\system32\mshtml.dll
0x012c0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76bb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x01fc0000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x02130000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x021b0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x75ef0000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x75f00000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x76540000 0x21000 5.01.2600.2180 C:\WINDOWS\System32\stobject.dll
0x74a60000 0xa000 6.00.2900.2180 C:\WINDOWS\System32\BatMeter.dll
0x74660000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
0x736b0000 0x49000 5.03.2600.2180 C:\WINDOWS\system32\ddraw.dll
0x73b10000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\DCIMAN32.dll
0x02300000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\System32\msxml3.dll
0x67500000 0xf000 5.00.0527.0020 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\scrchpg.dll
0x10000000 0x9000 5.00.0527.0001 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\scbridge.dll
0x03780000 0x8000 5.00.0527.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\klipc.dll
0x6c650000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x02480000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x00bd0000 0x13000 1.00.0000.0001 C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
0x60510000 0x18000 2.00.50727.0042 C:\WINDOWS\system32\dfshim.dll
0x79000000 0x45000 2.00.50727.0832 C:\WINDOWS\system32\mscoree.dll
0x73af0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\sti.dll
0x74a50000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\CFGMGR32.dll
------------------------------------------------------------------------------
alg.exe pid: 1548
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
guard.exe pid: 1608
Command line: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

------------------------------------------------------------------------------
CDAC11BA.EXE pid: 1624
Command line: C:\WINDOWS\system32\drivers\CDAC11BA.EXE

Base Size Version Path
0x00400000 0x12000 4.20.0000.0000 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
------------------------------------------------------------------------------
svchost.exe pid: 1724
Command line: C:\WINDOWS\System32\svchost.exe -k HTTPFilter

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5ada0000 0x7000 6.00.2600.2180 c:\windows\system32\w3ssl.dll
0x5a1f0000 0x16000 6.00.2600.2180 C:\WINDOWS\System32\strmfilt.dll
0x679d0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\HTTPAPI.dll
------------------------------------------------------------------------------
SOUNDMAN.EXE pid: 1884
Command line: "C:\WINDOWS\SOUNDMAN.EXE"

Base Size Version Path
0x00400000 0xd000 5.00.0000.0012 C:\WINDOWS\SOUNDMAN.EXE
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x73e60000 0x5c000 5.03.2600.2180 C:\WINDOWS\system32\DSOUND.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
dslagent.exe pid: 1892
Command line: "C:\WINDOWS\system32\dslagent.exe" USB

Base Size Version Path
0x00400000 0x4000 C:\WINDOWS\system32\dslagent.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x74a50000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TaskBarIcon.exe pid: 1936
Command line: "C:\PROGRA~1\Wanadoo\taskbaricon.exe"

Base Size Version Path
0x00400000 0x9000 5.04.0000.0076 C:\PROGRA~1\Wanadoo\taskbaricon.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x10000000 0x7000 5.04.0000.0036 C:\PROGRA~1\Wanadoo\OutilsFT.dll
0x5f400000 0xf2000 6.00.8168.0000 C:\PROGRA~1\Wanadoo\MFC42.DLL
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00900000 0x13000 5.04.0000.0171 C:\PROGRA~1\Wanadoo\WooIHMF.dll
0x00ab0000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00980000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
OESpamTest.exe pid: 1956
Command line: "C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE"

Base Size Version Path
0x00400000 0xc000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00870000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00a20000 0x2e000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHookFra.dll
0x00ad0000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
netdde.exe pid: 1968
Command line: C:\WINDOWS\system32\netdde.exe

Base Size Version Path
0x01000000 0x20000 5.01.2600.2180 C:\WINDOWS\system32\netdde.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------

Invité

------------------------------------------------------------------------------
opwareSE2.exe pid: 2028
Command line: "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

Base Size Version Path
0x00400000 0xe000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x009e0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00a10000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
svchost.exe pid: 2036
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75a00000 0x55000 5.01.2600.3051 c:\windows\system32\wiaservc.dll
0x74a50000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll
0x73a80000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x73af0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\sti.dll
------------------------------------------------------------------------------
wdfmgr.exe pid: 176
Command line: C:\WINDOWS\system32\wdfmgr.exe

Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
------------------------------------------------------------------------------

Invité

CLI.exe pid: 292
Command line: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x45000 2.00.50727.0832 C:\WINDOWS\system32\mscoree.dll
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x79e70000 0x566000 2.00.50727.0832 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x790c0000 0xad0000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b4b2107c63008bc425b5664cf868599a\mscorlib.ni.dll
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00c80000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00c90000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x79060000 0x53000 2.00.50727.0832 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
0x7a440000 0x7c6000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6830e620af9f405c62d35b778f471319\System.ni.dll
0x7ade0000 0x18c000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\1deb13c54dca2cbcb7906d8ab3bff61d\System.Drawing.ni.dll
0x7afd0000 0xc84000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\441fd61d610b21a529655961eb60f5ea\System.Windows.Forms.ni.dll
0x11000000 0xc000 1.02.2314.20187 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Implementation.dll
0x010c0000 0xc000 1.02.2208.29985 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.dll
0x010e0000 0x14000 1.02.2208.29986 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.dll
0x01120000 0xe000 1.02.2314.20334 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.Service.dll
0x01140000 0x8000 1.02.2208.29991 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.Shared.dll
0x01160000 0xa000 1.02.2314.20334 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.XManifestation.dll
0x637a0000 0x562000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b19ce294d30f7c62c44a41192b381663\System.Xml.ni.dll
0x67770000 0x4c000 2.00.50727.0832 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x64890000 0xfa000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\058bfffbbe144e17ffd795e86eed54b9\System.Configuration.ni.dll
0x034a0000 0x18000 1.02.2314.20335 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Runtime.dll
0x01260000 0x8000 1.00.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\ATICCCom.dll
0x034f0000 0xa000 1.02.2208.29985 C:\Program Files\ATI Technologies\ATI.ACE\AEM.Foundation.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x03670000 0x10000 1.02.2208.29987 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Shared.dll
0x036a0000 0x4c000 1.02.2314.20330 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Runtime.dll
0x03740000 0xc000 1.02.2208.29988 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Runtime.Shared.dll
0x03760000 0x8000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\DEM.Foundation.dll
0x03780000 0xe000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\DEM.Graphics.I0601.dll
0x037a0000 0xa000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\ACE.Graphics.DisplaysManager.Shared.dll
0x65f20000 0xba6000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\0f5f70acc1735ce87efa94ebe3bc8cc6\System.Web.ni.dll
0x039f0000 0x4a000 1.02.2314.20173 C:\WINDOWS\system32\ATIDEMGR.dll
0x67510000 0x5e000 2.00.50727.0832 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
0x6a300000 0xa000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
0x74e60000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemprox.dll
0x74e40000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x04050000 0xc000 1.02.2314.20220 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll
0x04180000 0xa000 1.02.2208.29991 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
0x041a0000 0xc000 1.02.2314.20241 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Runtime.dll
0x041c0000 0xa000 1.02.2208.30001 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MultiVPU.Graphics.Shared.dll
0x04200000 0xc000 1.02.2314.20220 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll
0x04210000 0xa000 1.02.2208.29993 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll
0x04230000 0x10000 1.02.2314.20258 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
0x04250000 0xe000 1.02.2314.20255 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Runtime.dll
0x04280000 0xe000 1.02.2314.20224 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
0x042a0000 0xa000 1.02.2208.30007 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
0x042c0000 0xe000 1.02.2314.20286 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Runtime.dll
0x042e0000 0xa000 1.02.2208.29990 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysColour.Graphics.Shared.dll
0x04300000 0xe000 1.02.2314.20271 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Runtime.dll
0x04320000 0xc000 1.02.2208.30001 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Shared.dll
0x04360000 0xc000 1.02.2314.20335 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Runtime.dll
0x04370000 0xa000 1.02.2208.29989 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VideoOverlay.Graphics.Shared.dll
0x04390000 0x8000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\ACE.Graphics.VideoOverlay.Shared.dll
0x043b0000 0xa000 1.02.2314.20252 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Runtime.dll
0x043d0000 0xa000 1.02.2314.20245 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Runtime.dll
0x043f0000 0xa000 1.02.2208.29988 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.VPURecover.Graphics.Shared.dll
0x04410000 0xc000 1.02.2314.20243 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll
0x04430000 0xc000 1.02.2314.20305 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
0x04450000 0x12000 1.02.2236.29147 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
0x04490000 0xc000 1.02.2314.20230 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll
0x044f0000 0x12000 1.02.2236.29162 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCRT2.Graphics.Shared.dll
0x044c0000 0xa000 1.02.2314.20296 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
0x04520000 0xa000 1.02.2208.29994 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
0x04540000 0xa000 1.02.2314.20225 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll
0x04560000 0xa000 1.02.2208.29993 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Shared.dll
0x04580000 0x10000 1.02.2314.20302 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
0x045a0000 0xc000 1.02.2236.29179 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Shared.dll
0x045c0000 0xa000 1.02.2236.29132 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.CustomFormats.Graphics.Shared.dll
0x045e0000 0x10000 1.02.2314.20232 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Runtime.dll
0x04600000 0xc000 1.02.2236.29197 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Shared.dll
0x04660000 0x12000 1.02.2314.20292 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Runtime.dll
0x04680000 0x12000 1.02.2314.20289 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
0x04630000 0xe000 1.02.2314.20299 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
0x046d0000 0xe000 1.02.2236.29212 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
0x04700000 0xe000 1.02.2314.20227 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll
0x04720000 0xe000 1.02.2236.29221 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceDFP2.Graphics.Shared.dll
0x04740000 0x16000 1.02.2314.20264 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Runtime.dll
0x04880000 0xa000 1.02.2231.27329 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive3.Graphics.Shared.dll
0x048a0000 0xa000 1.02.2314.20268 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Runtime.dll
0x048c0000 0x10000 1.02.2314.20261 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
0x04900000 0xa000 1.02.2208.29989 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
0x04910000 0xc000 1.02.2314.20280 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
0x04930000 0x8000 1.02.2314.20275 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll
0x04950000 0xc000 1.02.2314.20277 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
0x04970000 0xa000 1.02.2208.29990 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Shared.dll
0x04990000 0x8000 1.02.2314.20235 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
0x049b0000 0x8000 1.02.2208.30002 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
0x049d0000 0x12000 1.02.2232.28756 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Shared.dll
0x04a30000 0x10000 1.02.2232.28758 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll
0x04a50000 0x8000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\DEM.Graphics.I0600.dll
0x04a90000 0xa000 1.02.2208.29990 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.SmartGart.Graphics.Shared.dll
0x03c00000 0xa000 1.02.2208.29988 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.WorkstationConfig.Graphics.Shared.dll
0x03c20000 0x8000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\DEM.Graphics.I0602.dll
0x03c40000 0x8000 1.02.2208.29987 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
0x03c60000 0x8000 1.02.2208.29986 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty2.Graphics.Shared.dll
0x03cc0000 0x12000 1.02.2308.22860 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Shared.dll
0x03ce0000 0x12000 1.02.2308.22854 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Shared.dll
0x03c90000 0x8000 1.02.2208.29989 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.OverDrive2.Graphics.Shared.dll
0x04b20000 0xa000 1.02.2208.29993 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
0x04b30000 0x8000 1.02.2208.29988 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll
0x04b60000 0xa000 1.02.2208.30002 C:\Program Files\ATI Technologies\ATI.ACE\APM.Foundation.dll
0x44360000 0x5cb000 7.00.6000.16512 C:\WINDOWS\system32\ieframe.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x04ea0000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
------------------------------------------------------------------------------

