fantomasse

salut qc001 et re charles voici mes rapports Logfile of HijackThis v1.99.1 Scan saved at 20:17:42, on 19/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Internet Explorer\iexplore.exe I:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: apitrap.dll,wbsys.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe virustotal This is a report processed by VirusTotal on 02/19/2006 at 20:11:14 (CET) after scanning the file "mnswpr.exe" file. Antivirus Version Update Result AntiVir 6.33.1.50 02.18.2006 no virus found Avast 4.6.695.0 02.16.2006 no virus found AVG 718 02.17.2006 no virus found Avira 6.33.1.50 02.18.2006 no virus found BitDefender 7.2 02.19.2006 no virus found CAT-QuickHeal 8.00 02.16.2006 no virus found ClamAV devel-20060126 02.19.2006 no virus found DrWeb 4.33 02.19.2006 no virus found eTrust-InoculateIT 23.71.81 02.19.2006 no virus found eTrust-Vet 12.4.2086 02.17.2006 no virus found Ewido 3.5 02.19.2006 no virus found Fortinet 2.69.0.0 02.18.2006 no virus found F-Prot 3.16c 02.19.2006 no virus found Ikarus 0.2.59.0 02.17.2006 no virus found Kaspersky 4.0.2.24 02.19.2006 no virus found McAfee 4700 02.17.2006 no virus found NOD32v2 1.1413 02.17.2006 no virus found Norman 5.70.10 02.17.2006 no virus found Panda 9.0.0.4 02.19.2006 no virus found Sophos 4.02.0 02.19.2006 no virus found Symantec 8.0 02.19.2006 no virus found TheHacker 5.9.4.098 02.18.2006 no virus found UNA 1.83 02.16.2006 no virus found VBA32 3.10.5 02.19.2006 no virus found merci a tous @+

il ne m'a pas proposé de rapport car pas infecté @+

SALUT, j'attends c'est ça???

re charles, j'ai bien tout fait comme tu me l'avais dit rapport regsearch REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 19/02/2006 16:57:41 for strings: ; 'wincon net driver ' ; 'network monitor' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}] "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor] ; Contents of value: ; C:\Program Files\Network Monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,4e,65,74,\ 77,6f,72,6b,20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,\ 65,72,76,69,63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Network Monitor] ; Contents of value: ; C:\Program Files\Network Monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,4e,65,74,\ 77,6f,72,6b,20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,\ 65,72,76,69,63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor] ; Contents of value: ; C:\Program Files\Network Monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,4e,65,74,\ 77,6f,72,6b,20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,\ 65,72,76,69,63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum] [HKEY_USERS\S-1-5-21-1177238915-746137067-839522115-1003\Software\Stardock\DesktopX\WidgetRecent] "file6"="D:\\Object Desktop\\DesktopX\\Widgets\\Silica Network Monitor.exe" "name6"="Silica Network Monitor" ; End Of The Log... pour supprimer mnswpr.exe pas possible sur c: (pas en lecture seule) et avec killbox il me dit "files error this file does not seem to exist" pour les 3 fichiers a rechercher aucun probleme si ce n'est que jfdcd.sys existe pas @++

