[Résolu]Sos problèmes de redirection internet - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : [Résolu]Sos problèmes de redirection internet
 
Profil : IDNaute
Plus d'informations

Bonsoir Angel dark et les autres, depuis quelques jours j'ai un probleme de redirection des recherches internet vers des sites de pubs style "partners.mama" ...
J'ai lu les autres sujets et vu que vous avez "sauvé" quelques pc ...
Pouvez vous m'aider ?
 
Merci d'avance


Message édité par LouHu le 05-01-2008 à 16:29:40

---------------
LouHu
Liens

Profil : Helper
Plus d'informations

Bonjour :)
 
Télécharge HiJackThis [:eric_71:1] <- ici
 
lance le programme , clique sur do a system scan and save a logfile
copie / colle le rapport généré  
 
>>   Tuto HiJackThis v2.0.2   <<


---------------
- Comment Fixer avec HiJackThis -
- Mode Sans Echec -
Profil : IDNaute
Plus d'informations

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:22, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\USB_Kbd\Versato.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffe [...] ftPane.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Versato] C:\WINDOWS\system32\USB_Kbd\Versato.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gfhaaacbuu] c:\documents and settings\louisane et luc\local settings\application data\gfhaaacbuu.exe gfhaaacbuu
O4 - HKCU\..\Run: [pycfuzcmip] c:\documents and settings\louisane et luc\local settings\application data\pycfuzcmip.exe pycfuzcmip
O4 - HKCU\..\Run: [pbgvgrdszp] c:\documents and settings\louisane et luc\local settings\application data\pbgvgrdszp.exe pbgvgrdszp
O4 - HKCU\..\Run: [zmfdim] c:\documents and settings\louisane et luc\local settings\application data\zmfdim.exe zmfdim
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0714887953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8F3844-A396-48E2-9401-040F21F414E6}: NameServer = 85.255.116.100,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F40A5F4-0E0B-4194-B804-12758E1F512B}: NameServer = 85.255.116.100,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{97FAC181-228D-4435-A200-02C7A0BEB74F}: NameServer = 85.255.116.100,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{D03490A1-5A4B-4F25-B932-C740EA0AF284}: NameServer = 85.255.116.100,85.255.112.115
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.115
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B8F3844-A396-48E2-9401-040F21F414E6}: NameServer = 85.255.116.100,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.115
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
 
--
End of file - 8567 bytes


---------------
LouHu
Profil : IDNaute
Plus d'informations

oups j ai choisi la bonne version ?


---------------
LouHu
Profil : Helper
Plus d'informations

Re ,
 
Oui , c'est la bonne version :)
 
C'est du Wareout ... entre autres ...
 
Imprime cette page car ton PC va Redemarrer pendant la procédure !
 
Télécharge FixWareout  < ici sur ton Bureau
 
lance le , clique sur [Next] , puis [Install]
assure toi que Run fixit est activé et enfin clique sur [Finish]
suis les messages , Il va te demander de redémarrer ton PC
Redemarre ( le demarrage sera plus long que d'habitude )
suis à nouveau les messages
 
poste le rapport ( C:\fixwareout\report.txt )
et un nouveau rapport HiJackThis

Profil : IDNaute
Plus d'informations

Voici le rapport fix Wareout  
 
Username "EDITE" - 03/01/2008 22:44:23 [Fixwareout edited 9/01/2007]
 
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdfsn.exe"
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.100 85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2B8F3844-A396-48E2-9401-040F21F414E6}  
"nameserver"="85.255.116.100,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2F40A5F4-0E0B-4194-B804-12758E1F512B}  
"nameserver"="85.255.116.100,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{97FAC181-228D-4435-A200-02C7A0BEB74F}  
"nameserver"="85.255.116.100,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D03490A1-5A4B-4F25-B932-C740EA0AF284}  
"nameserver"="85.255.116.100,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2B8F3844-A396-48E2-9401-040F21F414E6}
"DhcpNameServer"="85.255.116.100,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2BC69468-09B0-4C44-90C5-8ECF4E9ED3B8}
"DhcpNameServer"="85.255.116.100,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2F40A5F4-0E0B-4194-B804-12758E1F512B}
"DhcpNameServer"="85.255.116.100,85.255.112.115" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D03490A1-5A4B-4F25-B932-C740EA0AF284}
"DhcpNameServer"="85.255.116.100,85.255.112.115" <Value cleared.
 