Invité

------------------------------------------------------------------------------
avgas.exe pid: 556
Command line: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

Base Size Version Path
0x00400000 0x675000 7.05.0001.0043 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x10000000 0xde000 4.02.0000.0019 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x01d90000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00fa0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x01e10000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cb000 7.00.6000.16512 C:\WINDOWS\system32\ieframe.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
------------------------------------------------------------------------------
ctfmon.exe pid: 1020
Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5ffb0000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x009c0000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x003e0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00a40000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
GoogleToolbarNotifier.exe pid: 1096
Command line: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Base Size Version Path
0x00400000 0x13000 2.00.0301.1654 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x10000000 0x2e000 2.00.0301.7164 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll
0x00350000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00c20000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00ca0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00cb0000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x00e00000 0xf000 2.00.0301.7164 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_fr.dll
0x00e10000 0x54000 2.00.0301.7164 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x76bb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
------------------------------------------------------------------------------
CLI.exe pid: 3140
Command line: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide Wizard

Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x45000 2.00.50727.0832 C:\WINDOWS\system32\mscoree.dll
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x79e70000 0x566000 2.00.50727.0832 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x790c0000 0xad0000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b4b2107c63008bc425b5664cf868599a\mscorlib.ni.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x4000 C:\Program Files\Unlocker\UnlockerHook.dll
0x00cd0000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00d50000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00d60000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x79060000 0x53000 2.00.50727.0832 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
0x7a440000 0x7c6000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6830e620af9f405c62d35b778f471319\System.ni.dll
0x7ade0000 0x18c000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\1deb13c54dca2cbcb7906d8ab3bff61d\System.Drawing.ni.dll
0x7afd0000 0xc84000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\441fd61d610b21a529655961eb60f5ea\System.Windows.Forms.ni.dll
0x11000000 0xc000 1.02.2314.20187 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Implementation.dll
0x01190000 0xc000 1.02.2208.29985 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.dll
0x011b0000 0x14000 1.02.2208.29986 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.dll
0x011f0000 0xe000 1.02.2314.20334 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.Service.dll
0x01210000 0x8000 1.02.2208.29991 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.Shared.dll
0x01230000 0xa000 1.02.2314.20334 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.XManifestation.dll
0x637a0000 0x562000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b19ce294d30f7c62c44a41192b381663\System.Xml.ni.dll
0x67770000 0x4c000 2.00.50727.0832 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x64890000 0xfa000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\058bfffbbe144e17ffd795e86eed54b9\System.Configuration.ni.dll
0x03560000 0x9c000 1.02.2314.20214 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Wizard.dll
0x036a0000 0xe000 1.02.2208.29986 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.Clients.dll
0x036c0000 0xa000 1.02.2208.29987 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Wizard.Shared.dll
0x03750000 0x18000 1.02.2314.20335 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Runtime.dll
0x03790000 0x8000 1.00.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\ATICCCom.dll
0x037b0000 0x10000 1.02.2208.29987 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Shared.dll
0x037d0000 0xa000 1.02.2208.29985 C:\Program Files\ATI Technologies\ATI.ACE\AEM.Foundation.dll
0x037f0000 0xa000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\ACE.Graphics.DisplaysManager.Shared.dll
0x03820000 0x18000 1.02.2314.20216 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Wizard.dll
0x03860000 0x8000 1.02.2208.29990 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Wizard.Shared.dll
0x03890000 0x130000 1.02.2314.20204 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
0x03af0000 0x130000 1.02.2314.20208 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Wizard.dll
0x03d50000 0x68000 1.02.2314.20199 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
0x03e30000 0x68000 1.02.2314.20201 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Wizard.dll
0x03f10000 0x28000 1.02.2314.20194 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
0x03f70000 0x28000 1.02.2314.20197 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Wizard.dll
0x03fd0000 0x244000 1.02.2314.20211 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
0x044d0000 0x22000 1.02.2314.20188 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
0x04500000 0x74000 1.02.2314.20190 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Wizard.dll
0x04600000 0x80000 1.02.2314.20221 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.TransCode.Local.Wizard.dll
0x04700000 0x54000 1.02.2314.20192 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
0x04480000 0xc000 1.02.2236.29179 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV.Graphics.Shared.dll
0x049c0000 0x8000 1.02.2208.29987 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
0x049e0000 0xc000 1.02.2236.29197 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceCV2.Graphics.Shared.dll
0x04a00000 0x8000 1.02.2208.29986 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceProperty2.Graphics.Shared.dll
0x04a40000 0xa000 1.02.2208.29994 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
0x04a50000 0xa000 1.02.2208.29993 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceLCD2.Graphics.Shared.dll
0x04a70000 0x12000 1.02.2308.22854 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV.Graphics.Shared.dll
0x04ac0000 0x12000 1.02.2308.22860 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.DeviceTV2.Graphics.Shared.dll
0x04b00000 0x12000 1.02.2232.28756 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.Radeon3D.Graphics.Shared.dll
0x04b40000 0xc000 1.02.2208.30001 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.MMVideo.Graphics.Shared.dll
0x04b60000 0x4a000 1.02.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.TransCode.Local.Shared.dll
0x04c00000 0x8000 1.00.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\atixclib.dll
0x04c20000 0xa000 1.02.2208.29990 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Aspect.InfoCentre.Graphics.Shared.dll
0x65f20000 0xba6000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\0f5f70acc1735ce87efa94ebe3bc8cc6\System.Web.ni.dll
------------------------------------------------------------------------------

Invité

----------------------------------------
CLI.exe pid: 3148
Command line: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide SystemTray