salut charles, je te fais passer les 2 rapports. toutefois voici les bizarreries que j'ai rencontré. impossible d'eliminer c:\mnswpr.exe il me dit ressource utilisé puis dans services .msc impossible d'acceder a wincon il me dit une entrée necessaire dans le registre manque ou une tentative d'ecriture dans le registre a echoué puis sc delete network monitor suppression failed il me dit RAPPORT HIJACKTHIS StartupList report, 19/02/2006, 10:44:36 StartupList version: 1.52.2 Started from : I:\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe I:\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\stef\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe C-Media Speaker Configuration = C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WebCamRT.exe = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=apitrap.dll,wbsys.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: not hidden (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: not hidden (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: *No BHO's found* -------------------------------------------------- Enumerating Task Scheduler jobs: Maintenance en 1 clic.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [{02BF25D5-8C17-4B23-BC80-D3488ABDDC00}] CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Java Plug-in 1.5.0_03] InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Java Plug-in 1.5.0_03] InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote d'unité 61883: System32\DRIVERS\61883.sys (manual start) Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) AntiVir Scheduler: C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (autostart) AntiVir PersonalEdition Classic Service: C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (autostart) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start) aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) athsgt: System32\DRIVERS\athsgt.sys (autostart) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) Périphérique AVC: System32\DRIVERS\avc.sys (manual start) avgntdd: SYSTEM32\DRIVERS\avgntdd.sys (system) avgntmgr: SYSTEM32\drivers\avgntmgr.sys (system) ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) Cdrdrv: System32\Drivers\Cdrdrv.sys (manual start) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) C-Media PCI Audio Driver (WDM): system32\drivers\cmaudio.sys (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte réseau virtuelle FreeBox USB: System32\DRIVERS\fbxusb32.sys (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) GhostStartService: C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE (autostart) GhostPciScanner: \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys (system) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start) Pilote de filtre de gravure CD: system32\drivers\Imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\Imapi.exe (manual start) IntelIde: System32\DRIVERS\intelide.sys (system) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) jfdcd: \??\C:\DOCUME~1\stef\LOCALS~1\Temp\jfdcd.sys (manual start) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) limsgt: System32\DRIVERS\limsgt.sys (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Logitech USB Microphone: system32\drivers\lvsound2.sys (system) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Périphérique de filtrage de flux Unimodem: system32\drivers\MODEMCSA.sys (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (disabled) Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Network Monitor: C:\Program Files\Network Monitor\netmon.exe service (disabled) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start) Norton Unerase Protection: "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" (autostart) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte compatible IEE 1394 VIA OHCI: System32\DRIVERS\ohci1394.sys (system) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) Pilote de bus PCI: System32\DRIVERS\pci.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\System32\lsass.exe (disabled) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system) StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system) StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Logitech QuickCam Web(PID_0850): System32\DRIVERS\LVCE.sys (manual start) Logitech QuickCam Pro USB(PID_D001): System32\DRIVERS\p35u.sys (manual start) QDFSDRV: \??\C:\WINDOWS\system32\drivers\qdfsdrv.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: System32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system) StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system) StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system) StarForce Protection VFS Driver (version 2.x): System32\drivers\sfvfs02.sys (system) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Speed Disk service: C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe (autostart) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) st3wolf: System32\DRIVERS\st3wolf.sys (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) USB Dual-mode Camera: system32\drivers\STV680.sys (manual start) USB Dual-mode Cameram: system32\drivers\STV680m.sys (manual start) stwlfbus: System32\DRIVERS\stwlfbus.sys (system) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{FB18BEC6-003A-4248-9B86-CF60EE23B942} (manual start) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TuneUp WinStyler Theme Service: "C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe" (manual start) Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start) Pilote de concentrateur standard USB Microsoft: System32\DRIVERS\usbhub.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) VOBID: System32\DRIVERS\vobid.sys (system) vsdatant: System32\vsdatant.sys (system) TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Winbond GPIO Driver1: System32\drivers\WBHWDOCT.sys (manual start) Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (system) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (disabled) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: 0aMCPClient: C:\PROGRA~1\FICHIE~1\stardock\MCPCore.dll PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 35 694 bytes Report generated in 0,266 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only RAPPORT ESCAN File C:\WINDOWS\system32\wincon.exe infected by "Backdoor.Win32.Aimbot.cc" Virus. Action Taken: File Renamed. File C:\Documents and Settings\stef\Favoris\VALERIE\vacances\Partir pas cher ¤¤¤, reservation pas chère de voyages dégriffés.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed. File C:\mc-110-12-0000228.exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus. Action Taken: File Deleted. File C:\RECYCLER\NPROTECT\00017168. infected by "BkCln.Unknown" Virus. Action Taken: File Renamed. File C:\RECYCLER\NPROTECT\00017176. infected by "BkCln.Unknown" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0195676.exe infected by "Trojan-Downloader.Win32.Small.cjg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0195692.exe infected by "Trojan-Downloader.Win32.Small.cjg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0195694.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0195713.exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0195714.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0195715.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0196719.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0196720.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0196721.exe tagged as not-a-virus:AdWare.Win32.Softomate.j. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0196926.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0196936.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0196944.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0197132.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP577\A0197138.exe infected by "Trojan-Proxy.Win32.Ranky.ek" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0197955.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0197956.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0197961.exe tagged as not-a-virus:AdWare.Win32.Softomate.j. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0198955.exe infected by "Trojan-Downloader.Win32.Small.cjg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0198956.exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0198957.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0198988.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0198995.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0198996.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0198998.exe infected by "Backdoor.Win32.SdBot.xd" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0198999.exe infected by "Trojan-Downloader.Win32.VB.wd" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0199000.exe infected by "Trojan-Clicker.Win32.VB.le" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0199001.exe infected by "Trojan-Downloader.Win32.VB.wg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0199003.dll tagged as not-a-virus:AdWare.Win32.Ucmore. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0199006.dll tagged as not-a-virus:AdWare.Win32.Ucmore.a. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0199018.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0199115.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200092.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200093.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200094.exe infected by "Backdoor.Win32.SdBot.xd" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200105.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200153.dll tagged as not-a-virus:AdWare.Win32.Softomate.j. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200240.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201501.exe infected by "Trojan-Downloader.Win32.Agent.aev" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201502.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203581.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203582.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203583.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203584.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203585.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203586.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203587.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203588.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0203651.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0204662.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ak. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0205686.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ak. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0206689.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0206695.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ak. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0207707.exe infected by "Trojan-Downloader.Win32.VB.wr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0207712.exe infected by "Trojan-Proxy.Win32.Ranky.ek" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0207713.exe infected by "Trojan.Win32.StartPage.ahg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0207714.exe infected by "Trojan-Downloader.Win32.VB.wd" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0207717.exe tagged as not-a-virus:Monitor.Win32.NetMon.a. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0207718.dll tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0207719.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208849.exe infected by "Trojan-Proxy.Win32.Ranky.ek" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208850.exe infected by "Trojan-Clicker.Win32.VB.lg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208856.exe tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208857.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208858.exe tagged as not-a-virus:Porn-Dialer.Win32.EzDial.a. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208859.exe infected by "Trojan-Downloader.Win32.VB.wd" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208860.exe tagged as not-a-virus:AdWare.Win32.Zestyfind. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208861.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ak. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208862.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ak. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579\A0208863.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ak. No Action Taken. File C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP579

salut horus agressor merci fantomasse !!!!!! j'ai rien fait !!!! (mais vu sous cet angle effectivement) merci charles ingals

re charles, le message d'erreur suivant s'affiche sur mon micro depuis les dernieres manip (je laisse le micro allumé sur le bureau et une fenetre s'ouvre) FENETRE SOUS SYSTEME MS-DOS 16 BITS C:\mnswpr.exe Le processeur a rencontré une instruction non autorisée CS:06fa IP:0124 OP:63 74 28 29 3a choissiez fermer pour mettre fin a l'application inquietant?

