Se connecter / S'enregistrer
Votre question

Vers - Chevaux de Troie

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Décembre 2007 15:35:53

Bonjour a tous voila mon probleme mon pc est devenu très lent. Je dois avoir des vers et un vheaval de troie, je n'arrive pas a m'en débarrasser voila mon rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:43, on 16/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JC\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/side.html?chann...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ig/dell?hl=fr&client=dell-row&chan...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\xinhkkaw\wkxsahkn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Razdejfb\fwdebjxw.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\nnnnonn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BMUY Agent] C:\WINDOWS\system32\28463\BMUY.exe
O4 - HKLM\..\Run: [cvobsvul] rundll32.exe "C:\Program Files\slsjylwz\cbklobcf.dll",Init
O4 - HKLM\..\Run: [hudyhqlw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hudyhqlw.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [zwtqputy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zwtqputy.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [navmrkls] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\navmrkls.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: findfast.exe
O4 - Startup: install.lnk = ?
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: nnnnonn - C:\WINDOWS\SYSTEM32\nnnnonn.dll
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12339 bytes

Autres pages sur : vers chevaux troie

16 Décembre 2007 15:45:51

Salut,

Tu es en effet très infecté.

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

+++++++++++++

Télécharge SmitfraudFix (de S!ri)
Enregistre le sur ton bureau.

Lance-le en double cliquant sur SmitfraudFix.exe
Appuie sur une touche comme demandé.
Exécute l’option 1, un rapport va apparaître, poste le .

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance SmitfraudFix.
Prends cette fois l’option 2. (Oui à toutes les questions)

Si tu dois redémarrer, ton ordi fais-le .
Poste le rapport qui se situe dans C:\rapport.txt .

+++++++++++++++++

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
16 Décembre 2007 18:26:43

re bonjour a tous.

Comme prevu je vous envoi tout les rapports créer par les logiciel:

pour le premier rapport:


SDFix: Version 1.118

Run by JC on 16/12/2007 at 16:47

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\JC\MESDOC~1\SDFix

Safe Mode:
Checking Services:

Killing PID 1984 'shell.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service xpdx - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\PROGRA~1\XINHKKAW\WKXSAHKN.DLL - Deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HETGBIPY.DLL - Deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\NAVMRKLS.DLL - Deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\UFMZMTEF.DLL - Deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\UNAPENSD.DLL - Deleted
C:\DOCUME~1\JC\LOCALS~1\TEMP\RAR$EX00.922\BACKUPS\BACKUP~1.DLL - Deleted
C:\Documents and Settings\JC\Bureau\Find Spyware Remover.lnk - Deleted
C:\Documents and Settings\JC\Bureau\Free Online Dating.lnk - Deleted
C:\Documents and Settings\JC\Bureau\Go to Casino.lnk - Deleted
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe - Deleted
C:\Program Files\spoolsv.exe - Deleted
C:\DOCUME~1\JC\LOCALS~1\Temp\removalfile.bat - Deleted
C:\DOCUME~1\JC\LOCALS~1\Temp\uninstall.exe - Deleted
C:\WINDOWS\avp.exe - Deleted
C:\WINDOWS\Casino.ico - Deleted
C:\WINDOWS\Free Online Dating.ico - Deleted
C:\WINDOWS\mgrs.exe - Deleted
C:\WINDOWS\shell.exe - Deleted
C:\WINDOWS\Spyware Remover.ico - Deleted
C:\WINDOWS\system32\printer.exe - Deleted
C:\WINDOWS\system32\spoolvs.exe - Deleted
C:\WINDOWS\xpupdate.exe - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
:COD4.exe 1809584
Total size: 1809584 bytes.