Base Size Version Path
0x00400000 0xe000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
0x79000000 0x45000 2.00.50727.0832 C:\WINDOWS\system32\mscoree.dll
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x79e70000 0x566000 2.00.50727.0832 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x790c0000 0xad0000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b4b2107c63008bc425b5664cf868599a\mscorlib.ni.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00cd0000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00d50000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00d60000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x79060000 0x53000 2.00.50727.0832 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
0x7a440000 0x7c6000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6830e620af9f405c62d35b778f471319\System.ni.dll
0x7ade0000 0x18c000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\1deb13c54dca2cbcb7906d8ab3bff61d\System.Drawing.ni.dll
0x7afd0000 0xc84000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\441fd61d610b21a529655961eb60f5ea\System.Windows.Forms.ni.dll
0x11000000 0xc000 1.02.2314.20187 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Implementation.dll
0x01190000 0xc000 1.02.2208.29985 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.dll
0x011b0000 0x14000 1.02.2208.29986 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.dll
0x011f0000 0xe000 1.02.2314.20334 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.Service.dll
0x01210000 0x8000 1.02.2208.29991 C:\Program Files\ATI Technologies\ATI.ACE\LOG.Foundation.Shared.dll
0x01230000 0xa000 1.02.2314.20334 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Foundation.XManifestation.dll
0x637a0000 0x562000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b19ce294d30f7c62c44a41192b381663\System.Xml.ni.dll
0x67770000 0x4c000 2.00.50727.0832 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x64890000 0xfa000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\058bfffbbe144e17ffd795e86eed54b9\System.Configuration.ni.dll
0x03560000 0x6c000 1.02.2314.20315 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Systemtray.dll
0x03640000 0x10000 1.02.2208.29987 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Caste.Graphics.Shared.dll
0x036d0000 0x18000 1.02.2314.20335 C:\Program Files\ATI Technologies\ATI.ACE\CLI.Component.Runtime.dll
0x03710000 0x8000 1.00.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\ATICCCom.dll
0x03730000 0xa000 1.11.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\ACE.Graphics.DisplaysManager.Shared.dll
0x03750000 0xa000 1.02.2208.29985 C:\Program Files\ATI Technologies\ATI.ACE\AEM.Foundation.dll
0x03780000 0xa000 1.02.2208.30002 C:\Program Files\ATI Technologies\ATI.ACE\APM.Foundation.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x037a0000 0x12000 1.02.2314.20315 C:\Program Files\ATI Technologies\ATI.ACE\fr\CLI.Component.Systemtray.resources.dll
0x4eb80000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x65f20000 0xba6000 2.00.50727.0832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\0f5f70acc1735ce87efa94ebe3bc8cc6\System.Web.ni.dll
------------------------------------------------------------------------------
EspaceWanadoo.exe pid: 3424
Command line: "C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe"

Base Size Version Path
0x00400000 0x57000 5.05.0000.0743 C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x10000000 0xa000 5.04.0000.0055 C:\PROGRA~1\Wanadoo\ModifFT.dll
0x5f400000 0xf2000 6.00.8168.0000 C:\PROGRA~1\Wanadoo\MFC42.DLL
0x00320000 0x7000 5.04.0000.0036 C:\PROGRA~1\Wanadoo\OutilsFT.dll
0x00330000 0x37000 5.04.0000.0001 C:\PROGRA~1\Wanadoo\StyleIHM.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00a70000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00af0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00b00000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00d60000 0x13000 5.04.0000.0171 C:\PROGRA~1\Wanadoo\WooIHMF.dll
0x00d90000 0x6c000 5.04.0000.0000 C:\PROGRA~1\Wanadoo\ResourceStyle.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
ComComp.exe pid: 3432
Command line: ComComp.exe

Base Size Version Path
0x00400000 0x26000 5.04.0000.0252 C:\PROGRA~1\Wanadoo\ComComp.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x10000000 0x7000 5.04.0000.0036 C:\PROGRA~1\Wanadoo\OutilsFT.dll
0x5f400000 0xf2000 6.00.8168.0000 C:\PROGRA~1\Wanadoo\MFC42.DLL
0x00320000 0xa000 5.04.0000.0055 C:\PROGRA~1\Wanadoo\ModifFT.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x009f0000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00a70000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00aa0000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00bf0000 0x1c000 5.04.0000.0262 C:\PROGRA~1\Wanadoo\GestAppFT.dll
0x5feb0000 0xd5000 5.01.2600.2180 C:\WINDOWS\System32\tapi3.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x00d30000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16512 C:\WINDOWS\system32\iertutil.dll
0x6e9d0000 0x57000 5.01.2600.0000 C:\WINDOWS\System32\confmsp.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x5ba10000 0x5a000 5.01.2600.2180 C:\WINDOWS\System32\termmgr.dll
0x68da0000 0x9a000 5.01.2600.2180 C:\WINDOWS\System32\h323msp.dll
0x66b20000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\inetmib1.dll
0x71ed0000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\snmpapi.dll
0x00c10000 0x8000 5.06.0000.0036 C:\WINDOWS\system32\WooDial2000.dll
------------------------------------------------------------------------------
Watch.exe pid: 3572
Command line: Watch.exe Wanadoo

Base Size Version Path
0x00400000 0x5000 5.04.0000.0062 C:\PROGRA~1\Wanadoo\Watch.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x10000000 0xa000 5.04.0000.0055 C:\PROGRA~1\Wanadoo\ModifFT.dll
0x5f400000 0xf2000 6.00.8168.0000 C:\PROGRA~1\Wanadoo\MFC42.DLL
------------------------------------------------------------------------------
kav.exe pid: 1044
Command line: <unable to retrieve>
------------------------------------------------------------------------------
kavsvc.exe pid: 284
Command line: <unable to retrieve>
------------------------------------------------------------------------------
klswd.exe pid: 1468
Command line: <unable to retrieve>
------------------------------------------------------------------------------
sys84853.exe pid: 4008
Command line: "C:\Documents and Settings\Mr\Bureau\sys84853.exe"

Base Size Version Path
0x00400000 0x39000 C:\Documents and Settings\Mr\Bureau\sys84853.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x4000 C:\Program Files\Unlocker\UnlockerHook.dll
0x00990000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00910000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00a10000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
runme.exe pid: 1416
Command line: runme.exe

Base Size Version Path
0x00400000 0x58000 3.02.0000.0000 C:\DOCUME~1\Mr\LOCALS~1\Temp\nsq19.tmp\runme.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x6a7d0000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x66630000 0x20000 5.00.0081.0069 C:\WINDOWS\system32\VB6FR.DLL
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00dc0000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00e40000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x00e70000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x734f0000 0x25000 5.06.0000.8820 C:\WINDOWS\system32\scrrun.dll
------------------------------------------------------------------------------
cmd.exe pid: 3992
Command line: cmd /c kbqidphsfq.exe >> C:\suspectfile\tempd.txt

Base Size Version Path
0x4ad00000 0x64000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
kbqidphsfq.exe pid: 712
Command line: kbqidphsfq.exe

Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\Mr\LOCALS~1\Temp\nsq19.tmp\kbqidphsfq.exe
*** File timestamp: Mon Apr 16 17:53:11 2007
*** Loaded image timestamp: Mon Apr 16 17:53:12 2007
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

==========================================
Scan completed in 2.3 minutes
End of report

Invité

ouf hé bin jcrois que c'est tout....

merci !

¤ Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous

C:\rapport_clean.txt
C:\DUMP4d16.tmp
C:\DUMP2cdc.tmp
C:\DUMP2c7e.tmp
C:\WINDOWS\system32\swreg.exe
C:\WINDOWS\system32\imail40.rtl
C:\DOCUME~1\Mr\LOCALS~1\Temp\nsq19.tmp
C:\DOCUME~1\Mr\LOCALS~1\Temp\~DF8C31.tmp

Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
Clic sur le boutton rouge Moveit et ferme OTMoveIt
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles

¤ Fais ce qui est indiqué ici, première chose et dis-moi ce que ça donne (s'il t'a trouvé des erreurs ou non)
Puis essaie à nouveau d'exécuter Combofix $clin d\\'oeil$
https://kerio.probb.fr/Windows-c1/Apprendre-a-mieux-maitriser-Windows-f4/Reparer-Windows-2000-XP-et-Vista-t50.htm

Invité

Voila pour le premier rapport :

C:\rapport_clean.txt moved successfully.
File/Folder C:\DUMP4d16.tmp not found.
File/Folder C:\DUMP2cdc.tmp not found.
File/Folder C:\DUMP2c7e.tmp not found.
C:\WINDOWS\system32\swreg.exe moved successfully.
C:\WINDOWS\system32\imail40.rtl moved successfully.
File/Folder C:\DOCUME~1\Mr\LOCALS~1\Temp\nsq19.tmp not found.
File/Folder C:\DOCUME~1\Mr\LOCALS~1\Temp\~DF8C31.tmp not found.

Created on 08-17-2007 08:55:37

Je vais de ce pas faire la suite.
Et merci

Invité

le rapport de combo fix

ComboFix 07-08-14.4 - "Mr" 2007-08-17 8:59:36.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.169 [GMT 2:00]

((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))