salut charles, voila mes 2 rapports RAPPORT HIJACKTHIS StartupList report, 18/02/2006, 19:32:18 StartupList version: 1.52.2 Started from : I:\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wincon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe I:\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\stef\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe C-Media Speaker Configuration = C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WebCamRT.exe = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=apitrap.dll,wbsys.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: not hidden (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: not hidden (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: *No BHO's found* -------------------------------------------------- Enumerating Task Scheduler jobs: Maintenance en 1 clic.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [{02BF25D5-8C17-4B23-BC80-D3488ABDDC00}] CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Java Plug-in 1.5.0_03] InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Java Plug-in 1.5.0_03] InProcServer32 = C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote d'unité 61883: System32\DRIVERS\61883.sys (manual start) Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) AntiVir Scheduler: C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (autostart) AntiVir PersonalEdition Classic Service: C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (autostart) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start) aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) athsgt: System32\DRIVERS\athsgt.sys (autostart) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) Périphérique AVC: System32\DRIVERS\avc.sys (manual start) avgntdd: SYSTEM32\DRIVERS\avgntdd.sys (system) avgntmgr: SYSTEM32\drivers\avgntmgr.sys (system) ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) Cdrdrv: System32\Drivers\Cdrdrv.sys (manual start) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) C-Media PCI Audio Driver (WDM): system32\drivers\cmaudio.sys (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte réseau virtuelle FreeBox USB: System32\DRIVERS\fbxusb32.sys (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) GhostStartService: C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE (autostart) GhostPciScanner: \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys (system) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start) Pilote de filtre de gravure CD: system32\drivers\Imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\Imapi.exe (manual start) IntelIde: System32\DRIVERS\intelide.sys (system) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) jfdcd: \??\C:\DOCUME~1\stef\LOCALS~1\Temp\jfdcd.sys (manual start) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) limsgt: System32\DRIVERS\limsgt.sys (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Logitech USB Microphone: system32\drivers\lvsound2.sys (system) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Périphérique de filtrage de flux Unimodem: system32\drivers\MODEMCSA.sys (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (disabled) Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Network Monitor: C:\Program Files\Network Monitor\netmon.exe service (disabled) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start) Norton Unerase Protection: "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" (autostart) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte compatible IEE 1394 VIA OHCI: System32\DRIVERS\ohci1394.sys (system) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) Pilote de bus PCI: System32\DRIVERS\pci.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\System32\lsass.exe (disabled) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system) StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system) StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Logitech QuickCam Web(PID_0850): System32\DRIVERS\LVCE.sys (manual start) Logitech QuickCam Pro USB(PID_D001): System32\DRIVERS\p35u.sys (manual start) QDFSDRV: \??\C:\WINDOWS\system32\drivers\qdfsdrv.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: System32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system) StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system) StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system) StarForce Protection VFS Driver (version 2.x): System32\drivers\sfvfs02.sys (system) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Speed Disk service: C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe (autostart) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) st3wolf: System32\DRIVERS\st3wolf.sys (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) USB Dual-mode Camera: system32\drivers\STV680.sys (manual start) USB Dual-mode Cameram: system32\drivers\STV680m.sys (manual start) stwlfbus: System32\DRIVERS\stwlfbus.sys (system) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{FB18BEC6-003A-4248-9B86-CF60EE23B942} (manual start) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TuneUp WinStyler Theme Service: "C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe" (manual start) Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start) Pilote de concentrateur standard USB Microsoft: System32\DRIVERS\usbhub.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) VOBID: System32\DRIVERS\vobid.sys (system) vsdatant: System32\vsdatant.sys (system) TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Winbond GPIO Driver1: System32\drivers\WBHWDOCT.sys (manual start) Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (system) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) WinCon (wincon net driver): "C:\WINDOWS\system32\wincon.exe" (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (disabled) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: 0aMCPClient: C:\PROGRA~1\FICHIE~1\stardock\MCPCore.dll PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 35 800 bytes Report generated in 0,203 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only RAPPORT PANDA Incident Statut Analyse Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\stef\Bureau\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\stef\Bureau\VundoFix\VundoFix\process.exe Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\stef\Cookies\stef@doubleclick[1].txt Spyware:Cookie/YieldManager No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc2590.txt Spyware:Cookie/Serving-sys No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc2766.txt Spyware:Cookie/Traffic Marketplace No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc2777.txt Spyware:Cookie/Tradedoubler No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3021.txt Spyware:Cookie/Falkag No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3088.txt Spyware:Cookie/PointRoll No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3172.txt Spyware:Cookie/Casalemedia No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3193.txt Spyware:Cookie/Advertising No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3411.txt Spyware:Cookie/Belnk No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3458.txt Spyware:Cookie/Weborama No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3472.txt Spyware:Cookie/Bluestreak No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3544.txt Spyware:Cookie/onestat.com No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3681.txt Spyware:Cookie/Hitbox No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3717.txt Spyware:Cookie/Yadro No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3725.txt Spyware:Cookie/2o7.net No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3760.txt Spyware:Cookie/Bs.serving-sys No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3800.txt Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3852.txt Spyware:Cookie/Valueclick No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3869.txt Spyware:Cookie/Belnk No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3870.txt Spyware:Cookie/Atlas DMT No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3871.txt Spyware:Cookie/Doubleclick No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3924.txt Spyware:Cookie/Mediaplex No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc3935.txt Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\winsysupd71.dat Outil indésirable:Application/Processor No Désinfecté I:\l2mfix.exe[Process.exe] @+ BON COURAGE

bonjour, j'ai refais la procedure. toutefois je te signale que je n'ai jamais eu la phrase "file will be deleted on next reboot" mais seulement "file will be removed on reboot,do you want to reboot now?" et avec easycleaner il me restait 5 fichiers impossible à suprimer sur 227. VOCI LE RAPPORT DE PANDA Incident Statut Analyse Virus Eventuel. No Désinfecté C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z6MEO75F\meh[1].gif Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\stef\Bureau\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\stef\Bureau\VundoFix\VundoFix\process.exe Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\stef\Cookies\stef@advertising[1].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\stef\Cookies\stef@bluestreak[1].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\stef\Cookies\stef@doubleclick[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\stef\Cookies\stef@xiti[1].txt Virus Eventuel. No Désinfecté C:\mnswpr.exe Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\myupdates1.dat Adware:adware/commad No Désinfecté C:\WINDOWS\system32\atmtd.dll._ Outil indésirable:Application/Processor MERCI a TOI @+