system32: deleted 1809584 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 17:02:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"=str(7):"\x6264\2\x88689\x686c\0\xffe8\xffffService\0\0\0\xfff8\xffff\x9ae09\xffd8\xffff\x6b76\v\4\x8000\0\0\4\0\1B\x6f43\x666e\x6769\x6c46\x6761s\xecc88\xffe8\xffffRegSrvc\0\x9d58\0\xfff0\xffff\x5ec8;\x5f00;\x5f38;\xfff0\xffffWPD\0\x86709\xffd8\xffff\x6b76\16\4\x8000\1\0\4\0\1v\x6e45\x6261\x656c\x6946\x6572\x6177\x6c6ce\xffe0\xffffl_intl.nls\0\0\0\0\xffe8\xffffPlugPlay\0\0\b\0\x98689\xffc0\xffff\x686c\5\xc9e89\x572e\x237c\x5020\t\xb5c8\1\x5170\t\x1300A\x5728\t\xc56\0\xe7e0\16\x596f\x9c2p\0\x51c8:\1\0\19\xfff0\xffff2.0\0\x7a44\x4a2f\xffe0\xffffLocalSystem\0\x87749\xffe0\xffff\x6b76\a"\0\x96a89\1\0\1e\x6553\x7672\x6369e\xffd8\xffff\x6b76\20@\0\x95b89\2\0\19\x7645\x6e65\x4d74\x7365\x6173\x6567\x6946\x656c\xffd8\xffff\x6b76\16\4\x8000\a\0\4\0\19\x7954\x6570\x5373\x7075\x6f70\x7472\x6465\x4e79\xffe0\xffff\x6b76\6\4\x8000\1\0\4\0\1y\x654c\x6167\x7963v\xfff0\xffff\xa020L\xe020L\x87289\xffd8\xffff\x6b76\20^\0\xf8309\1\0\19\x7645\x6e65\x4d74\x7365\x6173\x6567\x6946\x656c\xffd8\xffff\x6b76\16\4\x8000\a\0\4\0\19\x7954\x6570\x5373\x7075\x6f70\x7472\x64659\xff90\xffff%SystemRoot%\system32\svchost.exe -k WudfServiceGroup\0\xffd8\xffff\x6b76\vn\0\x89609\1\0\1s\x6944\x7073\x616c\x4e79\x6d61ee \xff88\xffffWindows Driver Foundation - User-mode Driver Framework\0\0\x87509\xffd8\xffff\x6b76\17\24\0\x87489\a\0\1e\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffd8\xffff\x6b76\r\2\x8000\0\0\a\0\1\0\x6544\x6570\x646e\x6e4f\x7247\x756f\x8a709\xffd8\xffff\x6b76\nD\0\x80d8:\2\0\19\x6553\x7672\x6369\x4465\x6c6c9\x8aa89\xffa8\xffff\x6b6e \x9bce\x8885\xcdd7\x1c7\0\0\x96009\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x4608 \x68a8\t\xffff\xffff\0\0\0\0\20\0\xa8\0\1\0\b\0\x6553\x7563\x6972\x7974\xffd8\xffff\x6b76\n\30\0\x87b89\1\0\1T\x624f\x656a\x7463\x614e\x656dY\L\xffd8\xffff\x6b76\vP\0\x8020:\1\0\1\0\x6544\x6373\x6972\x7470\x6f69\x806e\20\0\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\19\x7453\x7261\x89749\xffe8\xffff\x6b76\0\32\0\x72f0D\1\0\09\xff88\xffff\x6b6e \x6b94\x99f2\xcdd7\x1c7\0\0\x2d28\0\0\0\0\0\xffff\xffff\xffff\xffff\4\0\x72204\xdb18/\xffff\xffff\0\0\0\0\26\0:\0002\0&\0\x457b\x4345\x4135\x3944\x2d38\x3038\x3038\x342d\x3532\x2d66\x3239\x4132\x442d\x4241\x3346\x4544\x4633\x3936\x7d41\0\xffc8\xffffPortable Devices\0Devices\0\0\xffd8\xffff\x6b76\v:\0\x8c089\1\0\1\0\x6e49\x7473\x6c61\x656c\x33722\0\0\xffc0\xffffwpd_ci.dll,WpdClassInstaller\0\0\xffe0\xffff\x6b76\5\b\0\x86f09\1\0\1\0\x6c43\x7361s\0\xffa8\xffff\x6b6e \xd94a\x2c9b\xc99a\x1c7\0\0\x9020\4\4\0\0\0\x92909\xffff\xffff\a\0\x8f089\x8cc09\xffff\xffff\30\0\0\0006\0\4\0\3\0\5\0\x7254\x6361e\0\xff40\xffff\x6b73\0\x94e8'\xed20@\n\0\xa8\0\1\x8004p\0\x8c\0\0\0\24\0\2\\4\0\x300\24?\17\x101\0\0\x500\22\0\x300\30?\17\x201\0\0\x500 \0\x220\0\x300\24?\17\x101\0\0\x500\23\0\x300\24\31\2\x101\0\0\x500\v\0\x501\0\0\x500\25\0\xb86c\x2ad5\xd8ef\x9959\x9a0\x323b\x1f4\0\x501\0\0\x500\25\0\xb86c\x2ad5\xd8ef\x9959\x9a0\x323b\x201\0\xffa0\xffff\x6b6e \x1604\x2c78\xc99a\x1c7\0\0\x8c689\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x90789\x8cc09\xffff\xffff\0\0\0\0(\0\4\0\0\0\f\0\x7077\x6364\x6e6f\x736e\x642e\x6c6c\0\0\xfff0\xffff0\0\09\xe2d0\xe465\xffd8\xffff\x6b76\v\4\x8000\0\20\4\0\1\0\x614d\x4678\x6c69\x5365\x7a69e\0\0\xffd0\xffff\x6b76\21\4\x8000\x401\0\4\0\1\0\x6544\x6166\x6c75\x5474\x6172\x6563\x6c46\x6761s\0\0\0\xffd8\xffff\x6b76\20\4\x8000\0\0\4\0\1\0\x6544\x6166\x6c75\x5474\x6172\x6563\x614d\x6b73\xffd0\xffff\x6b76\21\4\x8000\0\0\4\0\1\0\x6544\x6166\x6c75\x5474\x6172\x6563\x654c\x6576l\0\0\0\xffd0\xffff\x6b76\30\4\x8000\n\0\4\0\1\0\x6544\x6166\x6c75\x4d74\x7861\x7254\x6361\x4165\x7272\x7961\x6953\x657a\xffc8\xffff\x6b76\e\4\x8000\1\0\4\0\1\0\x6544\x6166\x6c75\x4574\x616e\x6c62\x4f65\x6a62\x6365\x5474\x6172\x6b63\x6e69g\0\0\xffe0\xffff\x8df09\x8e189\x8e489\x8e709\x8ea09\x8ed09\x8f289\xffd8\xffff\x6b76\v\4\x8000\30\0\4\0\1\0\x6548\x7061\x704f\x6974\x6e6fs\0\0\xffd8\xffff\x6b76\n\4\x8000\x401\0\4\0\1\0\x7254\x6361\x4665\x616c\x7367\0\0\0\xffd8\xffff\x6b76\t\4\x8000\0\0\4\0\1\0\x7254\x6361\x4d65\x7361k\0\0\0\xffd8\xffff\x6b76\n\4\x8000\0\0\4\0\1\0\x7254\x6361\x4c65\x7665\x6c65\0\0\0\xffd0\xffff\x6b76\21\4\x8000\n\0\4\0\1\0\x614d\x5478\x6172\x6563\x7241\x6172\x5379\x7a69e\0\0\0\xfff8\xffff\x9ea89\x6268\x6e69\x90009\x1000\0\0\0\0\0\0\0\0\0\0\0\xffd0\xffff\x6b76\24\4\x8000\1\0\4\0\1\0\x6e45\x6261\x656c\x624f\x656a\x7463\x7254\x6361\x696b\x676e\0\0\xffd8\xffff\x6b76\v\4\x8000\30\0\4\0\1\0\x6548\x7061\x704f\x6974\x6e6fs\0\0\xffe0\xffff\x8f509\x8f789\x8fa09\x8fc89\x90209\x90509\0\0\xffa0\xffff\x6b6e \x4fe2\x2c92\xc99a\x1c7\0\0\x8c689\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x92109\x8cc09\xffff\xffff\0\0\0\0(\0\4\0\3\0\t\0\x7077\x7364\x2e70\x6c64l\0\0\0\xffd8\xffff\x6b76\n\4\x8000\x401\0\4\0\1\0\x7254\x6361\x4665\x616c\x7367\0\0\0\xffd8\xffff\x6b76\t\4\x8000\0\0\4\0\1\0\x7254\x6361\x4d65\x7361k\0\0\0\xffd8\xffff\x6b76\n\4\x8000\0\0\4\0\1\0\x7254\x6361\x4c65\x7665\x6c65\0\0\0\xffd0\xffff\x6b76\21\4\x8000\n\0\4\0\1\0\x614d\x5478\x6172\x6563\x7241\x6172\x5379\x7a69e\0\0\0\xfff0\xffff\x686c\1\x9e509\xe2d0\xe465\xfff8\xffff\xabb89\xffd0\xffff\x6b76\24\4\x8000\1\0\4\0\1\0\x6e45\x6261\x656c\x624f\x656a\x7463\x7254\x6361\x696b\x676e\0\0\xffd8\xffff\x6b76\v\4\x8000\30\0\4\0\1\0\x6548\x7061\x704f\x6974\x6e6fs\0\0\xffe0\xffff\x90f89\x91209\x91489\x91709\x91b89\x91e89\0\0\xffa0\xffff\x6b6e \x76f0\x2c99\xc99a\x1c7\0\0\x8c689\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x93b89\x8cc09\xffff\xffff\0\0\0\0(\0\4\0\1\0\n\0\x7057\x4d64\x7074\x642e\x6c6c\0\0\0\xffd8\xffff\x686c\4\x8d809\x75ae\xaa4f\x92309\xbb42\xff0f\x93d89\x211e\x9de8\x90989\xb6ec\xf5a1\xffd8\xffff\x6b76\n\4\x8000\x401\0\4\0\1\0\x7254\x6361\x4665\x616c\x7367\0\0\0\xffd8\xffff\x6b76\t\4\x8000\0\0\4\0\1\0\x7254\x6361\x4d65\x7361k\0\0\0\xffd8\xffff\x6b76\n\4\x8000\0\0\4\0\1\0\x7254\x6361\x4c65\x7665\x6c65\0\0\0\xffd0\xffff\x6b76\21\4\x8000\n\0\4\0\1\0\x614d\x5478\x6172\x6563\x7241\x6172\x5379\x7a69e\0\0\0\xffd0\xffff\x6b76\24\4\x8000\1\0\4\0\1\0\x6e45\x6261\x656c\x624f\x656a\x7463\x7254\x6361\x696b\x676e\0\0\xffd8\xffff\x6b76\v\4\x8000\30\0\4\0\1\0\x6548\x7061\x704f\x6974\x6e6fs\0\0\xffe0\xffff\x92b89\x92e09\x93089\x93309\x93609\x93909\0\0\xffa0\xffff\x6b6e \x3ba4\x2c9e\xc99a\x1c7\0\0\x8c689\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x95389\x8cc09\xffff\xffff\0\0\0\0(\0\4\0\2\0\f\0\x7057\x4d64\x7074\x5355\x642e\x6c6c\0\0\xffd8\xffff\x6b76\n\4\x8000\x401\0\4\0\1\0\x7254\x6361\x4665\x616c\x7367\0\0\0\xffd8\xffff\x6b76\t\4\x8000\0\0\4\0\1\0\x7254\x6361\x4d65\x7361k\0\0\0\xffd8\xffff\x6b76\n\4\x8000\0\0\4\0\1\0\x7254\x6361\x4c65\x7665\x6c65\0\0\0\xffd0\xffff\x6b76\21\4\x8000\n\0\4\0\1\0\x614d\x5478\x6172\x6563\x7241\x6172\x5379\x7a69e\0\0\0\xffd0\xffff\x6b76\24\4\x8000\1\0\4\0\1\0\x6e45\x6261\x656c\x624f\x656a\x7463\x7254\x6361\x696b\x676e\0\0\xffd8\xffff\x6b76\v\4\x8000\30\0\4\0\1\0\x6548\x7061\x704f\x6974\x6e6fs\0\0\xffe0\xffff\x94389\x94609\x94889\x94b09\x94e09\x95109\0\0\xffa0\xffff\x6b6e \x8eb6\x87f6\xcdd7\x1c7\0\0\xb978\n\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x7ff0\1\x1390<\xffff\xffff\0\0\0\0 \0@\0\xbd\0\t\0\x7557\x6664\x3130\x3030\xff30\xffff\xffff\xffff\xffb8\xffff%SystemRoot%\System32\spmsg.dll\0\1\x8014\xffa8\xffff\x6b6e \x47fa\x88f3\xcdd7\x1c7\0\0\x5888\t\2\0\0\0\x73085\xffff\xffff\f\0\x81a0:\x218\0\xffff\xffff\24\0\0\0\36\0n\0\x175\0\a\0\x7557\x6664\x7653\x563\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\x500\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\x201\0\xffd8\xffff\x6b76\tl\0\x88c89\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffd8\xffffProtectedStorage\0\x6d61\xfff0\xffff\x6660;\x6690;\x66f8;\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1o\x6143\x6170\x6962\x696c\x6974\x7365il\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1 \x6143\x6170\x6962\x696c\x6974\x7365s\\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1l\x6143\x6170\x6962\x696c\x6974\x7365te\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\0011\x6143\x6170\x6962\x696c\x6974\x7365\0\0\xff88\xffff.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip\0kTi\xff90\xffffC:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip\0\\xffe0\xffff\x6b76\4\4\x8000\20\0\4\0\1z\x7954\x6570\x6574\x6c46\xffc8\xffff\x6b76\e\x4842\0\x86709\a\0\1\5\x6550\x646e\x6e69\x4667\x6c69\x5265\x6e65\x6d61\x4f65\x6570\x6172\x6974\x6e6fsOR\30\0\xe690\5\20\0\x94c0E\xeb486\x80d07\xffd8\xffff\x6b76\17B\0\x8d60E\1\0\1\0\x6e45\x6d75\x7250\x706f\x6150\x6567\x33732\xffc0\xffff\x6b76"h\0\xf7c0?