Cache de résolution DNS vidé.
 
 
System was rebooted successfully.  
 
~~~~~ Postrun check  
HKLM\SOFTWARE\~\Winlogon\ "system"=""  
....
....
~~~~~ Misc files.  
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdfsn.ren 72797 13/06/2007  
 
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"Versato"="C:\\WINDOWS\\system32\\USB_Kbd\\Versato.exe"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"gfhaaacbuu"="c:\\documents and settings\\EDITE\\local settings\\application data\\gfhaaacbuu.exe gfhaaacbuu"
"pycfuzcmip"="c:\\documents and settings\\EDITE\\local settings\\application data\\pycfuzcmip.exe pycfuzcmip"
"pbgvgrdszp"="c:\\documents and settings\\EDITE\\local settings\\application data\\pbgvgrdszp.exe pbgvgrdszp"
"zmfdim"="c:\\documents and settings\\EDITE\\local settings\\application data\\zmfdim.exe zmfdim"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Message édité par LouHu le 05-01-2008 à 16:35:13

---------------
LouHu
Profil : IDNaute
Plus d'informations

et la suite le rapport HiJack
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:45, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\USB_Kbd\Versato.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffe [...] ftPane.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Versato] C:\WINDOWS\system32\USB_Kbd\Versato.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gfhaaacbuu] c:\documents and settings\EDITE\local settings\application data\gfhaaacbuu.exe gfhaaacbuu
O4 - HKCU\..\Run: [pycfuzcmip] c:\documents and settings\EDITE\local settings\application data\pycfuzcmip.exe pycfuzcmip
O4 - HKCU\..\Run: [pbgvgrdszp] c:\documents and settings\EDITElocal settings\application data\pbgvgrdszp.exe pbgvgrdszp
O4 - HKCU\..\Run: [zmfdim] c:\documents and settings\EDITE\local settings\application data\zmfdim.exe zmfdim
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0714887953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
 
--
End of file - 7568 bytes


Message édité par LouHu le 05-01-2008 à 16:39:54

---------------
LouHu
Profil : Helper
Plus d'informations

Bien , c'est déja mieux , tu ne devrais plus être redirigée :)
 
Y'a aussi des restes d'Egdaccess et autres  
 
Télécharge ComboFix [:eric_71] < ici
 
Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !
 
Un rapport est généré , Copie / Colle le dans ta réponse
Tu peux aussi trouver ce rapport ici : C:\Combofix.txt

Profil : IDNaute
Plus d'informations

Merci Eric de ton aide précieuse, c'est du chinois pour moi ...
 
Voici le rapport Combo (le pc n'a pas redémarré)
 
ComboFix 08-01-04.1 - EDITE2008-01-03 23:01:21.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.228 [GMT 1:00]
Running from: C:\Documents and Settings\EDITE\Bureau\ComboFix.exe
 * Created a new restore point
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\Documents and Settings\EDITE\Local Settings\Application Data\gfhaaacbuu.dat
c:\documents and settings\EDITE\local settings\application data\gfhaaacbuu.exe
C:\Documents and Settings\EDITE\Local Settings\Application Data\gfhaaacbuu_nav.dat
C:\Documents and Settings\EDITE\Local Settings\Application Data\gfhaaacbuu_navps.dat
C:\Documents and Settings\EDITE\Local Settings\Application Data\pbgvgrdszp.dat
C:\Documents and Settings\EDITE\Local Settings\Application Data\pbgvgrdszp.exe
C:\Documents and SettingsEDITEC:\Documents and Settings\Louisane et Luc\Local Settings\Application Data\pbgvgrdszp_navps.dat
C:\Documents and Settings\EDITE\Local Settings\Application Data\pycfuzcmip.dat
c:\documents and settings\EDITE\local settings\application data\pycfuzcmip.exe
C:\Documents and Settings\EDITE\Local Settings\Application Data\pycfuzcmip_nav.dat
c:\Documents and Settings\EDITE\Local Settings\Application Data\pycfuzcmip_navps.dat
C:\Documents and Settings\EDITE\Local Settings\Application Data\zmfdim.dat
C:\Documents and Settings\EDITE\Local Settings\Application Data\zmfdim.exe
C:\Documents and Settings\EDITE\Local Settings\Application Data\zmfdim_nav.dat
C:\Documents and Settings\EDITE\Local Settings\Application Data\zmfdim_navps.dat
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\nvs2.inf
 
.
(((((((((((((((((((((((((((((   Fichiers créés 2007-12-04 to 2008-01-04  ))))))))))))))))))))))))))))))))))))
.
 
2008-01-03 23:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 22:52 . 2008-01-03 22:52 <REP> d-------- C:\WINDOWS\LastGood
2008-01-03 22:14 . 2008-01-03 22:14 <REP> d-------- C:\Program Files\Trend Micro
2008-01-03 08:53 . 2008-01-03 09:09 <REP> d-------- C:\Program Files\Azureus
2007-12-30 18:24 . 2007-12-30 18:24 <REP> d-------- C:\Program Files\Alwil Software
2007-12-30 18:24 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-30 18:24 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-30 18:24 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-30 18:24 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 18:24 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 18:24 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 18:24 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 18:24 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 17:22 . 2008-01-03 08:39 <REP> d-------- C:\Nos Docs
2007-12-28 17:02 . 2007-12-28 17:02 <REP> d-------- C:\Program Files\Java
2007-12-28 17:02 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-28 17:00 . 2007-12-28 17:00 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-27 17:52 . 2008-01-03 21:52 <REP> d-------- C:\Documents and Settings\EDITE\Application Data\Azureus
2007-12-27 17:52 . 2007-12-27 17:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2007-12-23 18:11 . 2007-12-27 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-23 18:10 . 2007-12-23 18:10 <REP> d-------- C:\Program Files\Real
2007-12-15 18:49 . 2007-12-15 18:49 <REP> d-------- C:\Documents and Settings\EDITE\Application Data\Media Player Classic
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 21:50 --------- d-----w C:\Program Files\Wanadoo
2007-12-27 19:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-15 17:59 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-15 17:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 17:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-15 17:38 --------- d-----w C:\Documents and Settings\EDITE\Application Data\Apple Computer
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-06-14 20:42 25,600 ----a-w C:\Documents and Settings\EDITE\usbsermptxp.sys
2007-06-14 20:42 22,768 ----a-w C:\Documents and Settings\EDITE\usbsermpt.sys
1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"Versato"="C:\WINDOWS\system32\USB_Kbd\Versato.exe" [2001-03-12 12:26 143360]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 12:36 495616]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
 
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-03-12 08:59:52]
 
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 11:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 11:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 11:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 11:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 11:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 11:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 11:56]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
 
*Newly Created Service* - PROCEXP90  
.
**************************************************************************
 
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 23:03:56
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden autostart entries ...
 
scanning hidden files ...
 
scan completed successfully  
hidden files: 0  
 
**************************************************************************
.
Completion time: 2008-01-04 23:04:50
ComboFix-quarantined-files.txt  2008-01-04 22:04:28
.
2008-01-03 21:52:29 --- E O F ---


Message édité par LouHu le 05-01-2008 à 16:54:29

---------------
LouHu
Profil : Helper
Plus d'informations

Ok , reposte un HiJackThis

Profil : IDNaute
Plus d'informations

Rapport Hijack
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:55, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\USB_Kbd\Versato.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Versato] C:\WINDOWS\system32\USB_Kbd\Versato.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0714887953
O16 - DPF