ok je te refais cela demain matin @+ et merci

VOICI LE NOUVEAU RAPPORT DE PANDA EN LIGNE Incident Statut Analyse Adware:Adware/DollarRevenue No Désinfecté C:\!KillBox\drsmartload1.exe Adware:Adware/Maxifiles No Désinfecté C:\!KillBox\freeprodtb.exe Virus Eventuel. No Désinfecté C:\!KillBox\mnswpr.exe Adware:Adware/Ucmore No Désinfecté C:\!KillBox\ucmoreiex.exe Adware:Adware/SearchAid No Désinfecté C:\!KillBox\uninstall_nmon.vbs Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\stef\Bureau\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\stef\Bureau\VundoFix\VundoFix\process.exe Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\stef\Cookies\stef@advertising[1].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\stef\Cookies\stef@doubleclick[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\stef\Cookies\stef@xiti[1].txt Adware:Adware/Maxifiles No Désinfecté C:\Program Files\Fichiers communs\InetGet\freeprodtb.exe Hacktool:HackTool/EvID No Désinfecté C:\Program Files\Fichiers communs\Synacast\SynaLive\EvID4226Patch.exe Adware:Adware/Ucmore No Désinfecté C:\UCmore - The Search Accelerator\How To Uninstall.lnk Adware:Adware/Ucmore No Désinfecté C:\UCmore - The Search Accelerator\UCmore Tour.lnk Adware:Adware/Exact.BargainBuddy No Désinfecté C:\WINDOWS\etb\xml\images\casino.bmp Adware:Adware/Exact.BargainBuddy No Désinfecté C:\WINDOWS\etb\xml\images\dating.bmp Adware:Adware/Exact.BargainBuddy No Désinfecté C:\WINDOWS\etb\xml\images\virus.bmp Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\gimmygames1.dat Adware:adware/mediatickets No Désinfecté C:\WINDOWS\re12.reg Adware:adware/commad No Désinfecté C:\WINDOWS\system32\atmtd.dll._ Outil indésirable:Application/Processor No Désinfecté I:\l2mfix.exe[Process.exe] MERCI ENCORE POUR TON AIDE A TOI ET A TOUS CEUX QUI SONT PASSÉS PAR LA @+

merci à vous tous je vous fais passer le scan en ligne de chez panda qui a trouvé pas mal de chose. @+ Incident Statut Analyse Adware:Adware/Maxifiles No Désinfecté C:\Documents and Settings\LocalService\Bureau\freeprodtb.exe Adware:Adware/DollarRevenue No Désinfecté C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2DDGSEZW\drsmartload[1].exe Virus Eventuel. No Désinfecté C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INM3AF6Z\meh[1].gif Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\stef\Bureau\l2mfix\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\stef\Bureau\VundoFix\VundoFix\process.exe Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\stef\Cookies\stef@adtech[2].txt Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\stef\Cookies\stef@advertising[1].txt Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\stef\Cookies\stef@as1.falkag[1].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\stef\Cookies\stef@doubleclick[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\stef\Cookies\stef@xiti[1].txt Adware:Adware/DollarRevenue No Désinfecté C:\drsmartload1.exe Virus Eventuel. No Désinfecté C:\mnswpr.exe Adware:Adware/Maxifiles No Désinfecté C:\Program Files\Fichiers communs\InetGet\freeprodtb.exe Hacktool:HackTool/EvID No Désinfecté C:\Program Files\Fichiers communs\Synacast\SynaLive\EvID4226Patch.exe Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\S-1-5-21-1177238915-746137067-839522115-1003\Dc371.txt Adware:Adware/Ucmore No Désinfecté C:\UCmore - The Search Accelerator\How To Uninstall.lnk Adware:Adware/Ucmore No Désinfecté C:\UCmore - The Search Accelerator\UCmore Tour.lnk Adware:Adware/Ucmore No Désinfecté C:\ucmoreiex.exe Adware:adware/dollarrevenue No Désinfecté C:\WINDOWS\drsmartload2.dat Adware:Adware/Exact.BargainBuddy No Désinfecté C:\WINDOWS\etb\xml\images\casino.bmp Adware:Adware/Exact.BargainBuddy No Désinfecté C:\WINDOWS\etb\xml\images\dating.bmp Adware:Adware/Exact.BargainBuddy No Désinfecté C:\WINDOWS\etb\xml\images\virus.bmp Adware:adware/mediatickets No Désinfecté C:\WINDOWS\mtu.bat Adware:adware/commad No Désinfecté C:\WINDOWS\system32\atmtd.dll Virus:W32/Sdbot.ftp Désinfecté C:\WINDOWS\system32\i Adware:adware/isearch No Désinfecté C:\WINDOWS\tool2.exe Adware:Adware/SearchAid No Désinfecté C:\WINDOWS\uninstall_nmon.vbs Adware:adware/cws.searchmeup No Désinfecté C:\WINDOWS\uniq Outil indésirable:Application/Processor No Désinfecté I:\l2mfix.exe[Process.exe]