\1\0\1c\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x695c\x7554\x656e\x5c73\x5469\x6e75\x7365\x652e\x6578io \xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1D\x7453\x7261th\20\0ed\\0\0\0\xffd8\xffff\x6b76\t\x9e\0\x99989\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xff58\xffff"C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"\0\0\0\0\xffd8\xffff\x6b76\v\30\0\x9a689\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffe0\xffffRoxMediaDB9\0\0\0\xffa8\xffff\x6b6e \x1fac\x5dae\xc99a\x1c7\0\0\xebc0\1\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x86989\x68a8\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\x9b009\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffd8\xffff\x6b76\n\30\0\x9bd89\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xffe0\xffffLocalSystem\0\0\0\xffe0\xffff\xec20\1\xec40\1\xec70\1\x99709\x9a409\x9bb09\x9c189\xffd8\xffff\x6b76\v4\0\x9c409\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffc8\xffffRoxio RoxMediaDB9 Service\0\xffa0\xffff\x6b6e \xfb6a\x728f\x3ffc\x1c8\0\0\x5888\t\1\0\1\0\x91a09\x96e0\x8000\6\0\x9fc09\x218\0\xffff\xffff\20\0\0\0\30\0\x9a\0\x112\0\t\0\x6f52\x5778\x7461\x68639\0\0\0\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffd8\xffff\x6b76\t\x9a\0\x9d489\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xff60\xffff"C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"\0\0\xffd8\xffff\x6b76\v6\0\x9e109\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffc0\xffffRoxio Hard Drive Watcher 9\0\0\0\0\xffa8\xffff\x6b6e \xa4ca\x5e14\xc99a\x1c7\0\0\x9c789\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8ff89\x68a8\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\x9ec89\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffd8\xffff\x6b76\n\30\0\x9fa09\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xffe0\xffffLocalSystem\0\0\0\xffe0\xffff\xec98\1\x9cd89\x9cf89\x9d209\x9de89\x9f789\0\0\xffe0\xffff\x6b76\4\4\x8000\2\0\4\0\1\0\x7954\x6570\0\0\x6268\x6e69\xa0009\x1000\0\0\0\0\0\0\0\0\0\0\0\xffa8\xffff\x6b6e \x36b6\x728b\x3ffc\x1c8\0\0\x5888\t\0\0\1\0\xffff\xffff\x2588\x8000\6\0\xa1789\xdb18/\xffff\xffff\b\0\0\0\30\0<\0M\0\b\0\x4c44\x5241\x4c54\x4d5f\xffd8\xffff\x6b76\t<\0\xa0a09\1\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffc0\xffffSystem32\Drivers\DLARTL_M.SYS\0\xffe0\xffff\x6b76\5\4\x8000\1\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffe0\xffff\x6b76\5\n\0\xa1489\1\0\1\0\x7247\x756fp\0\xfff0\xffffBase\0\0\xffe0\xffff\x6b76\3\4\x8000\4\0\4\0\1\0\x6154g\0\0\xffe0\xffff\xa0789\x9fe09\xa0e09\xa1009\xa1289\xa1589\0\0\xffa8\xffff\x6b6e \x36b6\x728b\x3ffc\x1c8\0\0\x5888\t\0\0\1\0\xffff\xffff\x2128\x8000\6\0\xa3089\xdb18/\xffff\xffff\b\0\0\0\30\0004\0I\0\b\0\x4c44\x4441\x6552\x4d73\xffd8\xffff\x6b76\t4\0\xa2189\1\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffc8\xffffSystem32\DLA\DLADResM.SYS\0\xffe0\xffff\x6b76\4\4\x8000\2\0\4\0\1\0\x7954\x6570\0\0\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffe0\xffff\x6b76\5\n\0\xa2d89\1\0\1\0\x7247\x756fp\0\xfff0\xffffBase\0\0\xffe0\xffff\x6b76\3\4\x8000\a\0\4\0\1\0\x6154g\0\0\xffe0\xffff\xa1f09\xa2509\xa2709\xa2909\xa2b89\xa2e89\0\0\xffa8\xffff\x6b6e \x97dc\x7452\x3ffc\x1c8\0\0\x5888\t\0\0\1\0\xffff\xffff\x62f0\x8001\6\0\xa4a89\xdb18/\xffff\xffff\b\0\0\0\30\0<\0H\0\b\0\x4c44\x4341\x4244\x4d48\xffd8\xffff\x6b76\t<\0\xa3a89\1\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffc0\xffffSystem32\Drivers\DLACDBHM.SYS\0\xffe0\xffff\x6b76\4\4\x8000\2\0\4\0\1\0\x7954\x6570\0\0\xffe0\xffff\x6b76\5\4\x8000\1\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffe0\xffff\x6b76\5\16\0\xa4709\1\0\1\0\x7247\x756fp\0\xffe8\xffffFilter\0\0\0\0\xffe0\xffff\x6b76\3\4\x8000\1\0\4\0\1\0\x6154g\0\0\xffe0\xffff\xa3809\xa3e89\xa4089\xa4289\xa4509\xa4889\0\0\xffe0\xffff\x6b76\4\4\x8000\2\0\4\0\1P\x7954\x6570el\xfff0\xffff\x686c\1\xab609\xe2d0\xe465\xffa8\xffff\x6b6e \x36b6\x728b\x3ffc\x1c8\0\0\x5888\t\0\0\1\0\xffff\xffff\x2240\x8000\6\0\xa6689\xdb18/\xffff\xffff\b\0\0\0\30\0004\0J\0\b\0\x4c44\x4941\x5346\x4d5f\xffd8\xffff\x6b76\t4\0\xa5789\1\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffc8\xffffSystem32\DLA\DLAIFS_M.SYS\0\xffe0\xffff\x6b76\4\4\x8000\2\0\4\0\1\0\x7954\x6570\0\0\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffe0\xffff\x6b76\5\n\0\xa6389\1\0\1\0\x7247\x756fp\0\xfff0\xffffBase\0\0\xffe0\xffff\x6b76\3\4\x8000\b\0\4\0\1\0\x6154g\0\0\xffe0\xffff\xa5509\xa5b09\xa5d09\xa5f09\xa6189\xa6489\0\0\xffa8\xffff\x6b6e \x36b6\x728b\x3ffc\x1c8\0\0\x5888\t\0\0\1\0\xffff\xffff\x2470\x8000\6\0\xa7f89\xdb18/\xffff\xffff\b\0\0\0\30\0004\0L\0\b\0\x4c44\x5041\x6f6f\x4d6c\xffd8\xffff\x6b76\t4\0\xa7089\1\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffc8\xffffSystem32\DLA\DLAPoolM.SYS\0\xffe0\xffff\x6b76\4\4\x8000\2\0\4\0\1\0\x7954\x6570\0\0\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffe0\xffff\x6b76\5\n\0\xa7c89\1\0\1\0\x7247\x756fp\0\xfff0\xffffBase\0\0\xffe0\xffff\x6b76\3\4\x8000\b\0\4\0\1\0\x6154g\0\0\xffe0\xffff\xa6e09\xa7409\xa7609\xa7809\xa7a89\xa7d89\0\0\xffa8\xffff\x6b6e \x36b6\x728b\x3ffc\x1c8\0\0\x5888\t\0\0\1\0\xffff\xffff\x2358\x8000\6\0\xf528\16\xdb18/\xffff\xffff\b\0\0\0\30\0004\0K\0\b\0\x4c44\x4f41\x4950\x4d4f\xffa8\xffff\x6b6e \x36b6\x728b\x3ffc\x1c8\0\0\x5888\t\0\0\1\0\xffff\xffff\x2e40\x8000\6\0\xa9a89\xdb18/\xffff\xffff\b\0\0\0\30\0:\0Z\0\a\0\x5244\x4e56\x4444M\xffc0\xffffSystem32\Drivers\DRVNDDM.SYS\0\0\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffe0\xffff\x6b76\5\16\0\xa9709\1\0\1\0\x7247\x756fp\0\xffe8\xffffFilter\0\0\0\0\xffe0\xffff\x6b76\3\4\x8000\1\0\4\0\1\0\x6154g\0\0\xffe0\xffff\xfda8\16\xa4c89\xa9089\xa9289\xa9509\xa9889\0\0\xffa0\xffff\x6b6e \x9910\x728d\x3ffc\x1c8\0\0\x5888\t\1\0\1\0\xa4e89\x51b8\x8000\a\0\xacd09\x218\0\xffff\xffff\20\0\0\0\30\0~\0\x9e\0\f\0\x636d\x696d\x7073\x7075\x6d64\x7267\0\0\xffe0\xffff\x6b76\4\4\x8000\x110\0\4\0\1\0\x7954\x6570\0\0\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffd8\xffff\x6b76\tH\0\xaab89\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffb0\xffffC:\PROGRA~1\McAfee\MSC\mcupdmgr.exe\0\0\0\xffd8\xffff\x6b76\v,\0\xab309\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffd0\xffffMcAfee Update Manager\0\xffa8\xffff\x6b6e \xb3a0\x75d6\xc99a\x1c7\0\0\xa9c89\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x91b09\x68a8\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\b\xa8\0\xabd89\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffd8\xffff\x6b76\n\30\0\xacb09\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xffe0\xffffLocalSystem\0\0\0\xffe0\xffff\xaa289\xaa489\xaa689\xaa909\xab089\xac889\xacf09\xffd8\xffff\x6b76\v~\0\xad189\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xff78\xffffT\xe9l\x00e9charge et installe les mises \xe0 jour des programmes McAfee.\0\0\0\0\xffa8\xffff\x6b6e \x9910\x728d\x3ffc\x1c8\0\0\x5888\t\1\0\1\0\xaf889\x52d8\x8000\a\0\xbf989\x218\0\xffff\xffff\20\0\0\0\30\0H\0\x9f\0\b\0\x636d\x736d\x7363\x6376\xffe0\xffff\x6b76\4\4\x8000\20\0\4\0\1\0\x7954\x6570\0\0\xfff8\xffff\xaf989\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffd8\xffff\x6b76\tH\0\xae909\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffb0\xffffC:\PROGRA~1\McAfee\MSC\mcmscsvc.exe\0\0\0\xffd8\xffff\x6b76\v \0\xaf089\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffd8\xffffMcAfee Services\0\0\0\xffa8\xffff\x6b6e \x5b82\x76a1\xc99a\x1c7\0\0\xada09\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xae189\x68a8\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xfff0\xffff\x686c\1\xaf309\xe2d0\xe465\xffe0\xffff\x6b76\b\xa8\0\xbee89\3\0\1\0\x6553\x7563\x6972\x7974\xffd8\xffff\x6b76\n\30\0\xafe09\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xffe0\xffffLocalSystem\0\0\0\x6268\x6e69\xb0009\x2000\0\0\0\0\0\0\0\0\0\0\0\xf138\xffff\x686c\x180\x5758 \x2764\x3188\x5380\n\x221a\x5404\xdf88B\x3aff\x1386\x9208=\x160\x1fe0\x5198\n\x2e9b\xfdf9\x58e0\t\x2bd0\x56e3\x5a28\t\x7c26\x70b8\x5c68\t\xaf413\x5eb8\t\x3cd5\x1464\x6ca8H\x4181\xf4b7\x6020\t\xa796\xa63e\x2ab84\x65d5\1\xc708"\x7c05\x1496\x6230\t\x65fb\1\x6630\t\x2dc4\x14d6\x4ad8$\x8228\x14d6\x69f0\t\x76b8\x567\x6c98\t\x7b47\x9c7\x6ed0\t\x7bdc\x9c7\x7138\t\x6f83\x167c\x7898\t\x66dc\1\x7d68\t\x3420\x1560\x11c8#\x25a2\x4fda\x3078#\xc572\x1578\x7eb0\t\x8934\x1584\xdc0\30\xe849\x15d7\xe338A\x869a\x8248\x8100\t\x4b86\x283b\xa0d0%\x6f0c\x3069\x8708\t\x67db\1\x8930\t\xacee\x62a8\x8b70\t\x5b78\x3319\xd1c8"\xca89\x3489\xcf98"\xff65\x6305\x1a50C\x7dff\x8721\x8d80\n\xa23f\x1cd\x8df8\t\xfd37\xc0a7\x91b0\t\x2927\x785\xa8a0\t\x2088\x1641\xa9b0\t\xe0dc\x3864\xadc0\t\xf795\x9b31\xb3c8\t\x902c\x3b93\xd7101\xf00e\x16e2\xb690\t\x78da\x793\xb758\t\x7e404\xb898\t\x95d24\xc020\t\xc2ac\xc958\xfc60I\x2909\x1c82\x9700%\x9a88\x7b0\xc7b8\t\x68cd\x1f6a\xca00\t\x20a9\x5aff\xcc38\t\xf341\x26d6\xcd80\t\x3eec5\xcee8\t\x5801\x7b2\xd308\t\x504\x375a\xd3f8\t\x3ba4\x7b6\xd818\t\x5ab\x48c9\xea80B\x665f\xb77e\xa348'\x7147\x1dbb\xde10\t\x256a\x1dbd\x9ba8'\x60da\x6052\xdf70\t\x9153\xfaed\xe6d0\t\xd929\x75ce\xeb28\t\xb18f\x94d4\xef90\t\x6cd7\x828\xf2e0\t\x8f36\x5cc3\xfb28\t\xa7a\xb37d\xfd58\t\x26cd\xf1c1 \n\xd992\xfe17\x578\n\x19bb6\x1f58\n\x215f6\xfa28\16\x3772\x7cc9\xf548\16\xd2a3\x7cca\xa3289\xc4a3\x7cde\xa1989\x414c\x7d06\xa4f89\x443f\x7d8c\xa8189\x5cbd\x7e3f\xa6889\x4f78\x7e5b\xa0209\x515f\x7e98\xf888\16\x99f6\x7ee1\xf6e8\16\x9e4c\x7ee1\x22f0\n\xd1fa\xe4ea\x2778\n\xd641\x21dd\x2940\n\x35556\x2c40\n\x8ecd\x21e5\x2e10\n\xf6e8\x6076\x3c304\x9a1d\x21ec\x35f0\n\x1ce9\xf91e\x3ef0\n\x6652\x2241\x19784\xae00\xfaf1\xfbc8\16\xa26e\xfbf4\xa8709\x6daf\xfbf5\x3ab0:\xf135\x8a01\x3df0:\x4507\xff6f\x34b8:\x7e9f\xff48\x4138\n\x2024\x7dc\xe0d09\x87e0\x7f90\x4480\n\x624b\x7f6\x4a30\n\x9b80\xa25a\x92b0\v\x8493\xfff9\x66482\x56d\x270f\x9b30\v\x49c1\xe73c\x9c60\v\x30c3\x63f8\xa300\v\x8013\1\xaaf8\v\x806d\1\xf0f0\t\xacb27\xf1c0\t\x9cf2\xf216\xae90\v\x50a8\x2a13\xb598\v\x1a22\x2ae4\xb6a8\v\xa6b1\x2aeb\xbda0@\xfac0\x1c88\xf020\27\x6372\x46d1\xb8e8\v\x8782\1\x98c82\xe015\xa7e9\x80e8=\xe5c4\x831\xcd18@\xb733\x185d\x6f30\31\x7568\x20f8\xbca0\v\x7919\x28d5\xc410\v\x231d\x387b\x4d30<\x8a23\x31f5\xcaf8\v\x8ce6\1\x95c81\xa20a\x6212\x98401\xf0d5\x7493\xccf0\v\x73d09\xd328\v\x6a62\x53b9\xda48\v\x93e7\x738e\xdb80\v\xf3cb\x84f\xdda8\v\x4ab9\xc632\x7e589\x8875\x8054\xe1b8\v\x87a4\x864\xe3e8\v\x19ad\x4c38\xe840\v\x3dda\x450e\xe910\v\xfe73\xe68d\xeb50\v\xc7e0\x36af\xec40\v\x7ae2\x8169\xee28\v\xa215\x8169\xf190\v\x9d04\x866\xf580\v\xb18b\xc0d9\xf938\v\x8a0d\x36e3\xfd20\v\x1ca0\x867\xdb70?\x42fd\xc262 \f\x37e0\x867\x348\f\xa634\x3719\x698\f\x487c\x536c\xb40\f\x3163\x3733\x1620\f\xe3cf\x48aa\x22404\x29cc\x3ed2\x19a8\f\x377e\x3f7a\x29b0\b\xa4c3\x1556\xb020\v\xc452\xe7aa\x2b18\f\x3f38\xad6e\x2088F\xeb08\x7f55\x3930\f\x10b9\x80d5\x3a68\f\x32f5<\x1ed0F\xddc9\x4264\x3af0\f\xc9fc\x36d6\x3c30\f\xa90a\xad2a\x6ee8\2\xd895\x42f8\xdc409\xa353\x3987\xa9c89\x6c8c\xa65d\xada09\xab1b\x3d51\xc4289\x414b\x1d64\x2a8:\x79f2\x8cf\xc0209\x86d3\x49a4\xf9989\x81d6\x1daa\xd7309\xca3f\xfed4\x66b09\x109d\x54e8\x6b609\x1e81\x56d6\x9ab81\x8778\x217b\x4260\f\xfead\xa758\xe8a89\x3f14\x28c9\xec389\xe0f4\x28c9\xe5189\x6250\x28ce\xf3909\x27a4\x28d6\xf0209\xf87d\x28d6\x49b0\f\xefb0\x8d7\x4d60\f\xb3b2\x4acc\x53a8\f\x859a\x8d8\x5518\f\x1043\x87c6\x8490<\x82aa\x4758\x5890\f\xff5\x8907\xce089\x39b7=\x730:\x5438\xca65\xfd809\x3b81=\x59e8\f\xb189\x8a\x5c10\f\x889a\x47b0\x6258\f\xda79\x47b0\x6710\2\x9f2f\x8db\x6f20\f\x49c5=\x7158\f\x7534\x1f66\x1aa0:\xebcc\x5203\xf4383\xcd1\x5f3e\xe1903\x55c4\xd6d3\xeaa83\xdef6\x8db\x77d8\f\xc6b9\xe44f\x4920C\x79fe\xd706\x5c08C\x2564\x9ebb\x9560E\x288f\xe45d\x7ae0\f\xa85e\1\x7cc0\f\xbfda=\x7f48\f\x6030\xe025\x8368\f\x329b\xb9f3\x8930\f\x3c24\xb9f3\x93e0\f\x7d74\xbaba\x9538\f\x7cd4\xbf42\xa020\f\xb911\x8ed\xb430\f\xc81c\x4a5b\xbad8\f\x570c\x627e\xbfa8\f\x7c2e\xa5be\xc798\f\xf7d7\x4a5b\x4bf02\xc11e\xa6e3\xee80(\x2387\xcdd7\x6978\37\xdf98\x541c\xcc88\f\xac5b\1\xd290\f\xff97=\xd4c0\f\x14fb>\xd5f0\f\xfe51\xfc65\xda90\f\x3ad2\xfc87\xdf58\f\x1b2b>\xe0a8\f\xb9c\0\xcbf0(\xda38\x8fa\x2638\r\x8854\x459d\x2a08\r\x89db\x459d\x4c08(\x6a7c\x4438\x2d70\r\x93cc\xe067\x2f90\r\x9ef5\xe06a\x3f68\r\x6e92\x522c\x41a0\r\xb5c8\1\x62d0\r\x41fa\xe7a1\x63f8\r\x6622\x525e\x6540\r\x5e35\x5261\x1b30\f\x7d53\x5276\x1c00\f\xf913\xeb77\x1cd0\f\xdfa0\x5281\x1da0\f\xfb5d\x38a5\x1e70\f\xe044\x926\x77a8\r\x7a8b\xd125\x78d0\r\x35bc\xd189\x7b70\r\x3d44\xf0e8\x7e30\r\x7e63\x529e\x8100\r\xab9d\xd192\x83f0\r\x9886\xc96\x30709\xcfcd\x1490\x8958\r\xcf17\x50ef\x8e78\r\x2662\x784a\x91e8\r\xd393\x5531\x96e0\r\x4ccf\x5423\xa0d0\r\xf8fb\x2dea\xe3d0\5\x8edb\x1c5\xa410\r\xcd36\x576e\xa628\r\x533f\xa304\xa868\r\x1027\xa305\xaaa8\r\xd754\x576e\xace8\r\xd7e8\x576e\xaf28\r\xf99e\x5a70\xb3f0\r\x76b7\x1254\xba10\r\x3c0c\x125c\xbd50\r\x398a\x5a71\xd660\r\x2c22\xa7de\xdba0\r\x4c4f\x5a71\xdec8\r\xf92a\x95e\xe230\r\x7db1\x5ac4\xe650\r\x41ce\x95f\xe890\r\x41dc\x95f\xeb90\r\x434c\x95f\xed90\r\x448d\x95f\x7ee0\2\xc33e\x6521\xf410\r\x90f6\x2130\xe1b00\x907c\x2193\xf790\r\x716\x4cf6\x3420\16\xd4b9\x92fb\xb0481\xdc97\x562a\xaca00\x723d\x56d6\xbbd81\xa177\x336e\xebc0\1\x3b8c\xee42\x9c789\x3931\xcc5b\x3ba8\16\x73d9\xd504\x4128\16\x44df\x968\x46c8\16\x2963A\x3e289\x9f6f\x5b4c\xe5300\xdccd\x4ca1\x4f88\16\x7b57\x979\x5440\16\x8468\xa9e5\x59f0\16\x8531\xc560\x4120(\x9265\x97b\x6210\16\x2caf\x5ef9\x6528\16\x254a\xe362\x6bc0\16\xa33dA\x7268\16\x1c0b\xbbb1\x7490\16\xdce0\x5f04\x12f8@\x2aae\xbe7b\x1610@\xe6a9\xbe84\x77e8\16\x65e1\xbf2f\x7968\16\x9dd9\x7830\x8518\16\x20de\xae6e\x8b40\16\x3ddc\x5f73\x6020$\xdc9b\x5f77\x8c70\16\x3bfa\xe74c\x6ce84\x15ff\x9a7c\x8ed0\16\x2604\xe8da\x11a0:\xbab7\xd7a6\x3428E\xdedfA\x4b50C\x54d8\xba62\x6e80C\xbed5\xa7ec\x9658\16\xc51\0\x9a78\16\x4f76\xa673\xa0e8\16\xc80b\1\xa420\16\xd159\xf406\x5060'\xdc4\x988\xaa00\16\x16b4\x60ab\x65409\x9b35\xfe88\xaf98\16\xaf3b\x60fd\x33904\xc0ed\x6103\xb340\16\x8c3e\x98a\xb9f8\16\x3149\xdca\xbc30\16\x3714\xdca\xbe70\16\x6909\x613d\xc0e0\16\x6ad4\x613d\x18a89\xa30e\x175c\x17509\xd8a\x98c\xfcf83\x6239\x16e3\xc310\16\xa987\x7fd2\xcad0\16\x9169\x43e0\xd390\16\xae98\x997\xf298\16\xd52e\x6308\xf330\16\x88fb\x998\x7020\r\xd80\x6327\x7368\r\x87e1\x455c\x470\17\xcc4e\x6372\xbea0F\xc248\x6944\x9f0\17\x7bd\x7127\xe38\17\xb764\x6445\xf80\17\x9f3e\x6495\x1850\17\xcb77\x9a3\x1970\17\x2876C\x1aa0\17\x52f0\x9bb\x1cc8\17\xaabf\x6878\x1ee8\17\x1549\xd842\x2548\17\xd270\1\x5c58\25\xd2ce\1\x6730<\xfda3\x259e\x27d8\17\xa37f\x25a0\x2a10\17\xf69\x68cd\x8f0?\xb786\x25ab\x2c08\17\x14f\x25ad\x19b8<\xe9a8\x26fb\x2e38\17\x58bd\x8ce3\xa8f0$\x4390\x6bd0\x3250\17\x6dde\x6bd0\x3398\17\x447\xaf2f\x34c0\17\xd838\1\xc1d8\b\x1a1b\xd17b\x4d20\17\x2d7a\x9e1\x4f40\17\xa4ad\x6f17\x52b8\17\x18ec\x9ee\x44b84\xaa06\x6f6c\x5378\17\x68b1\x5f16\x90681\xf0f7\xdcd2\x5d40\17\xaf17\x2f84\x65a0\17\x7b92\x2f89\x6f58\17\xdc4c\xdede\x9e00\17\x2860\xdefe\x46409\x5b92\xe221\xad40\17\xba13\x1896\xb390\17\xdca9\1\x18d0(\xc25a\x3f74\xb8f0\17\x2f3c\x2bea\xbc88\17\x34e9\x2bea\x7610=\xf026\x9bc4\xbfa0\17\xe516\x55b5\xc1c8\17\x45e9\x7112\xc708\17\x5e16\xd486\xb090=\xf748\x714b\x1950<\xf790\x714b\x96009\xd006\x5ffa\xcd00\17\x7480\x71da\xd350\17\x5608\xd8c4\x2438G\xea59\xfa6\xae28G\x3d7\x9a5f\x9c90\1\x3709\xd281\x97c0\0\xae00\xd410\xc108&\xf6ae\x1cba\xdc10@\x7353\xa854\xebf0@\xf99f\x6f80\xebf0@\xf99f\x6f80\xebf0@\xf99f\x6f80\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffe0\xffff\xadf89\xae209\xae409\xae689\xaee09\xafb89\xbfb89\xffd8\xffff\x6b76\v<\0\xbfe09\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffc0\xffffG\xe8re les utilisateurs McAfee.\0\xffa8\xffff\x6b6e \x9910\x728d\x3ffc\x1c8\0\0\x5888\t\1\0\1\0\xc2189\x5620\x8000\a\0\xc3409\x218\0\xffff\xffff\20\0\0\0\30\0\x9c\0\xa2\0\b\0\x636d\x7270\x6d6f\x7267\xffe0\xffff\x6b76\4\4\x8000\20\0\4\0\1\0\x7954\x6570\0\0\xfff8\xffff\xc2289\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffd8\xffff\x6b76\tH\0\xc1109\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffb0\xffffC:\PROGRA~1\McAfee\MSC\mcpromgr.exe\0\0\0\xffd8\xffff\x6b76\v4\0\xc1889\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffc8\xffffMcAfee Protection Manager\0\xffa8\xffff\x6b6e \xaf90\x77d9\xc99a\x1c7\0\0\xc0209\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc0989\x68a8\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xfff0\xffff\x686c\1\xc1c09\xe2d0\xe465\xffe0\xffff\x6b76\b\xa8\0\xc2489\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffd8\xffff\x6b76\n\30\0\xc3209\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xffe0\xffffLocalSystem\0\0\0\xffe0\xffff\xc0789\xc0a09\xc0c09\xc0e89\xc1609\xc2f89\xc3609\xffd8\xffff\x6b76\v\x9c\0\xc3889\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xff60\xffffG\xe8re les probl\xe8mes de protection sur l'ordinateur pour les programmes McAfee.