2007-08-17 08:51 <REP> d-------- C:\WINDOWS\LastGood
2007-08-16 20:35 153,088 --a------ C:\WINDOWS\regedit.exe
2007-08-16 20:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 16:13 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-16 15:59 <REP> d-------- C:\Program Files\CCleaner
2007-08-15 22:38 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-13 14:57 <REP> d-------- C:\Program Files\a-squared Free
2007-08-13 10:21 <REP> d-------- C:\WINDOWS\AU_Temp
2007-08-11 20:27 <REP> d-------- C:\Program Files\Fichiers communs\Sandlot Shared
2007-08-08 19:16 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-08-08 19:16 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-05 00:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-08-04 00:24 <REP> d-------- C:\Program Files\orange
2007-08-04 00:24 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2007-08-03 15:55 <REP> d-------- C:\DOCUME~1\Mr\APPLIC~1\PlayFirst
2007-08-03 15:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 08:49 --------- d-------- C:\Program Files\Wanadoo
2007-08-13 21:43 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-13 21:43 --------- d-------- C:\Program Files\jeuxpc
2007-08-13 10:22 86094 --a------ C:\WINDOWS\BPMNT.dll
2007-08-13 10:22 71749 --a--c--- C:\WINDOWS\HCExtOutput.dll
2007-08-13 10:22 267845 --a--c--- C:\WINDOWS\tsc.exe
2007-08-13 10:22 1163344 --a--c--- C:\WINDOWS\vsapi32.dll
2007-08-05 22:54 69689 --a--c--- C:\WINDOWS\UNZIP.DLL
2007-08-05 22:54 507904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-08-05 22:54 286720 --a------ C:\WINDOWS\PATCH.EXE
2007-08-02 12:53 --------- d-------- C:\Program Files\World of Warcraft
2007-07-30 23:27 --------- d-------- C:\Program Files\WowCartographe
2007-07-23 18:47 --------- d-------- C:\DOCUME~1\Mr\APPLIC~1\Canon
2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 15:24 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:24 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:24 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:24 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:24 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:24 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:24 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:24 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:23 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:23 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:23 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:23 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:23 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:23 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:22 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:22 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:22 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:22 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:22 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:22 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:28 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:09 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 12:08 --------- d-------- C:\Program Files\eMule
2007-06-20 12:08 --------- d-------- C:\DOCUME~1\Mr\APPLIC~1\eMule
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-17 13:29 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 13:29 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2005-03-12 13:54 806 --a--c--- C:\Program Files\INSTALL.LOG

Invité

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 19:24 C:\WINDOWS\SOUNDMAN.EXE]
"DSLAGENTEXE"="dslagent.exe" [2002-01-22 22:01 C:\WINDOWS\system32\dslagent.exe]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\watch.exe" [2002-02-20 12:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\taskbaricon.exe" [2002-02-20 12:49]
"OESpamTest"="C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE" [2006-05-11 19:53]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 09:30]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]
"oov6multiuser.exe"="C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe" [2002-12-12 13:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 11:45]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Anti-Hacker.lnk - C:\Program Files\Micro Application\S‚curit‚ Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe [2005-12-13 11:56:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OFFICEOneNotesv6.exe"=C:\Program Files\OFFICE One6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ToUcamVProperty"=C:\PROGRA~1\PHILIP~1\VProperty.exe
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys
R1 NPPTNT;NPPTNT;\??\C:\WINDOWS\System32\npptNT.sys
R1 SSHDRV76;SSHDRV76;\??\C:\WINDOWS\System32\drivers\SSHDRV76.sys
R1 SSHDRV79;SSHDRV79;\??\C:\WINDOWS\System32\drivers\SSHDRV79.sys
R2 pavdrv;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
R3 wanusb;ECI Telecom USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
S3 cdrmkaun;cdrmkaun;\??\C:\DOCUME~1\Mr\LOCALS~1\Temp\cdrmkaun.sys
S3 ovt519;VGA USB Camera;C:\WINDOWS\system32\Drivers\ov519vid.sys

Contents of the 'Scheduled Tasks' folder
2007-08-16 14:00:03 C:\WINDOWS\Tasks\A697937790A40673.job - c:\docume~1\mr\applic~1\thirdhtm\BytePopAcid.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 09:04:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\kdcom.dll
C:\WINDOWS\system32\prodspec.ini
C:\WINDOWS\system32\subst.exe
C:\WINDOWS\system32\iasacct.dll
C:\WINDOWS\system32\iasads.dll
C:\WINDOWS\system32\iashlpr.dll
C:\WINDOWS\system32\iasnap.dll
C:\WINDOWS\system32\iaspolcy.dll
C:\WINDOWS\system32\iasrad.dll
C:\WINDOWS\system32\iasrecst.dll
C:\WINDOWS\system32\iassam.dll
C:\WINDOWS\system32\iassdo.dll
C:\WINDOWS\system32\iassvcs.dll
C:\WINDOWS\system32\icaapi.dll
C:\WINDOWS\system32\icardie.dll
C:\WINDOWS\system32\iccvid.dll
C:\WINDOWS\system32\icfgnt5.dll
C:\WINDOWS\system32\icm32.dll
C:\WINDOWS\system32\icmp.dll
C:\WINDOWS\system32\icmui.dll

Invité

C:\WINDOWS\system32\icrav03.rat
C:\WINDOWS\system32\icsxml
C:\WINDOWS\system32\OoneZipPopup.dll
C:\WINDOWS\system32\opengl32.dll
C:\WINDOWS\system32\OpenQuicktimeLib.dll
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\osuninst.dll
C:\WINDOWS\system32\osuninst.exe
C:\WINDOWS\system32\OUTLWAB.DLL
C:\WINDOWS\system32\ov519ext.ax
C:\WINDOWS\system32\ov519ext.dll
C:\WINDOWS\system32\ov519usd.dll
C:\WINDOWS\system32\p2p.dll
C:\WINDOWS\system32\p2pgasvc.dll
C:\WINDOWS\system32\p2pgraph.dll
C:\WINDOWS\system32\p2pnetsh.dll
C:\WINDOWS\system32\p2psvc.dll
C:\WINDOWS\system32\packager.exe
C:\WINDOWS\system32\panmap.dll
C:\WINDOWS\system32\paqsp.dll
C:\WINDOWS\system32\pathping.exe
C:\WINDOWS\system32\pautoenr.dll
C:\WINDOWS\system32\pav.sig
C:\WINDOWS\system32\PCDLIB32.DLL
C:\WINDOWS\system32\pcl.sep
C:\WINDOWS\system32\pdh.dll
C:\WINDOWS\system32\pentnt.exe
C:\WINDOWS\system32\perfc009.dat
C:\WINDOWS\system32\perfc00C.dat
C:\WINDOWS\system32\perfci.h
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svcpack.dll
C:\WINDOWS\system32\swprv.dll
C:\WINDOWS\system32\swreg.exe
C:\WINDOWS\system32\swsc.exe
C:\WINDOWS\system32\swxcacls.exe
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\SymStore.dll
C:\WINDOWS\system32\syncapp.exe
C:\WINDOWS\system32\synceng.dll
C:\WINDOWS\system32\syncui.dll
C:\WINDOWS\system32\sysdm.cpl
C:\WINDOWS\system32\sysedit.exe
C:\WINDOWS\system32\sysinv.dll
C:\WINDOWS\system32\syskey.exe
C:\WINDOWS\system32\sysmon.ocx
C:\WINDOWS\system32\sysocmgr.exe
C:\WINDOWS\system32\sysprint.sep
C:\WINDOWS\system32\sysprtj.sep
C:\WINDOWS\system32\syssetup.dll
C:\WINDOWS\system32\system.drv
C:\WINDOWS\system32\systray.exe
C:\WINDOWS\system32\t2embed.dll
C:\WINDOWS\system32\TABCTFR.DLL
C:\WINDOWS\system32\TABCTL32.OCX
C:\WINDOWS\system32\tapi.dll
C:\WINDOWS\system32\tapi3.dll
C:\WINDOWS\system32\tapi32.dll
C:\WINDOWS\system32\tapiperf.dll
C:\WINDOWS\system32\tapisrv.dll
C:\WINDOWS\system32\tapiui.dll
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\MSPRPFR.DLL
C:\WINDOWS\system32\msr2c.dll
C:\WINDOWS\system32\msr2cenu.dll
C:\WINDOWS\system32\msratelc.dll
C:\WINDOWS\system32\msrating.dll
C:\WINDOWS\system32\msrclr40.dll
C:\WINDOWS\system32\MSRD2X35.DLL
C:\WINDOWS\system32\msrd2x40.dll
C:\WINDOWS\system32\msrd3x40.dll
C:\WINDOWS\system32\MSRDO20.DLL
C:\WINDOWS\system32\msrecr40.dll
C:\WINDOWS\system32\MSREPL35.DLL
C:\WINDOWS\system32\msrepl40.dll
C:\WINDOWS\system32\msrle32.dll
C:\WINDOWS\system32\MSRTEDIT.DLL
C:\WINDOWS\system32\mssap.dll
C:\WINDOWS\system32\msscds32.ax
C:\WINDOWS\system32\MSSCP.dll
C:\WINDOWS\system32\msscript.ocx
C:\WINDOWS\system32\mssign32.dll
C:\WINDOWS\system32\mssip32.dll
C:\WINDOWS\system32\MSSTDFMT.DLL
C:\WINDOWS\system32\MSSTKPRP.DLL
C:\WINDOWS\system32\msswch.dll
C:\WINDOWS\system32\msswchx.exe
C:\WINDOWS\system32\mstask.dll
C:\WINDOWS\system32\mstext40.dll
C:\WINDOWS\system32\mstime.dll
C:\WINDOWS\system32\mstinit.exe
C:\WINDOWS\system32\mstlsapi.dll
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\mstscax.dll
C:\WINDOWS\system32\msuni11.dll
C:\WINDOWS\system32\msutb.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\config
C:\WINDOWS\system32\cryptnet.dll
C:\WINDOWS\system32\c_1256.nls
C:\WINDOWS\system32\c_874.nls
C:\WINDOWS\system32\dao2535.tlb
C:\WINDOWS\system32\ddeml.dll
C:\WINDOWS\system32\dfrgui.dll
C:\WINDOWS\system32\diskmgmt.msc
C:\WINDOWS\system32\docprop.dll
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\dssec.dll
C:\WINDOWS\system32\EqnClass.Dll
C:\WINDOWS\system32\fastopen.exe
C:\WINDOWS\system32\find.exe
C:\WINDOWS\system32\FPXS2Pro.dll
C:\WINDOWS\system32\gpkcsp.dll
C:\WINDOWS\system32\hhsetup.dll
C:\WINDOWS\system32\ias
C:\WINDOWS\system32\icwdial.dll
C:\WINDOWS\system32\ifsutil.dll
C:\WINDOWS\system32\infosoft.dll
C:\WINDOWS\system32\ipxmontr.dll
C:\WINDOWS\system32\jet500.dll
C:\WINDOWS\system32\kbdbe.dll
C:\WINDOWS\system32\kbdit.dll
C:\WINDOWS\system32\kbdsf.dll
C:\WINDOWS\system32\c_1257.nls
C:\WINDOWS\system32\c_1258.nls
C:\WINDOWS\system32\c_20127.nls
C:\WINDOWS\system32\c_20261.nls
C:\WINDOWS\system32\c_20866.nls
C:\WINDOWS\system32\c_20905.nls
C:\WINDOWS\system32\c_21866.nls
C:\WINDOWS\system32\c_28591.nls
C:\WINDOWS\system32\c_28592.nls
C:\WINDOWS\system32\c_28593.nls
C:\WINDOWS\system32\C_28594.NLS
C:\WINDOWS\system32\C_28595.NLS
C:\WINDOWS\system32\C_28597.NLS
C:\WINDOWS\system32\c_28598.nls
C:\WINDOWS\system32\c_28599.nls
C:\WINDOWS\system32\c_28603.nls
C:\WINDOWS\system32\c_28605.nls
C:\WINDOWS\system32\c_437.nls
C:\WINDOWS\system32\c_500.nls
C:\WINDOWS\system32\c_737.nls
C:\WINDOWS\system32\c_775.nls
C:\WINDOWS\system32\c_850.nls
C:\WINDOWS\system32\c_852.nls
C:\WINDOWS\system32\c_855.nls
C:\WINDOWS\system32\c_857.nls
C:\WINDOWS\system32\c_860.nls
C:\WINDOWS\system32\c_861.nls
C:\WINDOWS\system32\c_863.nls
C:\WINDOWS\system32\c_865.nls
C:\WINDOWS\system32\c_866.nls
C:\WINDOWS\system32\c_869.nls
C:\WINDOWS\system32\CONFIG.NT
C:\WINDOWS\system32\CONFIG.TMP
C:\WINDOWS\system32\confmsp.dll
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\console.dll
C:\WINDOWS\system32\control.exe
C:\WINDOWS\system32\convert.exe
C:\WINDOWS\system32\CoreAAC.ax
C:\WINDOWS\system32\CoreVorbis.ax
C:\WINDOWS\system32\corpol.dll
C:\WINDOWS\system32\country.sys
C:\WINDOWS\system32\cpuinf32.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\crtdll.dll
C:\WINDOWS\system32\crypt32.dll
C:\WINDOWS\system32\cryptdlg.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptext.dll
C:\WINDOWS\system32\c_875.nls
C:\WINDOWS\system32\c_932.nls
C:\WINDOWS\system32\c_936.nls
C:\WINDOWS\system32\c_949.nls
C:\WINDOWS\system32\c_950.nls
C:\WINDOWS\system32\d3d8.dll
C:\WINDOWS\system32\d3d8thk.dll
C:\WINDOWS\system32\d3d9.dll
C:\WINDOWS\system32\d3dim.dll
C:\WINDOWS\system32\d3dim700.dll
C:\WINDOWS\system32\d3dpmesh.dll
C:\WINDOWS\system32\d3dramp.dll
C:\WINDOWS\system32\d3drm.dll
C:\WINDOWS\system32\d3dx9_25.dll
C:\WINDOWS\system32\d3dx9_27.dll
C:\WINDOWS\system32\d3dxof.dll
C:\WINDOWS\system32\danim.dll
C:\WINDOWS\system32\ddeshare.exe
C:\WINDOWS\system32\ddraw.dll
C:\WINDOWS\system32\ddrawex.dll
C:\WINDOWS\system32\debug.exe
C:\WINDOWS\system32\defrag.exe
C:\WINDOWS\system32\delaySpawn.exe
C:\WINDOWS\system32\desk.cpl
C:\WINDOWS\system32\deskadp.dll
C:\WINDOWS\system32\deskmon.dll
C:\WINDOWS\system32\deskperf.dll
C:\WINDOWS\system32\desktop.ini
C:\WINDOWS\system32\devenum.dll
C:\WINDOWS\system32\devmgmt.msc
C:\WINDOWS\system32\devmgr.dll
C:\WINDOWS\system32\dfrg.msc
C:\WINDOWS\system32\dfrgfat.exe
C:\WINDOWS\system32\dfrgntfs.exe
C:\WINDOWS\system32\dfrgres.dll
C:\WINDOWS\system32\dfrgsnap.dll
C:\WINDOWS\system32\diskpart.exe
C:\WINDOWS\system32\diskperf.exe
C:\WINDOWS\system32\dispex.dll
C:\WINDOWS\system32\divx.dll
C:\WINDOWS\system32\divxa32.acm
C:\WINDOWS\system32\divxdec.ax
C:\WINDOWS\system32\dll32
C:\WINDOWS\system32\dllcache
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhst3g.exe
C:\WINDOWS\system32\dmadmin.exe
C:\WINDOWS\system32\dmband.dll
C:\WINDOWS\system32\dmcompos.dll
C:\WINDOWS\system32\dmconfig.dll
C:\WINDOWS\system32\dmdlgs.dll
C:\WINDOWS\system32\dmdskmgr.dll
C:\WINDOWS\system32\dmdskres.dll
C:\WINDOWS\system32\dmime.dll
C:\WINDOWS\system32\dmintf.dll
C:\WINDOWS\system32\dmloader.dll
C:\WINDOWS\system32\dmocx.dll
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\system32\dmscript.dll
C:\WINDOWS\system32\dmserver.dll
C:\WINDOWS\system32\dmstyle.dll

Invité

C:\WINDOWS\system32\dmsynth.dll
C:\WINDOWS\system32\dmusic.dll
C:\WINDOWS\system32\dmutil.dll
C:\WINDOWS\system32\dmview.ocx
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsrslvr.dll
C:\WINDOWS\system32\docprop2.dll
C:\WINDOWS\system32\doskey.exe
C:\WINDOWS\system32\dosx.exe
C:\WINDOWS\system32\dpcdll.dll
C:\WINDOWS\system32\dplay.dll
C:\WINDOWS\system32\dplaysvr.exe
C:\WINDOWS\system32\dplayx.dll
C:\WINDOWS\system32\dpmodemx.dll
C:\WINDOWS\system32\dpnaddr.dll
C:\WINDOWS\system32\dpnet.dll
C:\WINDOWS\system32\dpnhpast.dll
C:\WINDOWS\system32\dpnhupnp.dll
C:\WINDOWS\system32\dpnlobby.dll
C:\WINDOWS\system32\dpnmodem.dll
C:\WINDOWS\system32\dpnsvr.exe
C:\WINDOWS\system32\dpnwsock.dll
C:\WINDOWS\system32\dpserial.dll
C:\WINDOWS\system32\dpvacm.dll
C:\WINDOWS\system32\dpvoice.dll
C:\WINDOWS\system32\dpvsetup.exe
C:\WINDOWS\system32\dpvvox.dll
C:\WINDOWS\system32\dpwsock.dll
C:\WINDOWS\system32\dpwsockx.dll
C:\WINDOWS\system32\drivers
C:\WINDOWS\system32\drmclien.dll
C:\WINDOWS\system32\drmstor.dll
C:\WINDOWS\system32\drmv2clt.dll
C:\WINDOWS\system32\drprov.dll
C:\WINDOWS\system32\DRVSTORE
C:\WINDOWS\system32\drwatson.exe
C:\WINDOWS\system32\ds16gt.dLL
C:\WINDOWS\system32\ds32gt.dll
C:\WINDOWS\system32\dsauth.dll
C:\WINDOWS\system32\DSCam.Dll
C:\WINDOWS\system32\dsdmo.dll
C:\WINDOWS\system32\dsdmoprp.dll
C:\WINDOWS\system32\dskquota.dll
C:\WINDOWS\system32\dskquoui.dll
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\dsound.dll
C:\WINDOWS\system32\dsound.vxd
C:\WINDOWS\system32\dsound3d.dll
C:\WINDOWS\system32\dsprop.dll
C:\WINDOWS\system32\dsprpres.dll
C:\WINDOWS\system32\dsquery.dll
C:\WINDOWS\system32\dssec.dat
C:\WINDOWS\system32\ersvc.dll
C:\WINDOWS\system32\es.dll
C:\WINDOWS\system32\esent.dll
C:\WINDOWS\system32\esent97.dll
C:\WINDOWS\system32\esentprf.dll
C:\WINDOWS\system32\esentprf.hxx
C:\WINDOWS\system32\esentprf.ini
C:\WINDOWS\system32\esentutl.exe
C:\WINDOWS\system32\eudcedit.exe
C:\WINDOWS\system32\eula.txt
C:\WINDOWS\system32\eventcls.dll
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\eventvwr.exe
C:\WINDOWS\system32\eventvwr.msc
C:\WINDOWS\system32\exe2bin.exe
C:\WINDOWS\system32\expand.exe
C:\WINDOWS\system32\export
C:\WINDOWS\system32\expsrv.dll
C:\WINDOWS\system32\EXSEC32.DLL
C:\WINDOWS\system32\extmgr.dll
C:\WINDOWS\system32\extrac32.exe
C:\WINDOWS\system32\exts.dll
C:\WINDOWS\system32\findstr.exe
C:\WINDOWS\system32\FINFCHECK.dll
C:\WINDOWS\system32\FINFCOPY.dll
C:\WINDOWS\system32\finger.exe
C:\WINDOWS\system32\firewall.cpl
C:\WINDOWS\system32\Fish Tycoon.scr
C:\WINDOWS\system32\fixmapi.exe
C:\WINDOWS\system32\fldrclnr.dll
C:\WINDOWS\system32\FlexCell.ocx
C:\WINDOWS\system32\fltlib.dll
C:\WINDOWS\system32\fltmc.exe
C:\WINDOWS\system32\FlyerSaver.001
C:\WINDOWS\system32\FM20.DLL
C:\WINDOWS\system32\FM20FRA.DLL
C:\WINDOWS\system32\fmifs.dll
C:\WINDOWS\system32\FNTCACHE.DAT
C:\WINDOWS\system32\fontext.dll
C:\WINDOWS\system32\fontsub.dll
C:\WINDOWS\system32\fontview.exe
C:\WINDOWS\system32\forcedos.exe
C:\WINDOWS\system32\format.com
C:\WINDOWS\system32\fpxlib.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\key01.sys
C:\WINDOWS\system32\keyboard.drv
C:\WINDOWS\system32\keyboard.sys
C:\WINDOWS\system32\keymgr.dll
C:\WINDOWS\system32\kmddsp.tsp
C:\WINDOWS\system32\korean.uce
C:\WINDOWS\system32\krnl386.exe
C:\WINDOWS\system32\ksproxy.ax
C:\WINDOWS\system32\kstvtune.ax
C:\WINDOWS\system32\ksuser.dll
C:\WINDOWS\system32\kswdmcap.ax
C:\WINDOWS\system32\ksxbar.ax
C:\WINDOWS\system32\l3codeca.acm
C:\WINDOWS\system32\l3codecp.acm
C:\WINDOWS\system32\igmpagnt.dll
C:\WINDOWS\system32\ils.dll
C:\WINDOWS\system32\imaadp32.acm
C:\WINDOWS\system32\imagehlp.dll
C:\WINDOWS\system32\imagr5.dll
C:\WINDOWS\system32\imagx5.dll
C:\WINDOWS\system32\ImagXpr5.dll
C:\WINDOWS\system32\imail40.ocx
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\IMC32.acm
C:\WINDOWS\system32\IME
C:\WINDOWS\system32\imeshare.dll
C:\WINDOWS\system32\imgutil.dll
C:\WINDOWS\system32\imm32.dll
C:\WINDOWS\system32\IMMC.EXE
C:\WINDOWS\system32\impborl.dll
C:\WINDOWS\system32\Indeo4.qtx
C:\WINDOWS\system32\inetcfg.dll
C:\WINDOWS\system32\inetcomm.dll
C:\WINDOWS\system32\inetcpl.cpl
C:\WINDOWS\system32\inetcplc.dll
C:\WINDOWS\system32\inetmib1.dll
C:\WINDOWS\system32\inetpp.dll
C:\WINDOWS\system32\inetppui.dll
C:\WINDOWS\system32\inetres.dll
C:\WINDOWS\system32\inetsrv
C:\WINDOWS\system32\ipxpromn.dll
C:\WINDOWS\system32\ipxrip.dll
C:\WINDOWS\system32\ipxroute.exe
C:\WINDOWS\system32\ipxrtmgr.dll
C:\WINDOWS\system32\ipxsap.dll
C:\WINDOWS\system32\ipxwan.dll
C:\WINDOWS\system32\ir32_32.dll
C:\WINDOWS\system32\ir41_32.ax
C:\WINDOWS\system32\ir41_qc.dll
C:\WINDOWS\system32\ir41_qcx.dll
C:\WINDOWS\system32\Ir50_32.dll
C:\WINDOWS\system32\ir50_lcs.dll
C:\WINDOWS\system32\Ir50_qc.dll
C:\WINDOWS\system32\Ir50_qcx.dll
C:\WINDOWS\system32\irclass.dll
C:\WINDOWS\system32\irprops.cpl
C:\WINDOWS\system32\isign32.dll
C:\WINDOWS\system32\isrdbg32.dll
C:\WINDOWS\system32\itircl.dll
C:\WINDOWS\system32\itss.dll
C:\WINDOWS\system32\iuengine.dll
C:\WINDOWS\system32\Ivfsrc.ax
C:\WINDOWS\system32\ixsso.dll
C:\WINDOWS\system32\iyuv_32.dll
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\javacpl.cpl
C:\WINDOWS\system32\javacypt.dll
C:\WINDOWS\system32\javaee.dll
C:\WINDOWS\system32\javaprxy.dll
C:\WINDOWS\system32\javart.dll
C:\WINDOWS\system32\javasup.vxd
C:\WINDOWS\system32\javaw.exe
C:\WINDOWS\system32\javaws.exe
C:\WINDOWS\system32\jdbgmgr.exe
C:\WINDOWS\system32\kbdbene.dll
C:\WINDOWS\system32\kbdblr.dll
C:\WINDOWS\system32\kbdbr.dll
C:\WINDOWS\system32\kbdbu.dll
C:\WINDOWS\system32\kbdca.dll
C:\WINDOWS\system32\kbdcan.dll
C:\WINDOWS\system32\kbdcr.dll
C:\WINDOWS\system32\kbdcz.dll
C:\WINDOWS\system32\kbdcz1.dll
C:\WINDOWS\system32\kbdcz2.dll
C:\WINDOWS\system32\kbdda.dll
C:\WINDOWS\system32\kbddv.dll
C:\WINDOWS\system32\kbdes.dll
C:\WINDOWS\system32\kbdest.dll
C:\WINDOWS\system32\kbdfc.dll
C:\WINDOWS\system32\kbdfi.dll
C:\WINDOWS\system32\kbdfi1.dll
C:\WINDOWS\system32\kbdfo.dll
C:\WINDOWS\system32\kbdfr.dll
C:\WINDOWS\system32\kbdgae.dll
C:\WINDOWS\system32\kbdgkl.dll
C:\WINDOWS\system32\kbdgr.dll
C:\WINDOWS\system32\kbdgr1.dll
C:\WINDOWS\system32\kbdhe.dll
C:\WINDOWS\system32\kbdhe220.dll
C:\WINDOWS\system32\kbdhe319.dll
C:\WINDOWS\system32\kbdhela2.dll

Invité

C:\WINDOWS\system32\kbdhela3.dll
C:\WINDOWS\system32\kbdhept.dll
C:\WINDOWS\system32\kbdhu.dll
C:\WINDOWS\system32\kbdhu1.dll
C:\WINDOWS\system32\kbdic.dll
C:\WINDOWS\system32\kbdinbe1.dll
C:\WINDOWS\system32\kbdinben.dll
C:\WINDOWS\system32\kbdinmal.dll
C:\WINDOWS\system32\kbdir.dll
C:\WINDOWS\system32\lprhelp.dll
C:\WINDOWS\system32\lprmonui.dll
C:\WINDOWS\system32\lsasrv.dll
C:\WINDOWS\system32\mcict16.dll
C:\WINDOWS\system32\mciole16.dll
C:\WINDOWS\system32\mciole32.dll
C:\WINDOWS\system32\mcipspct.dll
C:\WINDOWS\system32\mcipspct.ini
C:\WINDOWS\system32\mcipspwa.dll
C:\WINDOWS\system32\mcipspwa.ini
C:\WINDOWS\system32\mciqtz.drv
C:\WINDOWS\system32\mciqtz32.dll
C:\WINDOWS\system32\mciseq.dll
C:\WINDOWS\system32\mciseq.drv
C:\WINDOWS\system32\mciwa16.dll
C:\WINDOWS\system32\mciwatbl.dll
C:\WINDOWS\system32\mciwave.dll
C:\WINDOWS\system32\mciwave.drv
C:\WINDOWS\system32\mciwaw95.dll
C:\WINDOWS\system32\mciwaw95.ini
C:\WINDOWS\system32\mdaccore.rsp
C:\WINDOWS\system32\mdhcp.dll
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\miglibnt.dll
C:\WINDOWS\system32\migpwd.exe
C:\WINDOWS\system32\mimefilt.dll
C:\WINDOWS\system32\mindex.dll
C:\WINDOWS\system32\mlang.dat
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\system32\mll_hp.dll
C:\WINDOWS\system32\mll_mtf.dll
C:\WINDOWS\system32\mll_qic.dll
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmcbase.dll
C:\WINDOWS\system32\mmcndmgr.dll
C:\WINDOWS\system32\mmcshext.dll
C:\WINDOWS\system32\mmdriver.inf
C:\WINDOWS\system32\mmdrv.dll
C:\WINDOWS\system32\mmfutil.dll
C:\WINDOWS\system32\MMSwitch.ax
C:\WINDOWS\system32\MMSwitch.dll
C:\WINDOWS\system32\mmsys.cpl
C:\WINDOWS\system32\mmsystem.dll
C:\WINDOWS\system32\mmtask.tsk
C:\WINDOWS\system32\mmutilse.dll
C:\WINDOWS\system32\mnmdd.dll
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\mobsync.dll
C:\WINDOWS\system32\mobsync.exe
C:\WINDOWS\system32\modemui.dll
C:\WINDOWS\system32\modex.dll
C:\WINDOWS\system32\more.com
C:\WINDOWS\system32\moricons.dll
C:\WINDOWS\system32\mountvol.exe
C:\WINDOWS\system32\mouse.drv
C:\WINDOWS\system32\mp43dmod.dll
C:\WINDOWS\system32\mp4sdmod.dll
C:\WINDOWS\system32\mp4sds32.ax
C:\WINDOWS\system32\MPCDec.ax
C:\WINDOWS\system32\mpeg2data.ax
C:\WINDOWS\system32\mpeg2dmx.ax
C:\WINDOWS\system32\mpg2splt.ax
C:\WINDOWS\system32\mpg4c32.dll
C:\WINDOWS\system32\mpg4dmod.dll
C:\WINDOWS\system32\mpg4ds32.ax
C:\WINDOWS\system32\mpgaudio.ax
C:\WINDOWS\system32\mpgdec.ax
C:\WINDOWS\system32\mplay32.exe
C:\WINDOWS\system32\mpnotify.exe
C:\WINDOWS\system32\mpr.dll
C:\WINDOWS\system32\mprapi.dll
C:\WINDOWS\system32\mprddm.dll
C:\WINDOWS\system32\mprdim.dll
C:\WINDOWS\system32\mprmsg.dll
C:\WINDOWS\system32\mprui.dll
C:\WINDOWS\system32\mrinfo.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\system32\msaatext.dll
C:\WINDOWS\system32\msacm.dll
C:\WINDOWS\system32\msacm32.dll
C:\WINDOWS\system32\msadds32.ax
C:\WINDOWS\system32\msadp32.acm
C:\WINDOWS\system32\msafd.dll
C:\WINDOWS\system32\msapsspc.dll
C:\WINDOWS\system32\msasn1.dll
C:\WINDOWS\system32\msaud32.acm
C:\WINDOWS\system32\msaudite.dll
C:\WINDOWS\system32\msawt.dll
C:\WINDOWS\system32\mscat32.dll
C:\WINDOWS\system32\mscdexnt.exe
C:\WINDOWS\system32\mscms.dll
C:\WINDOWS\system32\MSCOMCT2.OCX
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\WINDOWS\system32\msconf.dll
C:\WINDOWS\system32\mscoree.dll
C:\WINDOWS\system32\mscorier.dll
C:\WINDOWS\system32\mscories.dll
C:\WINDOWS\system32\mscpx32r.dll
C:\WINDOWS\system32\mscpxl32.dll
C:\WINDOWS\system32\msctf.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msctfp.dll
C:\WINDOWS\system32\msdadiag.dll
C:\WINDOWS\system32\msdart.dll
C:\WINDOWS\system32\msdatsrc.tlb
C:\WINDOWS\system32\msdmo.dll
C:\WINDOWS\system32\MsDtc
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\msdtclog.dll
C:\WINDOWS\system32\msyuv.dll
C:\WINDOWS\system32\mtxclu.dll
C:\WINDOWS\system32\mtxdm.dll
C:\WINDOWS\system32\mtxex.dll
C:\WINDOWS\system32\mtxlegih.dll
C:\WINDOWS\system32\mtxoci.dll
C:\WINDOWS\system32\mtxparhd.dll
C:\WINDOWS\system32\mui
C:\WINDOWS\system32\mycomput.dll
C:\WINDOWS\system32\mydocs.dll
C:\WINDOWS\system32\narrator.exe
C:\WINDOWS\system32\narrhook.dll
C:\WINDOWS\system32\nbtstat.exe
C:\WINDOWS\system32\ncobjapi.dll
C:\WINDOWS\system32\ncpa.cpl
C:\WINDOWS\system32\ncpa.cpl.manifest
C:\WINDOWS\system32\ncxpnt.dll
C:\WINDOWS\system32\nddeapi.dll
C:\WINDOWS\system32\nddeapir.exe
C:\WINDOWS\system32\nddenb32.dll
C:\WINDOWS\system32\ndptsp.tsp
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.hlp
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\netapi.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\netcfgx.dll
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\netevent.dll
C:\WINDOWS\system32\netfxperf.dll
C:\WINDOWS\system32\netid.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\system32\netman.dll
C:\WINDOWS\system32\netmsg.dll
C:\WINDOWS\system32\netplwiz.dll
C:\WINDOWS\system32\netrap.dll
C:\WINDOWS\system32\netsetup.cpl
C:\WINDOWS\system32\netsetup.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netshell.dll
C:\WINDOWS\system32\netstat.exe
C:\WINDOWS\system32\netui0.dll
C:\WINDOWS\system32\netui1.dll
C:\WINDOWS\system32\netui2.dll
C:\WINDOWS\system32\newdev.dll
C:\WINDOWS\system32\nlhtml.dll
C:\WINDOWS\system32\nlsdl.dll
C:\WINDOWS\system32\nlsfunc.exe
C:\WINDOWS\system32\nscompat.tlb
C:\WINDOWS\system32\nslookup.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntdos.sys
C:\WINDOWS\system32\ntdos404.sys
C:\WINDOWS\system32\ntdos411.sys
C:\WINDOWS\system32\ntdos412.sys
C:\WINDOWS\system32\ntdos804.sys
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntimage.gif
C:\WINDOWS\system32\ntio.sys
C:\WINDOWS\system32\ntio404.sys
C:\WINDOWS\system32\ntio411.sys
C:\WINDOWS\system32\ntio412.sys
C:\WINDOWS\system32\ntio804.sys
C:\WINDOWS\system32\ntkrnlpa.exe
C:\WINDOWS\system32\ntlanman.dll
C:\WINDOWS\system32\ntlanui.dll
C:\WINDOWS\system32\ntlanui2.dll
C:\WINDOWS\system32\ntlsapi.dll
C:\WINDOWS\system32\ntmarta.dll
C:\WINDOWS\system32\ntmsapi.dll
C:\WINDOWS\system32\ntmsdba.dll
C:\WINDOWS\system32\ntmsevt.dll
C:\WINDOWS\system32\ntmsmgr.dll
C:\WINDOWS\system32\ntmsmgr.msc
C:\WINDOWS\system32\ntmsoprq.msc
C:\WINDOWS\system32\ntmssvc.dll
C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntprint.dll
C:\WINDOWS\system32\ntsdexts.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdmd.dll
C:\WINDOWS\system32\nusrmgr.cpl
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\rasapi32.dll
C:\WINDOWS\system32\rasauto.dll
C:\WINDOWS\system32\rasautou.exe
C:\WINDOWS\system32\raschap.dll
C:\WINDOWS\system32\rasctrnm.h
C:\WINDOWS\system32\rasctrs.dll
C:\WINDOWS\system32\rasctrs.ini
C:\WINDOWS\system32\rasdial.exe
C:\WINDOWS\system32\rasdlg.dll
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\rasmans.dll
C:\WINDOWS\system32\rasmontr.dll
C:\WINDOWS\system32\rasmxs.dll
C:\WINDOWS\system32\rasphone.exe
C:\WINDOWS\system32\rasppp.dll
C:\WINDOWS\system32\rasrad.dll
C:\WINDOWS\system32\rassapi.dll
C:\WINDOWS\system32\perfwci.h
C:\WINDOWS\system32\perfwci.ini
C:\WINDOWS\system32\photowiz.dll
C:\WINDOWS\system32\picn20.dll
C:\WINDOWS\system32\pid.dll
C:\WINDOWS\system32\pidgen.dll
C:\WINDOWS\system32\pifmgr.dll
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping6.exe
C:\WINDOWS\system32\pjlmon.dll
C:\WINDOWS\system32\plustab.dll
C:\WINDOWS\system32\pmspl.dll

Invité

C:\WINDOWS\system32\pncrt.dll
C:\WINDOWS\system32\pndx5016.dll
C:\WINDOWS\system32\pndx5032.dll
C:\WINDOWS\system32\pngfilt.dll
C:\WINDOWS\system32\pnrpnsp.dll
C:\WINDOWS\system32\polstore.dll
C:\WINDOWS\system32\PopTheBubbles2.scr
C:\WINDOWS\system32\powercfg.cpl
C:\WINDOWS\system32\powercfg.exe
C:\WINDOWS\system32\powrprof.dll
C:\WINDOWS\system32\prefscpl.cpl
C:\WINDOWS\system32\PreInstall
C:\WINDOWS\system32\prflbmsg.dll
C:\WINDOWS\system32\print.exe
C:\WINDOWS\system32\printui.dll
C:\WINDOWS\system32\proctexe.ocx
C:\WINDOWS\system32\regwizc.dll
C:\WINDOWS\system32\ReinstallBackups
C:\WINDOWS\system32\remotepg.dll
C:\WINDOWS\system32\remotesp.tsp
C:\WINDOWS\system32\rend.dll
C:\WINDOWS\system32\replace.exe
C:\WINDOWS\system32\reset.exe
C:\WINDOWS\system32\Restore
C:\WINDOWS\system32\resutils.dll
C:\WINDOWS\system32\rexec.exe
C:\WINDOWS\system32\RFERRORS.TXT
C:\WINDOWS\system32\riched20.dll
C:\WINDOWS\system32\riched32.dll
C:\WINDOWS\system32\RICHTEXT.SRG
C:\WINDOWS\system32\RICHTX32.DEP
C:\WINDOWS\system32\RICHTX32.oca
C:\WINDOWS\system32\RICHTX32.OCX
C:\WINDOWS\system32\RLMPCDec.ax
C:\WINDOWS\system32\rmoc3260.dll
C:\WINDOWS\system32\rnaph.dll
C:\WINDOWS\system32\rnr20.dll
C:\WINDOWS\system32\route.exe
C:\WINDOWS\system32\routemon.exe
C:\WINDOWS\system32\routetab.dll
C:\WINDOWS\system32\rpcns4.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\rpcss.dll
C:\WINDOWS\system32\rsaci.rat
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rsh.exe
C:\WINDOWS\system32\rshx32.dll
C:\WINDOWS\system32\rsm.exe
C:\WINDOWS\system32\rsmps.dll
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\system32\rsmui.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\rsvpcnts.h
C:\WINDOWS\system32\rsvpmsg.dll
C:\WINDOWS\system32\rsvpperf.dll
C:\WINDOWS\system32\rsvpsp.dll
C:\WINDOWS\system32\RTCRES.dll
C:\WINDOWS\system32\rtcshare.exe
C:\WINDOWS\system32\rtipxmib.dll
C:\WINDOWS\system32\rtm.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\runas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\runonce.exe
C:\WINDOWS\system32\rwinsta.exe
C:\WINDOWS\system32\s3gnb.dll
C:\WINDOWS\system32\safrcdlg.dll
C:\WINDOWS\system32\safrdm.dll
C:\WINDOWS\system32\safrslv.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samsrv.dll
C:\WINDOWS\system32\sapi.cpl.manifest
C:\WINDOWS\system32\scrrun.dll
C:\WINDOWS\system32\sdbinst.exe
C:\WINDOWS\system32\sdhcinst.dll
C:\WINDOWS\system32\sdpblb.dll
C:\WINDOWS\system32\seclogon.dll
C:\WINDOWS\system32\secupd.dat
C:\WINDOWS\system32\secupd.sig
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\security.dll
C:\WINDOWS\system32\sendcmsg.dll
C:\WINDOWS\system32\sendmail.dll
C:\WINDOWS\system32\sens.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\senscfg.dll
C:\WINDOWS\system32\serialui.dll
C:\WINDOWS\system32\servdeps.dll
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\services.msc
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\shdocvw.dll
C:\WINDOWS\system32\shell.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\ShellExt
C:\WINDOWS\system32\shellstyle.dll
C:\WINDOWS\system32\shfolder.dll
C:\WINDOWS\system32\shgina.dll
C:\WINDOWS\system32\shiftjis.uce
C:\WINDOWS\system32\shimeng.dll
C:\WINDOWS\system32\shimgvw.dll
C:\WINDOWS\system32\shlwapi.dll
C:\WINDOWS\system32\shmedia.dll
C:\WINDOWS\system32\shmgrate.exe
C:\WINDOWS\system32\shrpubw.exe
C:\WINDOWS\system32\l3codecx.ax
C:\WINDOWS\system32\lanman.drv
C:\WINDOWS\system32\lfcmp13n.dll
C:\WINDOWS\system32\lfgif13n.dll
C:\WINDOWS\system32\lights.exe
C:\WINDOWS\system32\lpr.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ltimg11n.dll
C:\WINDOWS\system32\ltocx11n.ocx
C:\WINDOWS\system32\MAPI.DLL
C:\WINDOWS\system32\mcicda.dll
C:\WINDOWS\system32\mdminst.dll
C:\WINDOWS\system32\mode.com
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\msdtcprf.h
C:\WINDOWS\system32\mshearts.exe
C:\WINDOWS\system32\msjdbc10.dll
C:\WINDOWS\system32\msports.dll
C:\WINDOWS\system32\msvbvm50.dll
C:\WINDOWS\system32\msxmlr.dll
C:\WINDOWS\system32\neth.dll
C:\WINDOWS\system32\nmevtmsg.dll
C:\WINDOWS\system32\npwmsdrm.dll
C:\WINDOWS\system32\ntsd.exe
C:\WINDOWS\system32\nv4_disp.dll
C:\WINDOWS\system32\odbc16gt.dll
C:\WINDOWS\system32\odbcjt32.dll
C:\WINDOWS\system32\oobe
C:\WINDOWS\system32\perfci.ini
C:\WINDOWS\system32\perfts.dll
C:\WINDOWS\system32\usp10.dll
C:\WINDOWS\system32\usrcntra.dll
C:\WINDOWS\system32\usrcoina.dll
C:\WINDOWS\system32\usrdpa.dll
C:\WINDOWS\system32\usrdtea.dll
C:\WINDOWS\system32\usrfaxa.dll
C:\WINDOWS\system32\usrlbva.dll
C:\WINDOWS\system32\usrlogon.cmd
C:\WINDOWS\system32\usrmlnka.exe
C:\WINDOWS\system32\usrprbda.exe
C:\WINDOWS\system32\usrrtosa.dll
C:\WINDOWS\system32\usrsdpia.dll
C:\WINDOWS\system32\usrshuta.exe
C:\WINDOWS\system32\usrsvpia.dll
C:\WINDOWS\system32\usrv42a.dll
C:\WINDOWS\system32\usrv80a.dll
C:\WINDOWS\system32\usrvoica.dll
C:\WINDOWS\system32\usrvpa.dll
C:\WINDOWS\system32\utildll.dll
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\uwdf.exe
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\v7vga.rom
C:\WINDOWS\system32\VB40032.DLL
C:\WINDOWS\system32\VB5DB.DLL
C:\WINDOWS\system32\VB5DE.DLL
C:\WINDOWS\system32\VB5FR.DLL
C:\WINDOWS\system32\VB6DE.DLL
C:\WINDOWS\system32\VB6FR.DLL
C:\WINDOWS\system32\VBAEN32.OLB
C:\WINDOWS\system32\VBAEND32.OLB
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\tcmsetup.exe
C:\WINDOWS\system32\tcpmib.dll
C:\WINDOWS\system32\tcpmon.dll
C:\WINDOWS\system32\tcpmon.ini
C:\WINDOWS\system32\tcpmonui.dll
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\tdc.ocx
C:\WINDOWS\system32\telephon.cpl
C:\WINDOWS\system32\telnet.exe
C:\WINDOWS\system32\termmgr.dll
C:\WINDOWS\system32\termsrv.dll
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\themeui.dll
C:\WINDOWS\system32\THREED32.OCX
C:\WINDOWS\system32\ticrf.rat
C:\WINDOWS\system32\timedate.cpl
C:\WINDOWS\system32\timer.drv
C:\WINDOWS\system32\tm20dec.ax
C:\WINDOWS\system32\tmp9AC05.FOT
C:\WINDOWS\system32\toolhelp.dll
C:\WINDOWS\system32\tourstart.exe
C:\WINDOWS\system32\tracert.exe
C:\WINDOWS\system32\tracert6.exe
C:\WINDOWS\system32\traffic.dll
**************************************************************************

Completion time: 2007-08-17 9:07:10
C:\ComboFix-quarantined-files.txt ... 2007-08-17 09:06

--- E O F ---

Invité

Bonjour

Boulepate risque d'être absent
Peux tu me faire un récapitulatif de tes symptômes

En même temps un log Hitjakthis
Merci

Invité

Bonjour,

J'espère que Boulepate va bien j'ai cru voir qu'il y avait des gros souci du coté de la Martinique !!
donc j'avais un trojan qui me faisait apparaitre des popup etc...là je pense ne plus l'avoir mais on avait pas fini toutes les manips ...mon pc étant en très mauvaise état on dirait..
Le rapport :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:27:13, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mr\Bureau\Doc\abcde.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{831E7180-3418-4097-A80D-64C6E495E78F}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{831E7180-3418-4097-A80D-64C6E495E78F}: NameServer = 80.10.246.130 80.10.246.3
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 7287 bytes

Invité

salut
Justement pas de nouvelles
la Martinique est isolée.
Donc...

Bizarre que tes lignes 02 et 020 n'apparaissent pas

Fais ce qui suit

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Invité

Coucou,

Alors j'ai fais l'analyse avec Vundo et il me dit qu'il n'y a pas de fichiers infectés.

» Win32.Obfuscated.en
» trojan.win.32.obfuscated.en
» Win32.skiMorph
» win32/cryptexe