BONJOUR voici le rapport ewido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 18:03:55, 17/02/2006 + Somme de contrôle: BA22E791 + Résultats du scan: HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKLM\SOFTWARE\Elitum -> Adware.EliteBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Elitum\EliteSideBar -> Adware.EliteBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Elitum\EliteToolBar -> Adware.EliteBar : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator -> Adware.UCmore : Nettoyer et sauvegarder HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder C:\Documents and Settings\stef\Bureau\l2mfix\backup.zip/dlls/en24l1fq1.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\stef\Bureau\l2mfix\backup.zip/dlls/f4j2le1o1h.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\stef\Bureau\l2mfix\backup.zip/dlls/iosso.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\stef\Bureau\l2mfix\backup.zip/dlls/jt0o07d3e.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\stef\Bureau\l2mfix\backup.zip/dlls/kmdbr.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\stef\Bureau\l2mfix\backup.zip/dlls/ldpm0971e.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\stef\Bureau\l2mfix\backup.zip/dlls/r0p80a7ued.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\stef\Cookies\stef@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyer et sauvegarder C:\Documents and Settings\stef\Cookies\stef@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\stef\Cookies\stef@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\stef\Cookies\stef@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder C:\Installer.exe -> Adware.Look2Me : Nettoyer et sauvegarder C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Nettoyer et sauvegarder C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Erreur durant le nettoyage C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Erreur durant le nettoyage C:\WINDOWS\France.exe -> Dialer.EzDial.a : Nettoyer et sauvegarder C:\WINDOWS\gimmygames.exe -> Downloader.VB.wd : Nettoyer et sauvegarder C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Nettoyer et sauvegarder C:\WINDOWS\system32\awvvu.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\ddabx.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\ddccc.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\eraseme_11500.exe -> Backdoor.SdBot.ajs : Nettoyer et sauvegarder C:\WINDOWS\system32\geebb.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\jkklk.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\mlljg.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\mllmm.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\pmkjj.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\snddrv.exe -> Backdoor.SdBot.ajs : Nettoyer et sauvegarder C:\WINDOWS\system32\ssqrp.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\sstqo.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\vtutr.dll -> Adware.Virtumonde : Nettoyer et sauvegarder C:\WINDOWS\system32\vtuts.dll -> Adware.Virtumonde : Nettoyer et sauvegarder D:\mp3\raphael\Raphael-Caravane-Fr-2005-Mvp.rar/[PC GAME MULTILANGUAGE] Free Casino Games Simulation - fino a 500 $ gratis sul primo deposito - up to 500 $ for free on first deposit.exe -> Adware.Casino : Nettoyer et sauvegarder ::Fin du rapport ET LE RAPPORT HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 18:25:05, on 17/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wincon.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe I:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: apitrap.dll,wbsys.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe @+

j'ai lancé ewindo vers 7h00 mais comme cela a l'air très long je l'ai laissé tourner. je ne rentre que vers 17h00-18h00 donc tu auras le rapport un peu plus tard. merci à toi @+

salut charles, excuse moi mais la procedure que j'ai imprimé hier ne me parlait pas d'ewido. je recommence @+

ok j'ai fait tout cela. toutefois je te signale 3 choses: impossible de desinstaller network monitor ne veut pas sc delete network monitor the searcaccelerator n'existe pas pour le reste pas de soucis VOICI LE RAPPORT HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 23:41:37, on 16/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wincon.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\mnswpr.exe C:\windows\winsysban8.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe I:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/index.php?showforum=51 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\mnswpr.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.tiji.tv/programmes/sauvetout/je...Player15109.dll O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: apitrap.dll,wbsys.dll O20 - Winlogon Notify: gebcy - gebcy.dll (file missing) O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: mljjk - mljjk.dll (file missing) O20 - Winlogon Notify: sstts - sstts.dll (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe @+ MERCI POUR NETWORK MONITOR A DESINSTALLER IL m'ouvre un efenetre windows script host ou il est marqué que "l'accès à windows script host est deactivé sur cette machine. contacter votre administrateur systme pour plus d'information". dois je aller le deverouiller windows script host??

desolé mais j'avais deja lancé la procedure anterieure. j'envoie le nouveau rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 22:27:02, on 16/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\cGFyaQ\command.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\WINDOWS\system32\inetdns.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wincon.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\mnswpr.exe C:\windows\winsysban8.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe I:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/index.php?showtopi...6&hl=hijackthis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\mnswpr.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.tiji.tv/programmes/sauvetout/je...Player15109.dll O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: apitrap.dll,wbsys.dll O20 - Winlogon Notify: gebcy - gebcy.dll (file missing) O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: mljjk - mljjk.dll (file missing) O20 - Winlogon Notify: sstts - sstts.dll (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGFyaQ\command.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: inetdns (InetDns) (inetdns) - Unknown owner - C:\WINDOWS\system32\inetdns.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe AINSI QUE LE RAPPORT VUNDOFIX NOUVELLE VERSION VundoFix V4.2.22 Scan started at 20:55:08 14/02/2006 Listing files found while scanning.... C:\WINDOWS\System32\ssttq.dll Attempting to delete C:\WINDOWS\System32\ssttq.dll C:\WINDOWS\System32\ssttq.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V4.2.22 Scan started at 17:59:02 15/02/2006 Listing files found while scanning.... C:\WINDOWS\system32\gebcy.dll Attempting to delete C:\WINDOWS\system32\gebcy.dll C:\WINDOWS\system32\gebcy.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V4.2.24 Scan started at 22:24:02 16/02/2006 Listing files found while scanning.... C:\WINDOWS\system32\sstts.dll Performing Repairs to the registry. Done! LA DIFFERENCE AVEC PRECEDEMMENT C'EST QUE LA 2EME FENETRE DE VUNDO S'OUVRAIT TOUTE SEULE @+

RE CHARLES nouveau rapport HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 21:43:46, on 16/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\cGFyaQ\command.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\WINDOWS\system32\inetdns.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wincon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\mnswpr.exe C:\windows\winsysban8.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe I:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/index.php?showtopi...6&hl=hijackthis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\sstts.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\mnswpr.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.tiji.tv/programmes/sauvetout/je...Player15109.dll O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: apitrap.dll,wbsys.dll O20 - Winlogon Notify: gebcy - gebcy.dll (file missing) O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: mljjk - mljjk.dll (file missing) O20 - Winlogon Notify: sstts - C:\WINDOWS\SYSTEM32\sstts.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGFyaQ\command.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: inetdns (InetDns) (inetdns) - Unknown owner - C:\WINDOWS\system32\inetdns.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe @+