\0\xffa8\xffff\x6b6e \x9910\x728d\x3ffc\x1c8\0\0\x5888\t\1\0\1\0\xc6d09\x53f0\x8000\t\0\xc7f89\x218\0\xffff\xffff\20\0\0\0\36\0\x92\0\xa0\0\a\0\x634d\x414e\x7653c\xffe0\xffff\x6b76\4\4\x8000\20\0\4\0\1\0\x7954\x6570\0\0\xfff8\xffff\xc6e09\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffd8\xffff\x6b76\tv\0\xc5189\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xff80\xffff"c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe"\0\0\0\0\xffd8\xffff\x6b76\v*\0\xc5c09\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffd0\xffffMcAfee Network Agent\0\0\xffd8\xffff\x6b76\17\16\0\xc6189\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffe8\xffffRPCSS\0\0\0\0\0\xfff0\xffff\x686c\1\xca409\xf94\x336\xfff0\xffff\x686c\1\xcac89\xc987\x819\xffd8\xffff\x6b76\r\2\x8000\0\0\a\0\1\0\x6544\x6570\x646e\x6e4f\x7247\x756fp\0\xffa8\xffff\x6b6e \x4cb0\x7e8e\xc99a\x1c7\0\0\xc4289\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xc4a09\x68a8\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xfff0\xffff\x686c\1\xc6789\xe2d0\xe465\xffe0\xffff\x6b76\b\xa8\0\xc7009\3\0\1\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0\xffd8\xffff\x6b76\n\30\0\xc7d89\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xffe0\xffffLocalSystem\0\0\0\xffd8\xffff\xc4809\xc4a89\xc4c89\xc4f09\xc5989\xc5f09\xc6509\xc7b09\xc8209\xffd8\xffff\x6b76\v\x92\0\xc8489\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xff68\xffffAllows McAfee applications to communicate securely on the local network.\0\0\xffb0\xffff\x6b768\xb0\0\xc9309\1\0\1\0\x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x465c\x6369\x6968\x7265\x2073\x6f63\x6d6d\x6e75\x5c73\x634d\x6641\x6565\x4d5c\x414e\x4d5c\x4e63\x5341\x6376\x652e\x6578\xff48\xffffC:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent\0\0\0\xffa8\xffff\x6b6e \x678a\x961c\xc99b\x1c7\0\0\x4f88\t\1\0\0\0\xc6309\xffff\xffff\0\0\xffff\xffff\x4c28\t\xffff\xffffd\0\0\0\0\0\0\0\0\0\a\0\x4448\x5541\x4944\x314f\xff78\xffff\x6b6e \x678a\x961c\xc99b\x1c7\0\0\xc9e89\1\0\0\0\xc6409\xffff\xffff\0\0\xffff\xffff\x4c28\t\xffff\xffff"\0\0\0\0\0\0\0\0\0002\0\x5546\x434e\x305f\x2631\x4556\x5f4e\x3338\x3438\x4426\x5645\x375f\x3936\x2630\x5553\x5342\x5359\x315f\x3230\x3038\x4331\x2645\x4552\x5f56\x3031\x3232\x6761\x5065\x7461\xff98\xffff\x6b6e \x12a4\xc3c7\xcd4f\x1c7\0\0\xca409\2\0\0\0\xddb86\xffff\xffff\0\0\xffff\xffff\x4c28\t\xffff\xffff$\0\0\0\0\0\0\0\0\0\21\0\x2634\x3233\x3644\x3931\x3946\x3026\x3026\x30301.EX\xffa0\xffff\x6b6e \xc9e4\x961e\xc99b\x1c7\0\0\xcac89\1\0\0\0\xcc409\xffff\xffff\0\0\xffff\xffff\x4c28\t\xffff\xffff*\0\0\0\0\0\0\0\0\0\v\0\x6944\x6572\x7463\x6f53\x6e75d.i\xfff0\xffff\x686c\1\xb708=\xe918\xb548\xffc8\xffff\x6b76\32\4\x8000\3\0\4\0\1-\x7953\x7473\x6d65\x7053\x6165\x656b\x4372\x6e6f\x6966\x7567\x6172\x6974\x6e6f\0\xcbf09\xff98\xffff\x6b6e \xc9e4\x961e\xc99b\x1c7\0\0\xcb309\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xcc809\x4c28\t\xffff\xffff\0\0\0\0*\0\4\0\0\0\25\0\x7053\x6165\x656b\x2072\x6f43\x666e\x6769\x7275\x7461\x6f69n(\xfff0\xffff\x686c\1\xcbd89\xdccf\x28d8\xffd0\xffff\x6b76\25\4\x8000\4\24\4\0\1\0\x7053\x6165\x656b\x2072\x6f43\x666e\x6769\x7275\x7461\x6f69\xc96e9\xfff8\xffff\xcc509\xffe0\xffff\x6b76\4\26\0\xcca89\1\0\1\1\x3430\x3331\x3678\1\xffe0\xffffl_intl.nls\0\1\x3810\1\b\0\x45b89\xffe0\xffff\x6b76\4\26\0\xccf09\1\0\1\0\x3430\x3231\0\0\xffe0\xffffl_intl.nls\0\0\0\0\xffe0\xffff\x6b76\4\26\0\xcd309\1\0\1\1\x3430\x3531\x3678\1\xffe0\xffffl_intl.nls\0\1\x3810\1\xfff0\xffff\x67b8;\x67e8;\xcc889\xffe0\xffff\x6b76\4\26\0\xcd809\1\0\1\0\x3430\x3431\0\0\xffe0\xffffl_intl.nls\0\0\0\0\xffe0\xffff\x6b76\4\26\0\xcdc09\1\0\1\1\x3430\x3831\x3678\1\xffe0\xffffl_intl.nls\0\1\x3810\1\xffe0\xffff\x6b76\4\26\0\x55d8:\1\0\1\0\x3430\x3931\0\0\b\0\x7420:\xffa8\xffff\x6b6e \x9910\x728d\x3ffc\x1c8\0\0\x5888\t\1\0\1\0\xcf889\x6830\x8000\t\0\xd0489\x218\0\xffff\xffff\20\0\0\0\36\0004\0\xb4\0\4\0\x504d\x5046\0\0\xffe0\xffff\x6b76\4\4\x8000\1\0\4\0\1\0\x7954\x6570\0\0\xfff8\xffff\xd0f09\xffe0\xffff\x6b76\5\4\x8000\1\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:D f,b1,cc,96,7a,8b,57,fd,fa,57,99,98,c8,43,64,95,91,16,8b,be,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e2,41,c2,3a,9b,11,08,04,f6,92,a7,7d,42,84,c7,af,54,..
"khjeh"=hex:64,36,d1,2d,3d,ae,33,6a,f4,9a,fd,0a,ee,03,95,5b,21,92,b7,06,fc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:13,fd,0a,96,2f,fe,05,40,27,3c,42,68,1a,c6,d3,df,d7,a4,ee,d9,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:D f,b1,cc,96,7a,8b,57,fd,fa,57,99,98,c8,43,64,95,91,16,8b,be,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e2,41,c2,3a,9b,11,08,04,f6,92,a7,7d,42,84,c7,af,54,..
"khjeh"=hex:64,36,d1,2d,3d,ae,33,6a,f4,9a,fd,0a,ee,03,95,5b,21,92,b7,06,fc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:13,fd,0a,96,2f,fe,05,40,27,3c,42,68,1a,c6,d3,df,d7,a4,ee,d9,0f,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Messenger\jean_charles_berseron@hotmail.com\SharingMetadata\v4g4b0n@hotmail.fr\DFSR\Staging\CS{5893786A-4AFE-7F56-9C36-4C0B377CF8FB}\01\10-{5893786A-4AFE-7F56-9C36-4C0B377CF8FB}-v1-{2313D7A9-4316-4FBD-AC39-C59B1EE45BEF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Messenger\noobnox@hotmail.fr\SharingMetadata\melou39@hotmail.fr\DFSR\Staging\CS{A6159983-47DB-6262-3837-BEF599AE81AD}\01\22-{A6159983-47DB-6262-3837-BEF599AE81AD}-v1-{98C0F1D7-2CE3-44D5-B0E7-0920599BF05E}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Messenger\noobnox@hotmail.fr\SharingMetadata\ragnarok38@hotmail.fr\DFSR\Staging\CS{1AFC5E0B-D3E9-72A9-38D8-F65AFB3652C9}\01\10-{1AFC5E0B-D3E9-72A9-38D8-F65AFB3652C9}-v1-{98C0F1D7-2CE3-44D5-B0E7-0920599BF05E}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Messenger\noobnox@hotmail.fr\SharingMetadata\ragnarok38@hotmail.fr\DFSR\Staging\CS{1AFC5E0B-D3E9-72A9-38D8-F65AFB3652C9}\11\11-{98C0F1D7-2CE3-44D5-B0E7-0920599BF05E}-v11-{98C0F1D7-2CE3-44D5-B0E7-0920599BF05E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 822 bytes hidden from API
C:\Documents and Settings\JC\Local Settings\Application Data\Microsoft\Messenger\noobnox@hotmail.fr\SharingMetadata\ragnarok38@hotmail.fr\DFSR\Staging\CS{1AFC5E0B-D3E9-72A9-38D8-F65AFB3652C9}\11\11-{98C0F1D7-2CE3-44D5-B0E7-0920599BF05E}-v11-{98C0F1D7-2CE3-44D5-B0E7-0920599BF05E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"="C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"
"C:\\Tornado\\host\\x86-win32\\bin\\wtxregd.exe"="C:\\Tornado\\host\\x86-win32\\bin\\wtxregd.exe:*:Enabled:wtxregd"
"C:\\Tornado\\host\\x86-win32\\bin\\tgtsvr.exe"="C:\\Tornado\\host\\x86-win32\\bin\\tgtsvr.exe:*:Enabled:tgtsvr"
"C:\\Tornado\\host\\x86-win32\\bin\\windsh.exe"="C:\\Tornado\\host\\x86-win32\\bin\\windsh.exe:*:Enabled:windsh"
"C:\\Documents and Settings\\JC\\Bureau\\Call of Duty 4 - Modern Warfare PC GAME MultiLang FR-ENG-ITA-NL-DEU Crack-Crack Serveur & Serial Inclus Verif Steph OK\\Setup\\Data\\iw3mp.exe"="C:\\Documents and Settings\\JC\\Bureau\\Call of Duty 4 - Modern Warfare PC GAME MultiLang FR-ENG-ITA-NL-DEU Crack-Crack Serveur & Serial Inclus Verif Steph OK\\Setup\\Data\\iw3mp.exe:*:Enabled:iw3mp"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:p nkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:p nkBstrB"
"C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\DOCUME~1\\JC\\LOCALS~1\\Temp\\win12D.exe"="C:\\DOCUME~1\\JC\\LOCALS~1\\Temp\\win12D.exe:*:Enabled:win12D"
"C:\\Documents and Settings\\JC\\Application Data\\printer.exe"="C:\\Documents and Settings\\JC\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\JC\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\JC\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\JC\\Application Data\\trant.exe"="C:\\Documents and Settings\\JC\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\JC\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\JC\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\JC\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\JC\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Administrateur\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Administrateur\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\JC\\Application Data\\printer.exe"="C:\\Documents and Settings\\JC\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\JC\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\JC\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\JC\\Application Data\\trant.exe"="C:\\Documents and Settings\\JC\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\JC\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\JC\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\JC\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\JC\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Administrateur\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Administrateur\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\JC\MESDOC~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 16 Dec 2007 25,088 ..SHR --- "C:\Program Files\lsass.exe"
Sun 16 Dec 2007 18,432 ..SHR --- "C:\Program Files\Helper\Helper6.dll"
Tue 24 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 24 Jul 2007 8 A..H. --- "C:\Documents and Settings\JC\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Tue 24 Jul 2007 8 A..H. --- "C:\Documents and Settings\JC\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 24 Jul 2007 8 A..H. --- "C:\Documents and Settings\JC\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"