re effectivement la bete a l'air coriace RAPPORT HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 20:56:48, on 16/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\cGFyaQ\command.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\WINDOWS\system32\inetdns.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wincon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\mnswpr.exe C:\windows\winsysban8.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe I:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/index.php?showtopi...6&hl=hijackthis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\mljjk.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\mnswpr.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.tiji.tv/programmes/sauvetout/je...Player15109.dll O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: apitrap.dll,wbsys.dll O20 - Winlogon Notify: gebcy - gebcy.dll (file missing) O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: mljjk - C:\WINDOWS\SYSTEM32\mljjk.dll O20 - Winlogon Notify: sstts - C:\WINDOWS\SYSTEM32\sstts.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGFyaQ\command.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: inetdns (InetDns) (inetdns) - Unknown owner - C:\WINDOWS\system32\inetdns.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ET LE RAPPORT VUNDOFIX VundoFix V2.15 by Atri -------------------------------------------------------------------------------------- Listing files contained in the vundofix folder. -------------------------------------------------------------------------------------- killvundo.bat process.exe ReadMe.txt vundo.reg vundofix.txt -------------------------------------------------------------------------------------- Filepaths entered -------------------------------------------------------------------------------------- The filepath entered was c:\windows\system32\gebcy.dll The second filepath entered was c:\windows\system32\ycbeg.* -------------------------------------------------------------------------------------- Log from Process -------------------------------------------------------------------------------------- Killing PID 208 'smss.exe' Killing PID 820 'explorer.exe' Killing PID 820 'explorer.exe' Killing PID 280 'winlogon.exe' -------------------------------------------------------------------------------------- c:\windows\system32\gebcy.dll Deleted sucessfully. c:\windows\system32\ycbeg.* Deleted sucessfully. Fixing Registry --------------------------------------------------------------------------------------

rebonjour, voila mon rapport look2mee Look2Me-Destroyer V1.0.5 Scanning for infected files..... Scan started at 16/02/2006 18:08:54 Infected! C:\WINDOWS\system32\f4j2le1o1h.dll Infected! C:\Documents and Settings\stef\Bureau\l2mfix\dlls\en24l1fq1.dll Infected! C:\Documents and Settings\stef\Bureau\l2mfix\dlls\f4j2le1o1h.dll Infected! C:\Documents and Settings\stef\Bureau\l2mfix\dlls\iosso.dll Infected! C:\Documents and Settings\stef\Bureau\l2mfix\dlls\jt0o07d3e.dll Infected! C:\Documents and Settings\stef\Bureau\l2mfix\dlls\kmdbr.dll Infected! C:\Documents and Settings\stef\Bureau\l2mfix\dlls\ldpm0971e.dll Infected! C:\Documents and Settings\stef\Bureau\l2mfix\dlls\r0p80a7ued.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200097.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200102.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200148.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200242.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200245.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201246.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201254.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201257.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201503.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201504.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201505.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201506.dll Infected! C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201507.dll Attempting to delete infected files... Attempting to delete: C:\Documents and Settings\stef\Bureau\l2mfix\dlls\en24l1fq1.dll C:\Documents and Settings\stef\Bureau\l2mfix\dlls\en24l1fq1.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\stef\Bureau\l2mfix\dlls\f4j2le1o1h.dll C:\Documents and Settings\stef\Bureau\l2mfix\dlls\f4j2le1o1h.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\stef\Bureau\l2mfix\dlls\iosso.dll C:\Documents and Settings\stef\Bureau\l2mfix\dlls\iosso.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\stef\Bureau\l2mfix\dlls\jt0o07d3e.dll C:\Documents and Settings\stef\Bureau\l2mfix\dlls\jt0o07d3e.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\stef\Bureau\l2mfix\dlls\kmdbr.dll C:\Documents and Settings\stef\Bureau\l2mfix\dlls\kmdbr.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\stef\Bureau\l2mfix\dlls\ldpm0971e.dll C:\Documents and Settings\stef\Bureau\l2mfix\dlls\ldpm0971e.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\stef\Bureau\l2mfix\dlls\r0p80a7ued.dll C:\Documents and Settings\stef\Bureau\l2mfix\dlls\r0p80a7ued.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200097.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200097.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200102.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200102.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200148.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200148.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200242.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200242.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200245.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0200245.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201246.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201246.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201254.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201254.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201257.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201257.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201503.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201503.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201504.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201504.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201505.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201505.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201506.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201506.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201507.dll C:\System Volume Information\_restore{2A0B6D55-2628-4CCD-81D6-AA38340C2F68}\RP578\A0201507.dll Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrateurs - Succeeded et mon rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 18:14:21, on 16/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\cGFyaQ\command.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\WINDOWS\system32\inetdns.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\snddrv.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\mnswpr.exe C:\windows\winsysban8.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/index.php?showtopi...6&hl=hijackthis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\gebcy.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\mnswpr.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.tiji.tv/programmes/sauvetout/je...Player15109.dll O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: apitrap.dll,wbsys.dll O20 - Winlogon Notify: gebcy - C:\WINDOWS\SYSTEM32\gebcy.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: mljjk - C:\WINDOWS\SYSTEM32\mljjk.dll O20 - Winlogon Notify: sstts - C:\WINDOWS\SYSTEM32\sstts.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGFyaQ\command.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: inetdns (InetDns) (inetdns) - Unknown owner - C:\WINDOWS\system32\inetdns.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\WINDOWS\system32\snddrv.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe @+ et merci encore

ok charles je te fais ça vers 17h18h. @+

bonjour tornado, ok je fais ça en fin d'après midi hijackthis en normal et vundofix en mode sans echec @+