Finished!


ensuite pour le deuxieme logiciel

rapport1:

SmitFraudFix v2.269

Rapport fait à 17:24:44,51, 16/12/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

10.18.250.4 download.microsoft.com
10.18.250.4 downloads.microsoft.com
10.18.250.4 go.microsoft.com
10.18.250.4 microsoft.com
10.18.250.4 msdn.microsoft.com
10.18.250.4 office.microsoft.com
10.18.250.4 support.microsoft.com
10.18.250.4 windowsupdate.microsoft.com
10.18.250.4 www.microsoft.com
10.18.250.4 pandasoftware.com
10.18.250.4 www.pandasoftware.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\shell.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\printer.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JC


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JC\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\JC\MENUDM~1\PROGRA~1\DMARRA~1\findfast.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JC\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\wowfx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{72FA3999-3DBA-4116-97CC-0BEC805D3A10}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{72FA3999-3DBA-4116-97CC-0BEC805D3A10}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{72FA3999-3DBA-4116-97CC-0BEC805D3A10}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

rapport2:

SmitFraudFix v2.269

Rapport fait à 17:30:12,53, 16/12/2007
Executé à partir de C:\Documents and Settings\JC\Mes documents\telechargements\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
10.18.250.4 banners.fastclick.net
10.18.250.4 ca.com
10.18.250.4 click.atdmt.com
10.18.250.4 clicks.atdmt.com
10.18.250.4 customer.symantec.com
10.18.250.4 dispatch.mcafee.com
10.18.250.4 download.mcafee.com
10.18.250.4 downloads-us1.kaspersky-labs.com
10.18.250.4 downloads-us2.kaspersky-labs.com
10.18.250.4 downloads-us3.kaspersky-labs.com
10.18.250.4 downloads1.kaspersky-labs.com
10.18.250.4 downloads2.kaspersky-labs.com
10.18.250.4 downloads3.kaspersky-labs.com
10.18.250.4 downloads4.kaspersky-labs.com
10.18.250.4 engine.awaps.net
10.18.250.4 f-secure.com
10.18.250.4 fastclick.net
10.18.250.4 ftp.avp.ch
10.18.250.4 ftp.downloads1.kaspersky-labs.com
10.18.250.4 ftp.downloads2.kaspersky-labs.com
10.18.250.4 ftp.downloads3.kaspersky-labs.com
10.18.250.4 ftp.f-secure.com
10.18.250.4 ftp.kasperskylab.ru
10.18.250.4 ftp.sophos.com
10.18.250.4 ids.kaspersky-labs.com
10.18.250.4 kaspersky-labs.com
10.18.250.4 kaspersky.com
10.18.250.4 liveupdate.symantec.com
10.18.250.4 liveupdate.symantecliveupdate.com
10.18.250.4 mast.mcafee.com
10.18.250.4 mcafee.com
10.18.250.4 media.fastclick.net
10.18.250.4 my-etrust.com
10.18.250.4 nai.com
10.18.250.4 networkassociates.com
10.18.250.4 norton.com
10.18.250.4 phx.corporate-ir.net
10.18.250.4 rads.mcafee.com
10.18.250.4 secure.nai.com
10.18.250.4 securityresponse.symantec.com
10.18.250.4 service1.symantec.com
10.18.250.4 sophos.com
10.18.250.4 spd.atdmt.com
10.18.250.4 symantec.com
10.18.250.4 trendmicro.com
10.18.250.4 update.symantec.com
10.18.250.4 updates.symantec.com
10.18.250.4 updates1.kaspersky-labs.com
10.18.250.4 updates2.kaspersky-labs.com
10.18.250.4 updates3.kaspersky-labs.com
10.18.250.4 updates4.kaspersky-labs.com
10.18.250.4 updates5.kaspersky-labs.com
10.18.250.4 us.mcafee.com
10.18.250.4 vil.nai.com
10.18.250.4 viruslist.com
10.18.250.4 viruslist.ru
10.18.250.4 virusscan.jotti.org
10.18.250.4 virustotal.com
10.18.250.4 www.avp.ch
10.18.250.4 www.avp.com
10.18.250.4 www.avp.ru
10.18.250.4 www.awaps.net
10.18.250.4 www.ca.com
10.18.250.4 www.f-secure.com
10.18.250.4 www.fastclick.net
10.18.250.4 www.grisoft.com
10.18.250.4 www.kaspersky-labs.com
10.18.250.4 www.kaspersky.com
10.18.250.4 www.kaspersky.ru
10.18.250.4 www.mcafee.com
10.18.250.4 www.my-etrust.com
10.18.250.4 www.nai.com
10.18.250.4 www.networkassociates.com
10.18.250.4 www.sophos.com
10.18.250.4 www.symantec.com
10.18.250.4 www.trendmicro.com
10.18.250.4 www.viruslist.com
10.18.250.4 www.viruslist.ru
10.18.250.4 www.virustotal.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\shell.exe supprimé
C:\WINDOWS\system32\printer.exe supprimé
C:\WINDOWS\system32\spoolvs.exe supprimé
C:\DOCUME~1\JC\MENUDM~1\PROGRA~1\DMARRA~1\findfast.exe supprimé
C:\Program Files\Helper\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{72FA3999-3DBA-4116-97CC-0BEC805D3A10}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{72FA3999-3DBA-4116-97CC-0BEC805D3A10}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{72FA3999-3DBA-4116-97CC-0BEC805D3A10}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

puis enfin dernier logiciel:

ComboFix 07-12-16.3 - JC 2007-12-16 17:52:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1413 [GMT 1:00]
Running from: C:\Documents and Settings\JC\Mes documents\telechargements\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\All Users\Application Data.\hudyhqlw.dll
C:\Documents and Settings\All Users\Application Data.\zwtqputy.dll
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Documents and Settings\JC\Application Data\printer.exe
C:\Documents and Settings\JC\Application Data\trant.exe
C:\Documents and Settings\JC\Application Data\ultra
C:\Documents and Settings\JC\Application Data\ultra\uninstall.bat
C:\Documents and Settings\JC\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\Program Files\Razdejfb
C:\Program Files\Razdejfb\fwdebjxw.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\SecCenter\scprot4.exe~
C:\Program Files\slsjylwz
C:\Program Files\slsjylwz\cbklobcf.dll
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Defender
C:\Program Files\Vypnsacl
C:\Program Files\Vypnsacl\fsouiuzl.dll
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\mgrs.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\juvprpba
C:\WINDOWS\system32\juvprpba\bg1.gif
C:\WINDOWS\system32\juvprpba\bgtop.gif
C:\WINDOWS\system32\juvprpba\bottom1.gif
C:\WINDOWS\system32\juvprpba\essentials.gif
C:\WINDOWS\system32\juvprpba\icon1.ico
C:\WINDOWS\system32\juvprpba\install1.gif
C:\WINDOWS\system32\juvprpba\juvprpba1.exe
C:\WINDOWS\system32\juvprpba\juvprpba2.exe
C:\WINDOWS\system32\juvprpba\juvprpba3.exe
C:\WINDOWS\system32\juvprpba\left1.gif
C:\WINDOWS\system32\juvprpba\li.gif
C:\WINDOWS\system32\juvprpba\logo.gif
C:\WINDOWS\system32\juvprpba\main.htm
C:\WINDOWS\system32\juvprpba\mainframe.htm
C:\WINDOWS\system32\juvprpba\reinstall1.gif
C:\WINDOWS\system32\juvprpba\right1.gif
C:\WINDOWS\system32\juvprpba\s1.htm
C:\WINDOWS\system32\juvprpba\s2.htm
C:\WINDOWS\system32\juvprpba\s3.htm
C:\WINDOWS\system32\juvprpba\SMTop1.gif
C:\WINDOWS\system32\juvprpba\SMTop2.gif
C:\WINDOWS\system32\juvprpba\SMTop3.gif
C:\WINDOWS\system32\juvprpba\SMTop4.gif
C:\WINDOWS\system32\juvprpba\soft1_off.gif
C:\WINDOWS\system32\juvprpba\soft1_off_ext.gif
C:\WINDOWS\system32\juvprpba\soft1_on.gif
C:\WINDOWS\system32\juvprpba\soft1_on_ext.gif
C:\WINDOWS\system32\juvprpba\soft2_off.gif
C:\WINDOWS\system32\juvprpba\soft2_off_ext.gif
C:\WINDOWS\system32\juvprpba\soft2_on.gif
C:\WINDOWS\system32\juvprpba\soft2_on_ext.gif
C:\WINDOWS\system32\juvprpba\soft3_off.gif
C:\WINDOWS\system32\juvprpba\soft3_off_ext.gif
C:\WINDOWS\system32\juvprpba\soft3_on.gif
C:\WINDOWS\system32\juvprpba\soft3_on_ext.gif
C:\WINDOWS\system32\juvprpba\softbottom_off.gif
C:\WINDOWS\system32\juvprpba\softbottom_on.gif
C:\WINDOWS\system32\juvprpba\softleft_off.gif
C:\WINDOWS\system32\juvprpba\softleft_on.gif
C:\WINDOWS\system32\juvprpba\top1.gif
C:\WINDOWS\system32\juvprpba\top2.gif
C:\WINDOWS\system32\juvprpba\turnoff1.gif
C:\WINDOWS\system32\juvprpba\turnon1.gif
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\urqnnlm.dll
C:\WINDOWS\system32\winzoa32.dll
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\yayyaaw.dll
C:\windows\xpupdate.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))
.