salut charles, voici mon rapport l2m L2mfix 010406 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 688 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 764 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1144 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1704 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). Deleting: C:\WINDOWS\system32\en24l1fq1.dll Successfully Deleted: C:\WINDOWS\system32\en24l1fq1.dll Deleting: C:\WINDOWS\system32\f4j2le1o1h.dll Successfully Deleted: C:\WINDOWS\system32\f4j2le1o1h.dll Deleting: C:\WINDOWS\system32\iosso.dll Successfully Deleted: C:\WINDOWS\system32\iosso.dll Deleting: C:\WINDOWS\system32\jt0o07d3e.dll Successfully Deleted: C:\WINDOWS\system32\jt0o07d3e.dll Deleting: C:\WINDOWS\system32\kmdbr.dll Successfully Deleted: C:\WINDOWS\system32\kmdbr.dll Deleting: C:\WINDOWS\system32\ldpm0971e.dll Successfully Deleted: C:\WINDOWS\system32\ldpm0971e.dll Deleting: C:\WINDOWS\system32\r0p80a7ued.dll Successfully Deleted: C:\WINDOWS\system32\r0p80a7ued.dll msg11?.dll 0 fichier(s) copi‚(s). Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\f4j2le1o1h.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcy] "Asynchronous"=dword:00000001 "DllName"="gebcy.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient] "Asynchronous"=dword:00000000 "DllName"="C:\\PROGRA~1\\FICHIE~1\\Stardock\\mcpstub.dll" "Startup"="MCPSystemStartup" "Logon"="MCPLogonStartup" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjk] "Asynchronous"=dword:00000001 "DllName"="mljjk.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstts] "Asynchronous"=dword:00000001 "DllName"="sstts.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB] "Asynchronous"=dword:00000000 "DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll" "Startup"="StartSys" "Logon"="StartWB" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\en24l1fq1.dll C:\WINDOWS\system32\f4j2le1o1h.dll C:\WINDOWS\system32\iosso.dll C:\WINDOWS\system32\jt0o07d3e.dll C:\WINDOWS\system32\kmdbr.dll C:\WINDOWS\system32\ldpm0971e.dll C:\WINDOWS\system32\r0p80a7ued.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}\InprocServer32] @="C:\\WINDOWS\\system32\\ndapi16.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}] @="" [HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}\InprocServer32] @="C:\\WINDOWS\\system32\\ldpm0971e.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}] @="" [HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}\InprocServer32] @="C:\\WINDOWS\\system32\\iosso.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}"=- "{58389769-F0FD-430D-8902-FB32EBCEB73A}"=- "{71C8A325-6800-49A2-985B-9D0573A29E75}"=- [-HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}] [-HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}] [-HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/en24l1fq1.dll (164 bytes security) (deflated 5%) adding: dlls/f4j2le1o1h.dll (164 bytes security) (deflated 5%) adding: dlls/iosso.dll (164 bytes security) (deflated 5%) adding: dlls/jt0o07d3e.dll (164 bytes security) (deflated 5%) adding: dlls/kmdbr.dll (164 bytes security) (deflated 4%) adding: dlls/ldpm0971e.dll (164 bytes security) (deflated 4%) adding: dlls/r0p80a7ued.dll (164 bytes security) (deflated 5%) adding: backregs/58389769-F0FD-430D-8902-FB32EBCEB73A.reg (212 bytes security) (deflated 70%) adding: backregs/71C8A325-6800-49A2-985B-9D0573A29E75.reg (212 bytes security) (deflated 70%) adding: backregs/DE4EAE5D-A601-45BF-9666-9423BDC9B3E7.reg (212 bytes security) (deflated 69%) adding: backregs/notibac.reg (164 bytes security) (deflated 88%) adding: backregs/shell.reg (164 bytes security) (deflated 74%) et mon rapport en mode normal hijackthis Logfile of HijackThis v1.99.1 Scan saved at 07:27:17, on 16/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\cGFyaQ\command.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\WINDOWS\system32\inetdns.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\snddrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\mnswpr.exe C:\windows\winsysban8.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/index.php?showtopi...6&hl=hijackthis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\gebcy.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\mnswpr.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.tiji.tv/programmes/sauvetout/je...Player15109.dll O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: apitrap.dll,wbsys.dll O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\f4j2le1o1h.dll (file missing) O20 - Winlogon Notify: gebcy - C:\WINDOWS\SYSTEM32\gebcy.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: mljjk - C:\WINDOWS\SYSTEM32\mljjk.dll O20 - Winlogon Notify: sstts - C:\WINDOWS\SYSTEM32\sstts.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGFyaQ\command.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: inetdns (InetDns) (inetdns) - Unknown owner - C:\WINDOWS\system32\inetdns.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SndDRV (MS Sound Driver) (SndDRV) - Unknown owner - C:\WINDOWS\system32\snddrv.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe merci à toi et a tout ce qui m'aide

salut, voici le rapport de l2mfix L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcy] "Asynchronous"=dword:00000001 "DllName"="gebcy.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\ktp8l77u1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient] "Asynchronous"=dword:00000000 "DllName"="C:\\PROGRA~1\\FICHIE~1\\Stardock\\mcpstub.dll" "Startup"="MCPSystemStartup" "Logon"="MCPLogonStartup" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjk] "Asynchronous"=dword:00000001 "DllName"="mljjk.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstts] "Asynchronous"=dword:00000001 "DllName"="sstts.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB] "Asynchronous"=dword:00000000 "DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll" "Startup"="StartSys" "Logon"="StartWB" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3DC9EDF2-8892-CDBB-0746-93CB06DC63F4}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler" "{59850401-6664-101B-B21C-00AA004BA90B}"="S‚parateur du Classeur Microsoft Office" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{C56C4E21-706D-11d0-AFC5-444553540002}"="Mon appareil photo num‚rique" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{F5D92341-0A64-11D0-9956-0000E8096023}"="CD Copy Shell Extension" "{F5D92342-0A64-11D0-9956-0000E8096023}"="CD Wizard Shell Extension" "{F5D92344-0A64-11D0-9956-0000E8096023}"="InstantWrite Shellextension" "{2F5AC606-70CF-461C-BFE1-734234536262}"="WindowBlinds CPL Extension" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler" "{906b0e6e-61ce-11d3-8ee2-0060080a7242}"="QuickSFV Shell Extension" "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}"="" "{58389769-F0FD-430D-8902-FB32EBCEB73A}"="" "{71C8A325-6800-49A2-985B-9D0573A29E75}"="" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DE4EAE5D-A601-45BF-9666-9423BDC9B3E7}\InprocServer32] @="C:\\WINDOWS\\system32\\ndapi16.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}] @="" [HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{58389769-F0FD-430D-8902-FB32EBCEB73A}\InprocServer32] @="C:\\WINDOWS\\system32\\ldpm0971e.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}] @="" [HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{71C8A325-6800-49A2-985B-9D0573A29E75}\InprocServer32] @="C:\\WINDOWS\\system32\\wjv8dmoe.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ atmtd.dll Tue 14 Feb 2006 22:28:30 A.... 687 592 671,48 K avsda.dll Wed 18 Jan 2006 13:06:02 A.... 57 344 56,00 K awvvu.dll Tue 14 Feb 2006 20:05:30 ..SH. 38 925 38,01 K cmdlin~2.dll Sun 12 Feb 2006 16:56:50 A.... 43 520 42,50 K ddabx.dll Tue 14 Feb 2006 18:14:42 ..SH. 38 925 38,01 K ddccc.dll Sun 12 Feb 2006 23:27:30 ..SH. 38 925 38,01 K en24l1~1.dll Wed 15 Feb 2006 17:35:30 ..S.R 236 234 230,70 K ff_vfw.dll Thu 22 Dec 2005 21:31:16 A.... 6 144 6,00 K gebcy.dll Tue 14 Feb 2006 17:49:16 ..... 38 925 38,01 K geebb.dll Mon 13 Feb 2006 17:41:08 ..SH. 38 925 38,01 K jkklk.dll Tue 14 Feb 2006 22:58:50 ..SH. 38 925 38,01 K jt0o07~1.dll Wed 15 Feb 2006 18:00:44 ..S.R 235 120 229,61 K kmdbr.dll Tue 14 Feb 2006 22:56:12 ..S.R 234 631 229,13 K ktp8l7~1.dll Tue 14 Feb 2006 22:24:54 ..S.R 234 813 229,31 K ldpm09~1.dll Tue 14 Feb 2006 22:24:46 ..S.R 234 451 228,95 K mljjk.dll Sun 12 Feb 2006 22:50:12 ..SH. 38 925 38,01 K mlljg.dll Tue 14 Feb 2006 22:28:08 ..SH. 38 925 38,01 K mllmm.dll Tue 14 Feb 2006 21:38:42 ..SH. 38 925 38,01 K pmkjj.dll Sun 12 Feb 2006 22:27:52 ..SH. 38 925 38,01 K sirenacm.dll Wed 14 Dec 2005 9:24:42 A.... 118 784 116,00 K ssqrp.dll Sun 12 Feb 2006 22:33:54 ..SH. 38 925 38,01 K sstqo.dll Mon 13 Feb 2006 22:30:44 ..SH. 38 925 38,01 K sstts.dll Sun 12 Feb 2006 21:14:44 ...H. 38 925 38,01 K vp7vfw.dll Fri 2 Dec 2005 16:42:38 A.... 630 784 616,00 K vtutr.dll Sun 12 Feb 2006 23:20:50 ..SH. 38 925 38,01 K vtuts.dll Tue 14 Feb 2006 20:28:08 ..SH. 38 925 38,01 K wjv8dmoe.dll Wed 15 Feb 2006 18:00:44 ..S.R 234 813 229,31 K xvidcore.dll Fri 30 Dec 2005 20:10:30 A.... 761 856 744,00 K xvidvfw.dll Fri 30 Dec 2005 20:18:26 A.... 180 224 176,00 K 29 items found: 29 files (20 H/S), 0 directories. Total of file sizes: 4 480 185 bytes 4,27 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 885C-D06F R‚pertoire de C:\WINDOWS\System32 15/02/2006 18:00 234ÿ813 wjv8dmoe.dll 15/02/2006 18:00 235ÿ120 jt0o07d3e.dll 15/02/2006 17:35 236ÿ234 en24l1fq1.dll 14/02/2006 22:58 38ÿ925 jkklk.dll 14/02/2006 22:56 234ÿ631 kmdbr.dll 14/02/2006 22:28 38ÿ925 mlljg.dll 14/02/2006 22:24 234ÿ813 ktp8l77u1.dll 14/02/2006 22:24 234ÿ451 ldpm0971e.dll 14/02/2006 21:38 38ÿ925 mllmm.dll 14/02/2006 20:28 38ÿ925 vtuts.dll 14/02/2006 20:05 38ÿ925 awvvu.dll 14/02/2006 18:14 38ÿ925 ddabx.dll 13/02/2006 22:30 38ÿ925 sstqo.dll 13/02/2006 17:41 38ÿ925 geebb.dll 12/02/2006 23:27 38ÿ925 ddccc.dll 12/02/2006 23:20 38ÿ925 vtutr.dll 12/02/2006 22:50 38ÿ925 mljjk.dll 12/02/2006 22:33 38ÿ925 ssqrp.dll 12/02/2006 22:27 38ÿ925 pmkjj.dll 12/02/2006 20:29 193ÿ024 inetdns.exe 12/02/2006 16:47 237ÿ568 snddrv.exe 09/02/2006 13:32 12ÿ208 KGyGaAvL.sys 05/02/2006 22:13 <REP> dllcache 12/04/2004 18:55 32 {B7A38EEE-83EE-4DC1-9016-08F5C8CA3115}.dat 12/04/2004 18:54 32 {F1D986D2-51B1-4174-A384-E07A4F2CC309}.dat 12/04/2004 18:54 32 {1E9C2DF8-9E38-40B9-A8A3-9BBDF1AFB121}.dat 12/04/2004 18:52 32 {E9870EC5-372A-4EF9-8B84-F1EBE2E57F1F}.dat 12/04/2004 18:52 32 {2C61BFAA-D323-4CA5-85FA-A39E3FB5134F}.dat 12/04/2004 18:52 32 {E0C01C7E-D95F-4915-AE20-3D173D6CA3E6}.dat 12/04/2004 18:40 <REP> Microsoft 05/01/2002 03:40 487ÿ424 MSVCP70.DLL 29 fichier(s) 2ÿ846ÿ503 octets 2 R‚p(s) 6ÿ636ÿ781ÿ568 octets libres

salut tornado, normalement j'ai bien suivi les consignesde jack mais je vais refaire vundofix pour voir si cla me donne le meme resultat (en fin d'après midi) merci @+