2007-12-16 17:49 . 2007-12-16 17:49 <REP> d-------- C:\Program Files\MalwareAlarm
2007-12-16 17:25 . 2007-12-16 17:30 4,846 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 16:47 . 2007-12-16 16:47 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-16 16:01 . 2007-12-16 16:01 <REP> d-------- C:\VundoFix Backups
2007-12-16 15:04 . 2007-12-16 15:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-16 15:02 . 2007-12-16 16:57 <REP> d-------- C:\Program Files\xinhkkaw
2007-12-16 14:46 . 2007-12-16 14:46 <REP> d-------- C:\Program Files\Lavasoft
2007-12-16 14:46 . 2007-12-16 14:46 <REP> d-------- C:\Documents and Settings\JC\Application Data\Lavasoft
2007-12-16 14:26 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-16 12:26 . 2007-12-16 12:26 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-16 12:26 . 2007-12-16 12:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-16 12:14 . 2007-12-16 12:14 25,088 -r-hs---- C:\Program Files\lsass.exe
2007-12-16 01:46 . 2007-12-16 01:46 57,856 --a------ C:\fjls.exe
2007-12-16 01:46 . 2007-12-16 01:46 7,168 --a------ C:\uxml.exe
2007-12-16 01:44 . 2007-12-16 01:44 12,288 --a------ C:\WINDOWS\mgrs.exe~
2007-12-16 01:39 . 2007-12-16 17:49 1,283,960 --a------ C:\Install
2007-12-16 01:38 . 2007-12-16 01:38 40,448 --a------ C:\WINDOWS\system32\nnnnonn.dll
2007-12-16 01:30 . 2007-12-16 12:09 <REP> d--hs---- C:\WINDOWS\system32\28463
2007-12-14 19:47 . 2007-12-14 21:09 22,328 --a------ C:\Documents and Settings\JC\Application Data\PnkBstrK.sys
2007-12-14 19:46 . 2007-12-14 19:46 319 --a------ C:\WINDOWS\game.ini
2007-12-14 19:36 . 2007-12-14 19:36 <REP> d-------- C:\Program Files\Activision
2007-12-14 19:23 . 2007-12-14 19:23 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-04 10:27 . 2007-12-04 10:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-04 10:26 . 2007-12-04 10:26 <REP> d-------- C:\Program Files\Fichiers communs\supportsoft
2007-12-04 10:26 . 2007-12-04 10:27 <REP> d-------- C:\Program Files\Dell Support Center
2007-12-01 15:12 . 2007-12-01 15:12 <REP> d-------- C:\Documents and Settings\JC\dwhelper
2007-11-28 19:52 . 2007-11-28 19:52 68 --a------ C:\WINDOWS\Tornado.INI
2007-11-28 19:39 . 2007-11-28 19:59 <REP> d-------- C:\Tornado
2007-11-27 18:44 . 2007-11-27 18:44 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-27 18:44 . 2007-11-27 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-26 15:02 . 2007-11-26 15:02 <REP> d-------- C:\Program Files\WinSCP
2007-11-25 18:31 . 2007-12-12 17:29 <REP> d-------- C:\Program Files\mIRC
2007-11-25 18:10 . 2007-11-25 18:29 <REP> d-------- C:\Documents and Settings\JC\Application Data\mIRC
2007-11-25 17:21 . 2007-11-25 17:21 <REP> d-------- C:\Program Files\mnProjects
2007-11-25 12:11 . 2007-11-25 12:11 <REP> d-------- C:\Program Files\Bersirc 2.2
2007-11-25 12:11 . 2007-11-25 12:11 <REP> d-------- C:\Documents and Settings\JC\Application Data\Bersirc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 15:31 --------- d-----w C:\Documents and Settings\JC\Application Data\Xfire
2007-12-16 13:20 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-16 13:05 1,526 ----a-w C:\Documents and Settings\JC\Application Data\wklnhst.dat
2007-12-16 11:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-16 00:46 --------- d-----w C:\Program Files\NetWaiting
2007-12-16 00:39 --------- d-----w C:\Documents and Settings\JC\Applicati
Contenus similaires
16 Décembre 2007 18:34:28

Repasse Combofix une fois et poste son rapport ;) 
16 Décembre 2007 18:46:57

voici le rapport de comboFIX:

ComboFix 07-12-16.3 - JC 2007-12-16 18:39:02.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1430 [GMT 1:00]
Running from: C:\Documents and Settings\JC\Mes documents\telechargements\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))
.

2007-12-16 17:49 . 2007-12-16 17:49 <REP> d-------- C:\Program Files\MalwareAlarm
2007-12-16 17:25 . 2007-12-16 17:30 4,846 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 16:47 . 2007-12-16 16:47 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-16 16:01 . 2007-12-16 16:01 <REP> d-------- C:\VundoFix Backups
2007-12-16 15:04 . 2007-12-16 15:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-16 15:02 . 2007-12-16 16:57 <REP> d-------- C:\Program Files\xinhkkaw
2007-12-16 14:46 . 2007-12-16 14:46 <REP> d-------- C:\Program Files\Lavasoft
2007-12-16 14:46 . 2007-12-16 14:46 <REP> d-------- C:\Documents and Settings\JC\Application Data\Lavasoft
2007-12-16 14:26 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-16 12:26 . 2007-12-16 12:26 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-16 12:26 . 2007-12-16 12:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-16 12:14 . 2007-12-16 12:14 25,088 -r-hs---- C:\Program Files\lsass.exe
2007-12-16 01:46 . 2007-12-16 01:46 57,856 --a------ C:\fjls.exe
2007-12-16 01:46 . 2007-12-16 01:46 7,168 --a------ C:\uxml.exe
2007-12-16 01:44 . 2007-12-16 01:44 12,288 --a------ C:\WINDOWS\mgrs.exe~
2007-12-16 01:39 . 2007-12-16 17:49 1,283,960 --a------ C:\Install
2007-12-16 01:38 . 2007-12-16 01:38 40,448 --a------ C:\WINDOWS\system32\nnnnonn.dll
2007-12-16 01:30 . 2007-12-16 12:09 <REP> d--hs---- C:\WINDOWS\system32\28463
2007-12-14 19:47 . 2007-12-14 21:09 22,328 --a------ C:\Documents and Settings\JC\Application Data\PnkBstrK.sys
2007-12-14 19:46 . 2007-12-14 19:46 319 --a------ C:\WINDOWS\game.ini
2007-12-14 19:36 . 2007-12-14 19:36 <REP> d-------- C:\Program Files\Activision
2007-12-14 19:23 . 2007-12-14 19:23 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-04 10:27 . 2007-12-04 10:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-04 10:26 . 2007-12-04 10:26 <REP> d-------- C:\Program Files\Fichiers communs\supportsoft
2007-12-04 10:26 . 2007-12-04 10:27 <REP> d-------- C:\Program Files\Dell Support Center
2007-12-01 15:12 . 2007-12-01 15:12 <REP> d-------- C:\Documents and Settings\JC\dwhelper
2007-11-28 19:52 . 2007-11-28 19:52 68 --a------ C:\WINDOWS\Tornado.INI
2007-11-28 19:39 . 2007-11-28 19:59 <REP> d-------- C:\Tornado
2007-11-27 18:44 . 2007-11-27 18:44 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-27 18:44 . 2007-11-27 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-26 15:02 . 2007-11-26 15:02 <REP> d-------- C:\Program Files\WinSCP
2007-11-25 18:31 . 2007-12-12 17:29 <REP> d-------- C:\Program Files\mIRC
2007-11-25 18:10 . 2007-11-25 18:29 <REP> d-------- C:\Documents and Settings\JC\Application Data\mIRC
2007-11-25 17:21 . 2007-11-25 17:21 <REP> d-------- C:\Program Files\mnProjects
2007-11-25 12:11 . 2007-11-25 12:11 <REP> d-------- C:\Program Files\Bersirc 2.2
2007-11-25 12:11 . 2007-11-25 12:11 <REP> d-------- C:\Documents and Settings\JC\Application Data\Bersirc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 17:39 --------- d-----w C:\Documents and Settings\JC\Application Data\Xfire
2007-12-16 13:20 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-16 13:05 1,526 ----a-w C:\Documents and Settings\JC\Application Data\wklnhst.dat
2007-12-16 11:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-16 00:46 --------- d-----w C:\Program Files\NetWaiting
2007-12-16 00:39 --------- d-----w C:\Documents and Settings\JC\Application Data\Azureus
2007-12-15 18:04 --------- d-----w C:\Documents and Settings\JC\Application Data\teamspeak2
2007-12-14 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 18:24 --------- d-----w C:\Program Files\Xfire
2007-12-04 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-11-27 17:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-21 15:50 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-14 14:23 --------- d-----w C:\Program Files\SourceTec
2007-11-14 14:23 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 12:16 --------- d-----w C:\Documents and Settings\JC\Application Data\RadiantSettings
2007-11-09 13:27 --------- d-----w C:\Documents and Settings\JC\Application Data\InstallShield Installation Information
2007-11-09 13:25 --------- d-----w C:\Program Files\Unreal Tournament 3 Demo
2007-11-09 13:23 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-09 09:36 --------- d-----w C:\Program Files\iTunes
2007-11-09 09:36 --------- d-----w C:\Program Files\iPod
2007-11-09 09:34 --------- d-----w C:\Program Files\QuickTime
2007-11-04 22:11 --------- d-----w C:\Program Files\GtkRadiant 1.5.0
2007-11-03 10:32 --------- d-----w C:\Documents and Settings\JC\Application Data\dvdcss
2007-11-02 22:46 --------- d-----w C:\Program Files\etMod
2007-11-01 17:54 --------- d-----w C:\Program Files\Macromedia
2007-11-01 17:54 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-11-01 17:54 --------- d-----w C:\Program Files\EA GAMES
2007-10-31 14:50 --------- d-----w C:\Program Files\VideoMarker
2007-10-31 14:49 76,035 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-31 14:49 254,211 ------w C:\WINDOWS\Setup1.exe
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:05 --------- d-----w C:\Program Files\Azureus
2007-10-30 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-30 10:33 --------- d-----w C:\Program Files\Dell
2007-10-30 09:42 --------- d-----w C:\Program Files\Xara
2007-10-30 09:28 --------- d-----w C:\Program Files\PowerArchiver
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 13:38 --------- d-----w C:\Program Files\Speed Gear 5
2007-10-26 18:45 --------- d-----w C:\Program Files\World of Warcraft
2007-10-26 16:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Xfire
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-21 10:12 --------- d-----w C:\Program Files\TI Education
2007-10-21 10:12 --------- d-----w C:\Program Files\Fichiers communs\TI Shared
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-16_18.08.58.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-16 15:15:48 62,428 ----a-w C:\WINDOWS\system32\nvModes.dat
+ 2007-12-16 17:15:03 62,428 ----a-w C:\WINDOWS\system32\nvModes.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}]
2007-12-16 01:38 40448 --a------ C:\WINDOWS\system32\nnnnonn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 13:24]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-03-21 19:03 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 19:03 C:\WINDOWS\system32\nvhotkey.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-09-08 15:43]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37]
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 09:25]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 18:16]
"Logitech Utility"="LOGI_MWX.EXE" [2003-03-04 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 11:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24]
"BMUY Agent"="C:\WINDOWS\system32\28463\BMUY.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-07-19 01:13:49]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-06 10:41:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{DB0B918E-A0A8-482B-8D75-A682816B0C7B}"= C:\WINDOWS\system32\nnnnonn.dll [2007-12-16 01:38 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnonn]
nnnnonn.dll 2007-12-16 01:38 40448 C:\WINDOWS\system32\nnnnonn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 guardian2;guardian2;C:\WINDOWS\system32\Drivers\oz776.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
S3 zwmxrevolutionfilter;zwmxrevolutionfilter;C:\WINDOWS\system32\drivers\zwmxrevolutionfilter.sys
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3347e96-aa28-11dc-b39f-00188bdbb43f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3610E152-651A-94A1-A0A0-96E869F61433}]
C:\WINDOWS\system32:COD4.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-09 09:22:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 00:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-07-31 23:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 18:45:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nnnnonn.dll
.
Completion time: 2007-12-16 18:47:05
C:\ComboFix2.txt ... 2007-12-16 18:11
.
2007-12-12 22:42:42 --- E O F ---
16 Décembre 2007 19:14:35

Re,
File::
C:\WINDOWS\system32\nnnnonn.dll
C:\fjls.exe
C:\uxml.exe
C:\WINDOWS\mgrs.exe~
C:\Program Files\lsass.exe

Folder::
C:\Program Files\Windows Live Safety Center
C:\WINDOWS\system32\28463
C:\Program Files\MalwareAlarm
C:\Program Files\xinhkkaw

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMUY Agent"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3610E152-651A-94A1-A0A0-96E869F61433}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}]



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
16 Décembre 2007 19:50:32

Voici le rapport de combofix:

ComboFix 07-12-16.3 - JC 2007-12-16 19:34:10.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1355 [GMT 1:00]
Running from: C:\Documents and Settings\JC\Mes documents\telechargements\ComboFix.exe
Command switches used :: C:\Documents and Settings\JC\Mes documents\telechargements\CFScript.txt
* Created a new restore point

FILE
C:\fjls.exe
C:\Program Files\lsass.exe
C:\uxml.exe
C:\WINDOWS\mgrs.exe~
C:\WINDOWS\system32\nnnnonn.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fjls.exe
C:\Program Files\lsass.exe
C:\Program Files\MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\MalwareAlarm0.dll
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma
C:\Program Files\MalwareAlarm\routines.dll
C:\Program Files\MalwareAlarm\Uninstall.exe
C:\Program Files\Windows Live Safety Center
C:\Program Files\Windows Live Safety Center\mpdaily.vdm
C:\Program Files\Windows Live Safety Center\mpdef.vdm
C:\Program Files\Windows Live Safety Center\mpengine.dll
C:\Program Files\Windows Live Safety Center\mputils.dll
C:\Program Files\Windows Live Safety Center\scnAVAS.dll
C:\Program Files\Windows Live Safety Center\scnAVAS.inf
C:\Program Files\Windows Live Safety Center\scnAVdaily.inf
C:\Program Files\Windows Live Safety Center\scnAVdef.inf
C:\Program Files\Windows Live Safety Center\scnAVengine.inf
C:\Program Files\Windows Live Safety Center\wlscCore.dll
C:\Program Files\Windows Live Safety Center\wlscCore.inf
C:\Program Files\Windows Live Safety Center\wlscLoc.inf
C:\Program Files\Windows Live Safety Center\wlscLoc.xml
C:\Program Files\Windows Live Safety Center\wlscUploader.exe
C:\Program Files\xinhkkaw
C:\uxml.exe
C:\WINDOWS\mgrs.exe~
C:\WINDOWS\system32\28463
C:\WINDOWS\system32\28463\BMUY.001
C:\WINDOWS\system32\28463\BMUY.006
C:\WINDOWS\system32\28463\BMUY.007
C:\WINDOWS\system32\nnnnonn.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))
.

2007-12-16 17:25 . 2007-12-16 17:30 4,846 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 16:47 . 2007-12-16 16:47 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-16 16:01 . 2007-12-16 16:01 <REP> d-------- C:\VundoFix Backups
2007-12-16 15:04 . 2007-12-16 15:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-16 14:46 . 2007-12-16 14:46 <REP> d-------- C:\Program Files\Lavasoft
2007-12-16 14:46 . 2007-12-16 14:46 <REP> d-------- C:\Documents and Settings\JC\Application Data\Lavasoft
2007-12-16 14:26 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-16 12:26 . 2007-12-16 18:52 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-16 12:26 . 2007-12-16 12:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-16 01:39 . 2007-12-16 17:49 1,283,960 --a------ C:\Install
2007-12-14 19:47 . 2007-12-14 21:09 22,328 --a------ C:\Documents and Settings\JC\Application Data\PnkBstrK.sys
2007-12-14 19:46 . 2007-12-14 19:46 319 --a------ C:\WINDOWS\game.ini
2007-12-14 19:36 . 2007-12-14 19:36 <REP> d-------- C:\Program Files\Activision
2007-12-14 19:23 . 2007-12-14 19:23 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-04 10:27 . 2007-12-04 10:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-04 10:26 . 2007-12-04 10:26 <REP> d-------- C:\Program Files\Fichiers communs\supportsoft
2007-12-04 10:26 . 2007-12-04 10:27 <REP> d-------- C:\Program Files\Dell Support Center
2007-12-01 15:12 . 2007-12-01 15:12 <REP> d-------- C:\Documents and Settings\JC\dwhelper
2007-11-28 19:52 . 2007-11-28 19:52 68 --a------ C:\WINDOWS\Tornado.INI
2007-11-28 19:39 . 2007-11-28 19:59 <REP> d-------- C:\Tornado
2007-11-27 18:44 . 2007-11-27 18:44 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-27 18:44 . 2007-11-27 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-26 15:02 . 2007-11-26 15:02 <REP> d-------- C:\Program Files\WinSCP
2007-11-25 18:31 . 2007-12-16 19:31 <REP> d-------- C:\Program Files\mIRC
2007-11-25 18:10 . 2007-11-25 18:29 <REP> d-------- C:\Documents and Settings\JC\Application Data\mIRC
2007-11-25 17:21 . 2007-11-25 17:21 <REP> d-------- C:\Program Files\mnProjects
2007-11-25 12:11 . 2007-11-25 12:11 <REP> d-------- C:\Program Files\Bersirc 2.2
2007-11-25 12:11 . 2007-11-25 12:11 <REP> d-------- C:\Documents and Settings\JC\Application Data\Bersirc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 18:31 --------- d-----w C:\Documents and Settings\JC\Application Data\Xfire
2007-12-16 17:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-16 13:20 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-16 13:05 1,526 ----a-w C:\Documents and Settings\JC\Application Data\wklnhst.dat
2007-12-16 00:46 --------- d-----w C:\Program Files\NetWaiting
2007-12-16 00:39 --------- d-----w C:\Documents and Settings\JC\Application Data\Azureus
2007-12-15 18:04 --------- d-----w C:\Documents and Settings\JC\Application Data\teamspeak2
2007-12-14 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 18:24 --------- d-----w C:\Program Files\Xfire
2007-12-04 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-11-27 17:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-14 14:23 --------- d-----w C:\Program Files\SourceTec
2007-11-14 14:23 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 12:16 --------- d-----w C:\Documents and Settings\JC\Application Data\RadiantSettings
2007-11-09 13:27 --------- d-----w C:\Documents and Settings\JC\Application Data\InstallShield Installation Information
2007-11-09 13:25 --------- d-----w C:\Program Files\Unreal Tournament 3 Demo
2007-11-09 13:23 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-09 09:36 --------- d-----w C:\Program Files\iTunes
2007-11-09 09:36 --------- d-----w C:\Program Files\iPod
2007-11-09 09:34 --------- d-----w C:\Program Files\QuickTime
2007-11-04 22:11 --------- d-----w C:\Program Files\GtkRadiant 1.5.0
2007-11-03 10:32 --------- d-----w C:\Documents and Settings\JC\Application Data\dvdcss
2007-11-02 22:46 --------- d-----w C:\Program Files\etMod
2007-11-01 17:54 --------- d-----w C:\Program Files\Macromedia
2007-11-01 17:54 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-11-01 17:54 --------- d-----w C:\Program Files\EA GAMES
2007-10-31 14:50 --------- d-----w C:\Program Files\VideoMarker
2007-10-31 14:49 76,035 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-31 14:49 254,211 ------w C:\WINDOWS\Setup1.exe
2007-10-30 17:05 --------- d-----w C:\Program Files\Azureus
2007-10-30 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-30 10:33 --------- d-----w C:\Program Files\Dell
2007-10-30 09:42 --------- d-----w C:\Program Files\Xara
2007-10-30 09:28 --------- d-----w C:\Program Files\PowerArchiver
2007-10-28 13:38 --------- d-----w C:\Program Files\Speed Gear 5
2007-10-26 18:45 --------- d-----w C:\Program Files\World of Warcraft
2007-10-26 16:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Xfire
2007-10-21 10:12 --------- d-----w C:\Program Files\TI Education
2007-10-21 10:12 --------- d-----w C:\Program Files\Fichiers communs\TI Shared
.

((((((((((((((((((((((((((((( snapshot@2007-12-16_18.08.58.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-16 15:15:48 62,428 ----a-w C:\WINDOWS\system32\nvModes.dat
+ 2007-12-16 17:57:58 62,428 ----a-w C:\WINDOWS\system32\nvModes.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}]
C:\WINDOWS\system32\nnnnonn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 13:24]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-03-21 19:03 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 19:03 C:\WINDOWS\system32\nvhotkey.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-09-08 15:43]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37]
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 09:25]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 18:16]
"Logitech Utility"="LOGI_MWX.EXE" [2003-03-04 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 11:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24]
"BMUY Agent"="C:\WINDOWS\system32\28463\BMUY.exe" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-05 12:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{DB0B918E-A0A8-482B-8D75-A682816B0C7B}"= C:\WINDOWS\system32\nnnnonn.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnonn]
nnnnonn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 guardian2;guardian2;C:\WINDOWS\system32\Drivers\oz776.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
S3 zwmxrevolutionfilter;zwmxrevolutionfilter;C:\WINDOWS\system32\drivers\zwmxrevolutionfilter.sys
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3347e96-aa28-11dc-b39f-00188bdbb43f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3610E152-651A-94A1-A0A0-96E869F61433}]
C:\WINDOWS\system32:COD4.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-09 09:22:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 00:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-07-31 23:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 19:40:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-16 19:44:31 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-16 18:47
C:\ComboFix3.txt ... 2007-12-16 18:11
.
2007-12-12 22:42:42 --- E O F ---


et voici celui de hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:41, on 16/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JC\LOCALS~1\Temp\Rar$EX02.172\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ig/dell?hl=fr&client=dell-row&chan...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: install.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: nnnnonn - nnnnonn.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12271 bytes
16 Décembre 2007 20:52:44

Re,

Tu peux désinstaller MCAffe ou tu paies un abonnement ?

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L%u2019extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS