deathlife

Bonjour, rien de trouvé lors du dernier scan. Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1321 Windows 5.1.2600 Service Pack 3 26/10/2008 11:12:55 mbam-log-2008-10-26 (11-12-55).txt Type de recherche: Examen complet (C:\|E:\|F:\|G:\|H:\|) Eléments examinés: 167908 Temps écoulé: 1 hour(s), 4 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Donc j'en déduis que tout est OK sur mon ordi merci encore de vos retours, à très bientôt,

alors voici déjà les 2 logs : log.txt Logfile of random's system information tool 1.04 (written by random/random) Run by Sebastien at 2008-10-26 01:35:51 Microsoft Windows XP Professionnel Service Pack 3 System drive E: has 18 GB (59%) free of 30 GB Total RAM: 2047 MB (72% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:36:02, on 26/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\Program Files\Bonjour\mDNSResponder.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\WINDOWS\System32\nvsvc32.exe E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\WINDOWS\RTHDCPL.EXE H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe E:\Program Files\Microsoft ActiveSync\wcescomm.exe E:\PROGRA~1\MICROS~3\rapimgr.exe E:\Program Files\Logitech\SetPoint\SetPoint.exe E:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe E:\WINDOWS\system32\wscntfy.exe E:\Documents and Settings\Sebastien\Bureau\RSIT.exe E:\Documents and Settings\Sebastien\Bureau\Sebastien.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] E:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Save Flash - res://E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205153403031 O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - E:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 9489 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}] ContributeBHO Class - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120] {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=E:\WINDOWS\System32\NvCpl.dll [2007-12-05 8523776] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=E:\WINDOWS\System32\NvMcTray.dll [2007-12-05 81920] "avgnt"=E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497] "RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648] "Alcmtr"=E:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "Kernel and Hardware Abstraction Layer"=E:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "Acrobat Assistant 8.0"=H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992] ""= [] "Adobe_ID0EYTHM"=E:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160] "amd_dc_opt"=E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824] "SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MsnMsgr"=E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "H/PC Connection Agent"=E:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] e:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] E:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "E:\WINDOWS\system32\sessmgr.exe"="E:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\Program Files\eMule\emule.exe"="E:\Program Files\eMule\emule.exe:*:Enabled:eMule" "E:\Program Files\Windows Live\Messenger\livecall.exe"="E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Call" "E:\Program Files\Electronic Arts\EADM\Core.exe"="E:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "E:\Program Files\Curse\CurseClient.exe"="E:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client" "E:\Program Files\Microsoft ActiveSync\rapimgr.exe"="E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"="E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\Program Files\Windows Live\Messenger\livecall.exe"="E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "E:\Program Files\Microsoft ActiveSync\rapimgr.exe"="E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"="E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" ======List of files/folders created in the last 1 months====== 2008-10-26 01:35:51 ----D---- E:\rsit 2008-10-25 14:50:14 ----A---- E:\WINDOWS\ntbtlog.txt 2008-10-24 22:56:54 ----HDC---- E:\WINDOWS\$NtUninstallKB958644$ 2008-10-22 21:15:33 ----D---- E:\Program Files\SAMSUNG 2008-10-14 21:28:00 ----HDC---- E:\WINDOWS\$NtUninstallKB956803$ 2008-10-14 21:27:56 ----HDC---- E:\WINDOWS\$NtUninstallKB956391$ 2008-10-14 21:27:52 ----HDC---- E:\WINDOWS\$NtUninstallKB957095$ 2008-10-14 21:27:30 ----HDC---- E:\WINDOWS\$NtUninstallKB954211$ 2008-10-14 21:27:19 ----HDC---- E:\WINDOWS\$NtUninstallKB956841$ 2008-10-11 17:23:01 ----D---- E:\Program Files\Microsoft ActiveSync ======List of files/folders modified in the last 1 months====== 2008-10-26 01:35:23 ----D---- E:\WINDOWS\Prefetch 2008-10-26 01:07:55 ----D---- E:\Program Files\Mozilla Thunderbird 2008-10-25 21:04:43 ----D---- E:\WINDOWS\Temp 2008-10-25 20:16:05 ----D---- E:\Program Files\Mozilla Firefox 2008-10-25 14:50:14 ----D---- E:\WINDOWS 2008-10-25 14:49:43 ----A---- E:\WINDOWS\SchedLgU.Txt 2008-10-25 12:20:33 ----D---- E:\WINDOWS\system32 2008-10-24 22:57:01 ----HD---- E:\WINDOWS\inf 2008-10-24 22:56:56 ----RSHDC---- E:\WINDOWS\system32\dllcache 2008-10-24 22:56:48 ----HD---- E:\WINDOWS\$hf_mig$ 2008-10-24 22:56:47 ----D---- E:\WINDOWS\system32\CatRoot2 2008-10-22 21:28:32 ----D---- E:\WINDOWS\system32\drivers 2008-10-22 21:16:56 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI 2008-10-22 21:15:33 ----RD---- E:\Program Files 2008-10-22 21:11:21 ----D---- E:\Documents and Settings\Sebastien\Application Data\FileZilla 2008-10-20 22:57:52 ----D---- E:\Documents and Settings\Sebastien\Application Data\OpenOffice.org2 2008-10-15 18:35:43 ----A---- E:\WINDOWS\system32\netapi32.dll 2008-10-14 22:58:16 ----D---- E:\Program Files\Curse 2008-10-14 21:28:02 ----A---- E:\WINDOWS\imsins.BAK 2008-10-14 21:27:42 ----D---- E:\Program Files\Internet Explorer 2008-10-11 17:25:19 ----SD---- E:\Documents and Settings\Sebastien\Application Data\Microsoft 2008-10-11 17:23:34 ----SHD---- E:\WINDOWS\Installer 2008-10-11 17:23:02 ----D---- E:\WINDOWS\Help 2008-10-11 17:23:02 ----D---- E:\Program Files\Fichiers communs\Microsoft Shared 2008-10-07 21:19:40 ----A---- E:\WINDOWS\system32\MRT.exe 2008-10-03 19:12:27 ----A---- E:\WINDOWS\system32\ieframe.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 avgntdd;avgntdd; E:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-18 45376] R1 avipbb;avipbb; E:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-07-18 75072] R1 kbdhid;Pilote HID de clavier; E:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; E:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; E:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-10 20747] R3 AmdLLD;AMD Low Level Device Driver; E:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304] R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\GTNDIS5.SYS [] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; E:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; E:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; E:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; E:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 LMouKE;SetPoint Mouse Filter Driver; E:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; E:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944] R3 mouhid;Pilote HID de souris; E:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; E:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-12-05 7435392] R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); E:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096] R3 usbccgp;Pilote parent générique USB Microsoft; E:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; E:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; E:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 Wdf01000;Wdf01000; E:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 BCM42RLY;BCM42RLY; \??\E:\WINDOWS\System32\BCM42RLY.SYS [] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-07-11 57856] S3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-07-11 20480] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); E:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; E:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872] S3 usb_rndisx;Carte ISDN USB; E:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 USBSTOR;Pilote de stockage de masse USB; E:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; E:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 MDM;Machine Debug Manager; E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\System32\nvsvc32.exe [2007-12-05 155716] R3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-28 654848] S2 WMP54Gv4SVC;WMP54Gv4SVC; E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2005-07-04 53307] S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; E:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792] S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 LBTServ;Logitech Bluetooth Service; E:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; E:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; E:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.04 2008-10-26 01:36:33 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf 7-Zip 4.57-->"E:\Program Files\7-Zip\Uninstall.exe" Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285} Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Contribute CS3-->MsiExec.exe /I{F84ADE4E-9220-4324-994D-801EDD9DD251} Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B} Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931} Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Fireworks CS3-->MsiExec.exe /I{21C4D775-368A-46C4-8DC3-4207165B7115} Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F} Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Player Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E} Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3} Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E} Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe InDesign CS3-->MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A} Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A} Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA} Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0} Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8} Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963} Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC} Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1} AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->E:\Program Files\Fichiers communs\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Athlon 64 Processor Driver-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c Avira AntiVir Personal - Free Antivirus-->E:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Calculateur de Spellcraft Version 1.6-->"E:\Program Files\Calculateur de Spellcraft\unins000.exe" CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} Correctif pour Lecteur Windows Media 11 (KB939683)-->"E:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"E:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"E:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DeepBurner v1.9.0.228-->"E:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "E:\Program Files\Astonsoft\DeepBurner\install.log" -u Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9} EditPlus 3-->E:\Program Files\EditPlus 3\remove.exe eMule-->"E:\Program Files\eMule\Uninstall.exe" Flash Saving Plugin-->"E:\Program Files\UnH Solutions\Flash Saving Plugin\unins000.exe" High Definition Audio Driver Package - KB888111-->"E:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"E:\Documents and Settings\Sebastien\Bureau\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} K-Lite Codec Pack 3.8.5 Full-->"E:\Program Files\K-Lite Codec Pack\unins000.exe" Lecteur Windows Media 11-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Linksys Wireless-G PCI Adapter-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x40c Logitech SetPoint-->E:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Compression Client Pack 1.0 for Windows XP-->"E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"E:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"E:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"E:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"E:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"E:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"E:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"E:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"E:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"E:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"E:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"E:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->E:\WINDOWS\system32\MacroMed\Flash\genuinst.exe E:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"E:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"E:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"E:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"E:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"E:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"E:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"E:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"E:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"E:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"E:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"E:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"E:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"E:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"E:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"E:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"E:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"E:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"E:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"E:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"E:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"E:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mozilla Firefox (3.0.3)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.17)-->E:\Program Files\Mozilla Thunderbird\uninstall\helper.exe NVIDIA Drivers-->E:\WINDOWS\System32\nvuide.exe UninstallGUI OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14} Optimisation Windows-->E:\WINDOWS\st6unst.exe -n "E:\Program Files\Optimisation Windows\ST6UNST.LOG" PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Realtek High Definition Audio Driver-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly SAMSUNG CDMA Modem Driver Set-->E:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe Spybot - Search & Destroy-->"E:\Program Files\Spybot - Search & Destroy\unins000.exe" TeamSpeak 2 RC2-->"E:\Program Files\Teamspeak2_RC2\unins000.exe" Warhammer Online - Age of Reckoning-->"G:\Warhammer Online - Age of Reckoning\unins000.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"E:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Security center information====== AV: Avira AntiVir PersonalEdition (outdated) ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- je fais le scan anti malware actuellement, bonne fin de nuit et à demain pour le rapport

Bonjour, après avoir fait la procédure de désinfection, je poste donc ici mon log HJT afin de voir s'il y aurait quelque chose de "louche". Merci d'avance pour votre aide. DeathLife Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:34:14, on 25/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Safe mode Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Documents and Settings\Sebastien\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] E:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Save Flash - res://E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205153403031 O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - E:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - E:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 8183 bytes

idem en mode sans echec :/

oups, il s'agit du format d'archive email de Outlook archives.pst pour les archives emails trucmuch.pst pour les emails courant

hello Charles, voici le rapport comme demandé StartupList report, 08/02/2007, 13:05:01 StartupList version: 1.52.2 Started from : C:\Program Files\hijackthis\HijackThis.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\EDITPL~1\EDITPLUS.EXE C:\Program Files\Winamp\winamp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup Synchronization Manager = mobsync.exe /logon !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" ctfmon.exe = ctfmon.exe Spamihilator = "C:\Program Files\Spamihilator\spamihilator.exe" msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINNT\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINNT\System32\setup\wmpocm.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{6A5110B5-E14B-4268-A065-EF89FF33C325}] * StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserRemove [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINNT\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINNT\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINNT\Explorer\Explorer.exe: not present C:\WINNT\System\Explorer.exe: not present C:\WINNT\System32\Explorer.exe: not present C:\WINNT\Command\Explorer.exe: not present C:\WINNT\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINNT - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: Maintenance en 1 clic.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINNT\Java\classes\dajava.cab OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd [shockwave ActiveX Control] InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [{31564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab [{32564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB [Java Plug-in 1.5.0_09] InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7862.1760069444 [sassCln Object] CODEBASE = http://www.microsoft.com/security/controls/SassCln.CAB [Java Plug-in 1.4.2_04] InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab [Java Plug-in 1.5.0_09] InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_09] InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8b.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINNT\System32\rnr20.dll NameSpace #2: C:\WINNT\System32\winrnr.dll Protocol #1: C:\WINNT\system32\msafd.dll Protocol #2: C:\WINNT\system32\msafd.dll Protocol #3: C:\WINNT\system32\msafd.dll Protocol #4: C:\WINNT\system32\rsvpsp.dll Protocol #5: C:\WINNT\system32\rsvpsp.dll Protocol #6: C:\WINNT\system32\msafd.dll Protocol #7: C:\WINNT\system32\msafd.dll Protocol #8: C:\WINNT\system32\msafd.dll Protocol #9: C:\WINNT\system32\msafd.dll Protocol #10: C:\WINNT\system32\msafd.dll Protocol #11: C:\WINNT\system32\msafd.dll Protocol #12: C:\WINNT\system32\msafd.dll Protocol #13: C:\WINNT\system32\msafd.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) aeaudio: system32\drivers\aeaudio.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Avertissement: %SystemRoot%\System32\services.exe (manual start) Gestion d'applications: %SystemRoot%\system32\services.exe (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) Kaspersky Anti-Virus 6.0: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k BITSgroup (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\services.exe (autostart) Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: C:\WINNT\system32\cisvc.exe (disabled) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) Port jeux pour Creative SB Live!: System32\DRIVERS\ctljystk.sys (manual start) Client DHCP: %SystemRoot%\System32\services.exe (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gestionnaire de disque logique: %SystemRoot%\System32\services.exe (autostart) Synthé logiciel Microsoft DirectMusic (WDM): system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\services.exe (autostart) driverhardwarev2: \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys (manual start) Pilote de carte 3Com EtherLink XL B/C: System32\DRIVERS\el90xbc5.sys (manual start) Creative SB Live! Basic (WDM): system32\drivers\emu10k1.sys (manual start) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINNT\System32\svchost.exe -k netsvcs (manual start) Service de télécopie: %systemroot%\system32\faxsvc.exe (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) HID Input Service: %SystemRoot%\system32\hidserv.exe (autostart) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (autostart) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) IntelIde: System32\DRIVERS\intelide.sys (system) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (manual start) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system) Kl1: system32\drivers\kl1.sys (system) Klif: \??\C:\WINNT\system32\drivers\klif.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\services.exe (autostart) Station de travail: %SystemRoot%\System32\services.exe (autostart) Service d'application d'assistance TCP/IP NetBIOS: %SystemRoot%\System32\services.exe (autostart) Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" (autostart) Affichage des messages: %SystemRoot%\System32\services.exe (autostart) Partage de Bureau à distance NetMeeting: C:\WINNT\System32\mnmsrvc.exe (manual start) MonitorMagic (1279,48155): "C:\Program Files\MonitorMagicService\NM.EXE" (autostart) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start) Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès à distance: System32\DRIVERS\ndistapi.sys (manual start) NDIS Protocole mode utilisateur E/S: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès à distance: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Nokia USB Generic: system32\drivers\nmwcdc.sys (manual start) Nokia USB Modem: system32\drivers\nmwcdcm.sys (manual start) Nokia USB Phone Parent: system32\drivers\nmwcd.sys (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Médias amovibles: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) nv: System32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Office Source Engine: C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (manual start) Pilote de classe parallèle: System32\DRIVERS\parallel.sys (manual start) Pilote de port parallèle: System32\DRIVERS\parport.sys (system) Pilote de bus PCI: System32\DRIVERS\pci.sys (system) PfModNT: \??\C:\WINNT\System32\PfModNT.sys (autostart) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Agent de stratégie IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Emplacement protégé: %SystemRoot%\system32\services.exe (autostart) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: system32\DRIVERS\PxHelp20.sys (system) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Service d'accès à distance au Registre: %SystemRoot%\system32\regsvc.exe (autostart) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start) s3m: System32\DRIVERS\s3m.sys (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\system32\MSTask.exe (autostart) Service d'exécution par délégation: %SystemRoot%\system32\services.exe (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) ServiceLayer: "C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe" (manual start) Lecteur de disquettes haute densité: System32\DRIVERS\sfloppy.sys (manual start) Partage de connexion Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start) smwdm: system32\drivers\smwdm.sys (manual start) Sony Memory Stick Driver(SONYPVM1): system32\DRIVERS\SONYPVM1.SYS (system) Sony Digital Imaging Video2: system32\DRIVERS\sonypvs1.sys (manual start) Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Srv: System32\DRIVERS\srv.sys (manual start) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) Périphérique audio système Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start) Client de suivi de lien distribué: %SystemRoot%\system32\services.exe (autostart) truecrypt: \??\C:\WINNT\system32\Drivers\truecrypt.sys (system) TSP: \??\C:\WINNT\system32\drivers\klif.sys (manual start) Pilote de contrôleur hôte universel USB Microsoft: System32\DRIVERS\uhcd.sys (manual start) Pilote de mise à jour du microcode: System32\DRIVERS\update.sys (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start) Pilote de concentrateur standard USB Microsoft: System32\DRIVERS\usbhub.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Gestionnaire d'utilitaires: %SystemRoot%\System32\UtilMan.exe (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Horloge Windows: %SystemRoot%\System32\services.exe (manual start) Pilote ARP IP d'accès à distance: System32\DRIVERS\wanarp.sys (manual start) Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) Infrastructure de gestion Windows: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart) WMDM PMSP Service: C:\WINNT\system32\mspmspsv.exe (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Extensions du pilote WMI: %SystemRoot%\system32\Services.exe (manual start) World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k wugroup (autostart) Configuration sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 31 905 bytes Report generated in 1,662 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Pour ce qui est du coup du Alt+tab et changement de focus, à priori je n'ai plus le souci actuellement. Par contre et pour infos, Kaspersky plante systèmatiquement lorsque je fais un scan de mes .pst alors que tout le reste du scan se fait sans souci. Merci encore !

Bonjour bonjour, voici le rapport du scan de Panda. A bientôt et merci d'avance, Incident Status Location Adware:adware/localnrd Not disinfected c:\winnt\inf\localNrd.inf Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.xiti.com/] Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.bluestreak.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.weborama.fr/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.advertising.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[adserver.filefront.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.serving-sys.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[adserver.filefront.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.atdmt.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.2o7.net/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.doubleclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.mediaplex.com/] Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.drivecleaner.com/] Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\cookies.txt[.errorsafe.com/] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Process.exe Virus:W32/Netsky.P.worm Disinfected Dossiers d'archivage\Éléments envoyés\quelques mails \Mail Delivery (failure [email protected])\message.zlq Virus:W32/Netsky.P.worm Disinfected Dossiers d'archivage\Éléments envoyés\quelques mails \Mail Delivery (failure [email protected])\message.zlq Virus:W32/Netsky.P.worm Disinfected Dossiers d'archivage\Éléments envoyés\quelques mails \Mail Delivery (failure [email protected])\message.zlq Virus:W32/Netsky.P.worm Disinfected Dossiers d'archivage\Éléments envoyés\quelques mails \Mail Delivery (failure [email protected])\message.zlq Virus:W32/Bagle.A.worm Disinfected Dossiers d'archivage\Boîte de réception\@clients\Groupe xxx\@@@\Hi\mal.exe Virus:W32/Netsky.P.worm Disinfected Dossiers d'archivage\Éléments envoyés\quelques mails \Mail Delivery (failure [email protected])\message.zlq Virus:W32/Netsky.P.worm Disinfected Dossiers d'archivage\Éléments envoyés\quelques mails \Mail Delivery (failure [email protected])\message.zlq Virus:W32/Netsky.P.worm Disinfected Dossiers d'archivage\Éléments envoyés\quelques mails \Mail Delivery (failure [email protected])\message.zlq Virus:W32/Netsky.P.worm Disinfected Dossiers d'archivage\Éléments envoyés\quelques mails \Mail Delivery (failure [email protected])\message.zlq Virus:W32/Bagle.A.worm Disinfected Dossiers d'archivage\Boîte de réception\@clients\Groupe xxx\@@@\Hi\mal.exe

Bonjour Charles ! voici le rapport DiagHelp : C:\WINNT\System32\nvapps.xml -->06/02/2007 15:11:40 C:\WINNT\System32\Perflib_Perfdata_644.dat -->05/02/2007 17:26:30 C:\WINNT\System32\tmp.txt -->02/02/2007 16:06:47 C:\WINNT\System32\tmp.reg -->02/02/2007 16:06:47 C:\WINNT\System32\Perflib_Perfdata_580.dat -->02/02/2007 09:42:13 C:\WINNT\System32\FNTCACHE.DAT -->01/02/2007 08:44:14 C:\WINNT\System32\F73859.bin -->30/01/2007 16:39:56 C:\WINNT\System32\e9243f.bin -->30/01/2007 16:33:56 C:\WINNT\System32\klogon.dll -->29/01/2007 23:04:00 C:\WINNT\System32\MRT.exe -->03/01/2007 00:19:44 C:\WINNT\System32\qtplugin.log -->14/12/2006 15:39:55 C:\WINNT\System32\wmpscheme.xml -->14/12/2006 12:30:34 C:\WINNT\System32\wmvcore.dll -->08/12/2006 02:02:23 C:\WINNT\System32\BASSMOD.dll -->06/12/2006 13:59:09 C:\WINNT\System32\jupdate-1.5.0_09-b03.log -->20/11/2006 10:12:39 C:\WINNT\System32\INETCOMM.DLL -->06/11/2006 12:47:54 C:\WINNT\System32\msxml4.dll -->04/11/2006 14:14:00 C:\WINNT\System32\DANIM.DLL -->24/10/2006 10:23:32 C:\WINNT\System32\WININET.DLL -->23/10/2006 10:10:34 C:\WINNT\System32\URLMON.DLL -->23/10/2006 10:10:34 C:\WINNT\System32\SHLWAPI.DLL -->23/10/2006 10:10:34 C:\WINNT\System32\SHDOCVW.DLL -->23/10/2006 10:10:32 C:\WINNT\System32\MSTIME.DLL -->23/10/2006 10:10:32 C:\WINNT\System32\MSRATING.DLL -->23/10/2006 10:10:32 C:\WINNT\System32\MSHTML.DLL -->23/10/2006 10:10:32 C:\WINNT\winamp.ini -->06/02/2007 17:50:33 C:\WINNT\WindowsUpdate.log -->06/02/2007 15:10:48 C:\WINNT\SchedLgU.Txt -->06/02/2007 15:08:55 C:\WINNT\ShellIconCache -->06/02/2007 14:28:08 C:\WINNT\ODBC.INI -->31/01/2007 14:32:56 C:\WINNT\win.ini -->31/01/2007 14:32:35 C:\WINNT\mozver.dat -->31/01/2007 14:14:52 C:\WINNT\AMUninst01c.exe -->27/11/2006 15:28:57 C:\WINNT\SthVCD.INI -->05/09/2006 09:23:29 C:\WINNT\setup.rpt -->21/08/2006 08:56:19 C:\WINNT\setup.inf -->21/08/2006 08:56:19 C:\WINNT\TrueCrypt Setup.exe -->03/07/2006 14:42:10 C:\WINNT\REGGOTO.INI -->20/04/2006 11:15:16 C:\WINNT\cdplayer.ini -->12/04/2006 12:03:55 C:\WINNT\ezmacros.INI -->07/03/2006 11:29:07 C:\WINNT\amuninst.exe |07/03/2006 11:28:58 C:\WINNT\AMUninst01c.exe |27/11/2006 15:28:08 C:\WINNT\CielInfos.exe |26/04/2004 13:25:48 C:\WINNT\CTREGRUN.EXE |22/04/2003 11:13:31 C:\WINNT\eraser.exe |23/04/2003 08:37:13 C:\WINNT\IsUn040c.exe |22/04/2003 11:12:12 C:\WINNT\IsUninst.exe |22/04/2003 11:13:30 C:\WINNT\PATCH.EXE |09/03/2004 10:46:38 C:\WINNT\runtsckl.exe |27/11/2003 16:40:04 C:\WINNT\TrueCrypt Setup.exe |07/12/2006 16:47:53 C:\WINNT\tsc.exe |09/03/2004 10:47:33 C:\WINNT\twunk_16.exe |02/08/2002 01:00:00 C:\WINNT\twunk_32.exe |02/08/2002 01:00:00 C:\WINNT\unin040c.exe |26/04/2004 13:21:54 C:\WINNT\uninst.exe |19/12/2003 10:09:41 C:\WINNT\UninstallFirefox.exe |26/02/2004 10:13:53 C:\WINNT\Unnero.exe |07/01/2004 17:09:10 C:\WINNT\unvise32qt.exe |08/01/2004 14:31:56 C:\WINNT\Updreg.exe |22/04/2003 11:13:11 C:\WINNT\AuHCcup1.dll |23/07/1999 09:53:20 C:\WINNT\BPMNT.dll |09/03/2004 10:47:32 C:\WINNT\ctccw.dll |22/04/2003 11:12:51 C:\WINNT\Ctres.dll |22/04/2003 11:12:51 C:\WINNT\Ctres32.dll |22/04/2003 11:12:51 C:\WINNT\HCExtOutput.dll |09/03/2004 10:47:33 C:\WINNT\loadhttp.dll |15/10/2002 14:29:40 C:\WINNT\patchw32.dll |14/12/2001 13:34:46 C:\WINNT\TMUPDATE.DLL |09/03/2004 10:46:39 C:\WINNT\twain.dll |02/08/2002 01:00:00 C:\WINNT\twain_32.dll |02/08/2002 01:00:00 C:\WINNT\UNZIP.DLL |09/03/2004 10:46:38 C:\WINNT\vsapi32.dll |09/03/2004 10:47:32 C:\WINNT\system32\append.exe |02/08/2002 01:00:00 C:\WINNT\system32\cpwsave.exe |09/09/2004 13:57:26 C:\WINNT\system32\debug.exe |02/08/2002 01:00:00 C:\WINNT\system32\dfrgfat.exe |29/08/2003 12:20:49 C:\WINNT\system32\dfrgntfs.exe |29/08/2003 12:20:49 C:\WINNT\system32\dmadmin.exe |29/08/2003 12:20:51 C:\WINNT\system32\dmremote.exe |29/08/2003 12:20:52 C:\WINNT\system32\dosx.exe |02/08/2002 01:00:00 C:\WINNT\system32\dvdplay.exe |15/12/1999 00:30:38 C:\WINNT\system32\edlin.exe |02/08/2002 01:00:00 C:\WINNT\system32\exe2bin.exe |02/08/2002 01:00:00 C:\WINNT\system32\fastopen.exe |02/08/2002 01:00:00 C:\WINNT\system32\gswin32c.exe |04/05/2006 16:18:04 C:\WINNT\system32\java.exe |20/11/2006 10:12:41 C:\WINNT\system32\javaw.exe |20/11/2006 10:12:41 C:\WINNT\system32\javaws.exe |20/11/2006 10:12:41 C:\WINNT\system32\keystone.exe |15/07/2004 10:42:00 C:\WINNT\system32\mem.exe |02/08/2002 01:00:00 C:\WINNT\system32\mscdexnt.exe |02/08/2002 01:00:00 C:\WINNT\system32\msswchx.exe |29/08/2003 12:24:26 C:\WINNT\system32\NeroCheck.exe |07/01/2004 17:08:59 C:\WINNT\system32\nlsfunc.exe |02/08/2002 01:00:00 C:\WINNT\system32\nvappbar.exe |15/07/2004 10:42:00 C:\WINNT\system32\nvdspsch.exe |15/07/2004 10:42:00 C:\WINNT\system32\nvsvc32.exe |15/07/2004 10:42:00 C:\WINNT\system32\nvudisp.exe |24/06/2004 16:36:25 C:\WINNT\system32\nw16.exe |02/08/2002 01:00:00 C:\WINNT\system32\nwiz.exe |15/07/2004 10:42:00 C:\WINNT\system32\PSConvert.exe |04/05/2006 16:18:04 C:\WINNT\system32\pxhpinst.exe |23/12/2003 11:29:11 C:\WINNT\system32\redir.exe |02/08/2002 01:00:00 C:\WINNT\system32\setver.exe |02/08/2002 01:00:00 C:\WINNT\system32\share.exe |02/08/2002 01:00:00 C:\WINNT\system32\uninscpw.exe |09/09/2004 13:57:28 C:\WINNT\system32\vwipxspx.exe |02/08/2002 01:00:00 C:\WINNT\system32\XMNT2002.exe |16/09/2002 17:09:36 C:\WINNT\system32\a3d.dll |19/09/2001 13:32:26 C:\WINNT\system32\amstream.dll |02/03/2004 15:16:41 C:\WINNT\system32\atmfd.dll |29/08/2003 12:20:30 C:\WINNT\system32\atmlib.dll |29/08/2003 12:20:31 C:\WINNT\system32\avisynthEx.dll |04/05/2002 14:19:00 C:\WINNT\system32\aviwrap.dll |22/09/2001 16:50:22 C:\WINNT\system32\BASSMOD.dll |10/01/2006 15:38:42 C:\WINNT\system32\cdintf.dll |23/04/2004 10:11:38 C:\WINNT\system32\cdintf210.dll |28/12/2004 10:08:47 C:\WINNT\system32\CielArchiver.dll |26/04/2004 13:25:48 C:\WINNT\system32\coface.dll |26/04/2004 13:25:43 C:\WINNT\system32\ConnAPI.dll |27/04/2006 09:03:08 C:\WINNT\system32\cpuinf32.dll |17/09/2001 13:20:02 C:\WINNT\system32\cpwmon2k.dll |09/09/2004 13:57:28 C:\WINNT\system32\CRun500.dll |28/04/2005 10:56:10 C:\WINNT\system32\ctwflt32.dll |22/04/2003 11:12:51 C:\WINNT\system32\DAAPI.dll |27/04/2006 09:33:10 C:\WINNT\system32\dfrgres.dll |02/08/2002 01:00:00 C:\WINNT\system32\dfrgsnap.dll |29/08/2003 12:20:49 C:\WINNT\system32\dfrgui.dll |02/08/2002 01:00:00 C:\WINNT\system32\dgrpsetu.dll |22/04/2003 11:29:05 C:\WINNT\system32\dgsetup.dll |22/04/2003 11:29:05 C:\WINNT\system32\DivX.dll |12/03/2004 20:26:53 C:\WINNT\system32\dmconfig.dll |29/08/2003 12:20:51 C:\WINNT\system32\dmintf.dll |29/08/2003 12:20:52 C:\WINNT\system32\dmserver.dll |29/08/2003 12:20:52 C:\WINNT\system32\dmutil.dll |29/08/2003 12:20:52 C:\WINNT\system32\EBPCHP.DLL |07/06/2000 01:01:00 C:\WINNT\system32\ECBTEG.DLL |26/06/2000 02:20:00 C:\WINNT\system32\efsadu.dll |02/08/2002 01:00:00 C:\WINNT\system32\EqnClass.Dll |22/04/2003 11:29:05 C:\WINNT\system32\E_SL2312.DLL |05/03/2001 02:15:00 C:\WINNT\system32\fpprintmon.dll |11/06/2005 10:47:00 C:\WINNT\system32\frapsvid.dll |07/07/2003 17:08:54 C:\WINNT\system32\GSDLL32.dll |04/05/2006 16:18:04 C:\WINNT\system32\HHActiveX.dll |20/03/2002 22:01:58 C:\WINNT\system32\HTICONS.DLL |29/08/2003 12:21:27 C:\WINNT\system32\hypertrm.dll |16/12/2004 09:32:33 C:\WINNT\system32\iccvid.dll |02/08/2002 01:00:00 C:\WINNT\system32\ifsrel.dll |26/04/2004 13:25:42 C:\WINNT\system32\imagr5.dll |07/01/2004 17:08:59 C:\WINNT\system32\imagx5.dll |07/01/2004 17:08:59 C:\WINNT\system32\ImagXpr5.dll |07/01/2004 17:08:59 C:\WINNT\system32\imgcmn.dll |22/04/2003 10:40:37 C:\WINNT\system32\imgshl.dll |22/04/2003 10:40:37 C:\WINNT\system32\Inetwh32.dll |22/04/2003 11:12:51 C:\WINNT\system32\IPX32d56.dll |31/05/2000 09:39:44 C:\WINNT\system32\Ir32_32.dll |02/08/2002 01:00:00 C:\WINNT\system32\Ir41_qc.dll |02/08/2002 01:00:00 C:\WINNT\system32\Ir41_qcx.dll |03/10/2003 14:34:58 C:\WINNT\system32\Ir50_32.dll |02/08/2002 01:00:00 C:\WINNT\system32\Ir50_qc.dll |02/08/2002 01:00:00 C:\WINNT\system32\Ir50_qcx.dll |02/08/2002 01:00:00 C:\WINNT\system32\iyuv_32.dll |05/09/2006 09:22:31 C:\WINNT\system32\jpeg1x32.dll |22/04/2003 10:40:37 C:\WINNT\system32\jpeg2x32.dll |22/04/2003 10:40:37 C:\WINNT\system32\klogon.dll |29/01/2007 23:04:00 C:\WINNT\system32\Lame_enc.dll |20/12/2004 13:32:51 C:\WINNT\system32\MALSLIB.DLL |22/01/2004 14:57:11 C:\WINNT\system32\mciqtz32.dll |02/03/2004 15:16:42 C:\WINNT\system32\MEncoder.dll |20/12/2004 13:32:51 C:\WINNT\system32\mlcorert.dll |21/01/2005 13:34:56 C:\WINNT\system32\mm32DCMP.DLL |27/02/1996 12:03:28 C:\WINNT\system32\mp4fil32.dll |16/05/2002 00:38:40 C:\WINNT\system32\msdmo.dll |02/03/2004 15:16:42 C:\WINNT\system32\msencode.dll |30/08/2002 18:24:06 C:\WINNT\system32\msswch.dll |29/08/2003 12:24:26 C:\WINNT\system32\MultiSZ.dll |07/01/2004 17:09:09 C:\WINNT\system32\NclAPI.dll |27/03/2006 13:13:04 C:\WINNT\system32\NclTools.dll |27/04/2006 09:02:52 C:\WINNT\system32\nmwcdcls.dll |26/07/2006 11:24:23 C:\WINNT\system32\nmwcdcocls.dll |26/07/2006 11:24:23 C:\WINNT\system32\nmwcdlog.dll |26/07/2006 11:24:23 C:\WINNT\system32\nv4_disp.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvcod.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvcodins.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvcpl.dll |15/07/2004 10:42:00 C:\WINNT\system32\nview.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvmctray.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvnt4cpl.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvoglnt.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvrsar.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrscs.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsda.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsde.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsel.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrseng.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrses.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsesm.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvrsfi.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsfr.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrshe.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrshu.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsit.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsja.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsko.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsnl.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsno.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrspl.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrspt.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsptb.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrsru.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrssk.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrssl.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrssv.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrstr.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrszhc.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvrszht.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvshell.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvwddi.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvwdmcpl.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvwimg.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvwrsar.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrscs.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsda.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsde.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsel.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrseng.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrses.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsesm.dll |15/07/2004 10:42:00 C:\WINNT\system32\nvwrsfi.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsfr.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrshe.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrshu.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsit.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsja.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsko.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsnl.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsno.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrspl.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrspt.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsptb.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrsru.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrssk.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrssl.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrssv.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrstr.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrszhc.dll |03/05/2002 09:06:00 C:\WINNT\system32\nvwrszht.dll |03/05/2002 09:06:00 C:\WINNT\system32\oieng400.dll |29/08/2003 12:25:13 C:\WINNT\system32\oiprt400.dll |22/04/2003 10:40:37 C:\WINNT\system32\oislb400.dll |22/04/2003 10:40:37 C:\WINNT\system32\oissq400.dll |22/04/2003 10:40:37 C:\WINNT\system32\oitwa400.dll |22/04/2003 10:40:37 C:\WINNT\system32\oiui400.dll |22/04/2003 10:40:32 C:\WINNT\system32\PCDLIB32.DLL |09/12/1998 02:53:58 C:\WINNT\system32\pdbrowse.dll |14/12/2006 12:30:24 C:\WINNT\system32\picn20.dll |07/01/2004 17:08:59 C:\WINNT\system32\pncrt.dll |12/03/2004 10:31:59 C:\WINNT\system32\pndx5016.dll |12/03/2004 10:32:00 C:\WINNT\system32\pndx5032.dll |12/03/2004 10:32:00 C:\WINNT\system32\portal.dll |26/04/2004 13:25:43 C:\WINNT\system32\prnmnt.dll |28/10/2001 16:42:30 C:\WINNT\system32\psisdecd.dll |05/04/2005 09:53:41 C:\WINNT\system32\px.dll |23/12/2003 11:29:10 C:\WINNT\system32\pxdrv.dll |23/12/2003 11:29:11 C:\WINNT\system32\pxmas.dll |23/12/2003 11:29:10 C:\WINNT\system32\pxwave.dll |23/12/2003 11:29:11 C:\WINNT\system32\qcut.dll |02/08/2002 01:00:00 C:\WINNT\system32\qedwipes.dll |02/03/2004 15:16:41 C:\WINNT\system32\redmonnt.dll |28/10/2001 17:42:30 C:\WINNT\system32\rmoc3260.dll |12/03/2004 10:32:09 C:\WINNT\system32\s3mtrio.dll |22/04/2003 11:30:36 C:\WINNT\system32\s3mvirge.dll |22/04/2003 11:30:36 C:\WINNT\system32\sfcvrt32.dll |22/04/2003 11:12:52 C:\WINNT\system32\SimpleResize.dll |29/07/2002 17:15:04 C:\WINNT\system32\SONYHCY.DLL |05/09/2006 09:15:00 C:\WINNT\system32\spxcoins.dll |22/04/2003 11:29:05 C:\WINNT\system32\tabins16.dll |01/12/2004 10:44:02 C:\WINNT\system32\tabinst.dll |01/12/2004 10:44:02 C:\WINNT\system32\tifflt.dll |22/04/2003 10:40:37 C:\WINNT\system32\tsbyuv.dll |15/12/1999 00:30:06 C:\WINNT\system32\tsd32.dll |02/08/2002 01:00:00 C:\WINNT\system32\TwnLib20.dll |07/01/2004 17:08:59 C:\WINNT\system32\vobsub.dll |11/08/2002 12:48:26 C:\WINNT\system32\vxblock.dll |23/12/2003 11:29:11 C:\WINNT\system32\win87em.dll |02/08/2002 01:00:00 C:\WINNT\system32\wmpcd.dll |14/12/2006 12:30:24 C:\WINNT\system32\wmpcore.dll |17/09/2003 17:13:54 C:\WINNT\system32\wmpui.dll |14/12/2006 12:30:24 C:\WINNT\system32\WNASPI32.DLL |22/04/2003 11:53:32 C:\WINNT\system32\xiffr3_0.dll |22/04/2003 10:40:37 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F8DC-3D71 Répertoire de C:\WINNT\system 14/08/2002 14:03 4 672 WOWPOST.EXE 1 fichier(s) 4 672 octets 0 Rép(s) 1 010 642 944 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F8DC-3D71 Répertoire de C:\WINNT\system32 19/06/2003 20:05 5 392 CSRSS.EXE 1 fichier(s) 5 392 octets 0 Rép(s) 1 010 642 944 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F8DC-3D71 Répertoire de C:\WINNT\Downloaded Program Files 06/02/2007 13:59 <DIR> . 06/02/2007 13:59 <DIR> .. 18/12/2003 15:00 65 desktop.ini 1 fichier(s) 65 octets Total des fichiers listés : 1 fichier(s) 65 octets 2 Rép(s) 1 010 642 944 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F8DC-3D71 Répertoire de C:\Program Files 06/02/2007 14:32 <DIR> . 06/02/2007 14:32 <DIR> .. 22/04/2003 10:40 <DIR> Accessoires 09/09/2004 13:57 <DIR> Acro Software 18/08/2005 08:35 <DIR> Adobe 07/01/2004 17:08 <DIR> Ahead 28/11/2005 11:20 <DIR> AltoMP3 07/03/2006 11:28 <DIR> American Systems 22/01/2004 14:58 <DIR> AvantGo Connect 18/01/2007 15:03 <DIR> BeClean 18/05/2004 13:12 <DIR> Belus 18/03/2005 12:24 <DIR> BenchemAll 29/03/2006 15:13 <DIR> BoontyGames 09/01/2007 15:48 <DIR> Bradbury 12/01/2006 11:55 <DIR> Ciel 26/04/2004 13:29 <DIR> Ciel e-Commerce 26/04/2004 14:05 <DIR> Common Files 22/04/2003 10:41 <DIR> ComPlus Applications 19/02/2004 14:46 <DIR> Creative 18/10/2005 11:17 <DIR> DAOC Spellcraft Calculator 26/07/2006 11:25 <DIR> DIFX 09/06/2004 10:30 <DIR> DivX 02/02/2006 10:29 <DIR> EasyPHP1-7 02/02/2006 10:29 <DIR> EasyPHP1-8 07/03/2006 11:34 <DIR> EBP 05/02/2007 14:22 <DIR> EditPlus 2 21/12/2004 16:32 <DIR> Eltima Software 21/08/2006 14:56 <DIR> Emjysoft 18/01/2007 14:51 <DIR> eMule 07/03/2006 11:30 <DIR> eoRezo 03/02/2004 15:35 <DIR> EPSON 04/07/2005 14:39 <DIR> Executive Software 06/02/2007 14:31 <DIR> Fichiers communs 07/11/2005 10:58 <DIR> FileZilla 24/05/2005 14:34 <DIR> Flash Decompiler 30/01/2007 16:33 <DIR> FlashKeeper 09/09/2004 13:59 <DIR> GNUGS 22/12/2006 16:19 <DIR> GnuPGExch 05/02/2007 16:26 <DIR> Grisoft 30/01/2007 10:24 <DIR> HardwareDetection 02/02/2007 10:26 <DIR> hijackthis 14/05/2004 09:13 <DIR> InstantGet 15/07/2005 09:05 <DIR> Internet Explorer 31/01/2007 13:56 <DIR> Java 05/02/2007 16:31 <DIR> Kaspersky Lab 07/03/2006 11:30 <DIR> Kyodai Mahjongg 2006 16/12/2004 17:03 <DIR> Lavasoft 22/04/2003 10:40 <DIR> Lecteur Windows Media 18/12/2003 16:44 <DIR> LeechFTP 31/01/2007 13:57 <DIR> Macromedia 18/12/2003 16:45 <DIR> Messenger 04/05/2006 16:13 <DIR> Microsoft ActiveSync 22/04/2003 10:43 <DIR> microsoft frontpage 26/08/2005 15:35 <DIR> Microsoft Money 2005 31/01/2007 14:31 <DIR> Microsoft Office 18/12/2003 15:16 <DIR> Microsoft Visual Studio 16/06/2004 10:23 <DIR> Microsoft.NET 04/11/2004 16:39 <DIR> MonitorMagicService 07/02/2007 11:15 <DIR> Mozilla Firefox 01/02/2007 15:50 <DIR> Mozilla Thunderbird 19/10/2005 14:54 <DIR> MSN Messenger 27/04/2004 08:50 <DIR> MSXML 4.0 07/03/2006 11:32 <DIR> Musicmatch 23/08/2005 09:51 <DIR> NetMeeting 26/07/2006 11:24 <DIR> Nokia 23/11/2006 10:38 <DIR> Nout 09/01/2006 10:29 <DIR> OpenOffice.org 1.9.125 03/07/2006 14:41 <DIR> OpenOffice.org 2.0 19/04/2006 09:36 <DIR> Outlook Express 07/11/2005 17:13 <DIR> Paraben's Flow Charter 02/05/2006 09:25 <DIR> PDF-Convert 29/12/2006 10:29 <DIR> Picasa2 22/04/2003 11:51 <DIR> PowerQuest 23/01/2006 14:53 <DIR> PowerStrip 04/05/2006 16:18 <DIR> psconvert 29/08/2003 13:16 <DIR> Qualcomm 01/04/2004 14:57 <DIR> Quark 08/01/2004 14:31 <DIR> QuickTime 12/03/2004 10:31 <DIR> Real 07/03/2006 11:03 <DIR> REALVIZ 25/03/2005 09:52 <DIR> RegCleaner 08/01/2005 10:40 <DIR> SourceTec 07/02/2007 12:00 <DIR> Spamihilator 08/11/2004 10:48 <DIR> Spellcrafting-3.0 18/01/2007 15:06 <DIR> Spybot - Search & Destroy 08/11/2005 10:39 <DIR> SugarCRM 23/01/2007 14:54 <DIR> Sunbelt Software 18/05/2006 11:43 <DIR> Synthetic Realms 20/09/2006 15:17 <DIR> Teamspeak2_RC2 23/05/2006 10:30 <DIR> Teleport Pro 24/05/2005 14:19 <DIR> ToniArts 04/11/2004 16:36 <DIR> Tools4ever 07/12/2006 16:47 <DIR> TrueCrypt 06/02/2007 14:34 <DIR> TuneUp Utilities 2007 16/05/2006 14:17 <DIR> VideoLAN 24/05/2005 13:53 <DIR> Virtools Web Player 2.1 07/03/2006 16:23 <DIR> WaterProof 20/04/2006 11:13 <DIR> WebCopier 06/07/2005 10:53 <DIR> Winamp 18/12/2003 17:09 <DIR> Windows Journal Viewer 14/12/2006 12:30 <DIR> Windows Media Player 29/08/2003 12:29 <DIR> Windows NT 06/02/2007 14:42 <DIR> WinRAR 18/01/2007 17:29 <DIR> WinSCP3 24/07/2006 10:46 <DIR> Yahoo! 05/12/2006 10:54 <DIR> Zeb-Utility 24/03/2004 10:47 <DIR> Zone Labs 0 fichier(s) 0 octets 107 Rép(s) 1 010 388 992 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F8DC-3D71 Répertoire de C:\Program Files\fichiers communs 06/02/2007 14:31 <DIR> . 06/02/2007 14:31 <DIR> .. 17/12/2004 13:00 <DIR> ACD Systems 24/07/2006 10:44 <DIR> Adobe 18/12/2003 15:16 <DIR> Designer 24/05/2005 14:18 <DIR> InstallShield 25/03/2004 11:27 <DIR> Java 06/12/2006 13:25 <DIR> Macromedia 04/01/2007 15:37 <DIR> Macromedia Shared 31/01/2007 14:28 <DIR> Microsoft Shared 22/04/2003 11:29 <DIR> ODBC 05/02/2007 15:47 <DIR> PCSuite 12/03/2004 10:32 <DIR> Real 18/12/2003 15:00 <DIR> Services 08/01/2005 10:40 <DIR> SourceTec 11/12/2006 13:47 <DIR> Symantec Shared 15/12/2006 09:40 <DIR> System 14/12/2004 09:34 <DIR> Vbox 06/02/2007 14:31 <DIR> Wise Installation Wizard 12/03/2004 10:32 <DIR> xing shared 0 fichier(s) 0 octets 20 Rép(s) 1 010 446 336 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F8DC-3D71 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 16/06/2004 10:24 <DIR> . 16/06/2004 10:24 <DIR> .. 16/06/2004 10:24 <DIR> 1033 16/06/2004 10:24 <DIR> 1036 11/07/2003 09:15 1 292 872 MSONSEXT.DLL 13/02/2001 08:23 58 784 MSOSV.DLL 03/06/1999 19:09 122 937 MSOWS409.DLL 07/03/2001 14:00 127 033 MSOWS40c.DLL 06/08/2000 09:04 401 462 MSVCP60.DLL 22/01/2001 03:25 69 632 PKMAXCTL.DLL 22/01/2001 03:25 872 448 PKMCDO.DLL 22/01/2001 03:25 159 744 PKMCORE.DLL 07/02/2001 09:59 106 496 PKMFORMS.DLL 12/02/2001 04:03 684 032 PKMRES.DLL 22/01/2001 03:25 28 672 PKMSSTLB.DLL 22/01/2001 03:25 40 960 PKMTEMPL.DLL 22/01/2001 03:25 24 576 PKMTRACE.DLL 11/07/2003 01:25 80 448 PKMWS.DLL 22/01/2001 03:25 237 568 PROMDEMO.DLL 22/01/2001 03:25 184 320 SECMGR.DLL 22/01/2001 03:25 323 584 VAIDDMGR.DLL 22/01/2001 03:25 32 768 VAIMEM.DLL 18 fichier(s) 4 848 336 octets 4 Rép(s) 1 010 446 336 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F8DC-3D71 Répertoire de C:\Program Files\common files 26/04/2004 14:05 <DIR> . 26/04/2004 14:05 <DIR> .. 15/07/2005 09:05 <DIR> System 0 fichier(s) 0 octets 3 Rép(s) 1 010 380 800 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F8DC-3D71 Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 1 010 442 240 octets libres c:\Documents and Settings\Administrateur\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Bureau\blbeta.exe c:\Documents and Settings\Administrateur\Bureau\kav6.0.2.614fr.exe c:\Documents and Settings\Administrateur\Bureau\@classer\nettoyage PC\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Administrateur\Bureau\@classer\nettoyage PC\HijackThis.exe c:\Documents and Settings\Administrateur\Bureau\Contig\Contig.exe c:\Documents and Settings\Administrateur\Bureau\Contig\Power Defragmenter GUI.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\nokia_update\NokiaSoftwareUpdaterSetup_en.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Administrateur\Mes documents\cdex_151.exe c:\Documents and Settings\Administrateur\Mes documents\flash_decompiler.exe c:\Documents and Settings\Administrateur\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\default.jv9\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll c:\Documents and Settings\Administrateur\Local Settings\Application Data\Macromedia\Flash 8\fr\Configuration\External Libraries\FLfile.dll c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Bases\avcmhk4.dll et le rapport Blacklight : 02/07/07 12:03:34 [info]: BlackLight Engine 1.0.55 initialized 02/07/07 12:03:34 [info]: OS: 5.0 build 2195 (Service Pack 4) 02/07/07 12:03:35 [Note]: 7019 4 02/07/07 12:03:35 [Note]: 7005 0 02/07/07 12:03:53 [Note]: 7006 0 02/07/07 12:03:53 [Note]: 7011 980 02/07/07 12:03:55 [Note]: 7026 0 02/07/07 12:03:55 [Note]: 7026 0 02/07/07 12:04:16 [Note]: FSRAW library version 1.7.1021 02/07/07 12:04:22 [Note]: 7006 0 02/07/07 12:04:22 [Note]: 7011 980 02/07/07 12:04:23 [Note]: 7026 0 02/07/07 12:04:23 [Note]: 7026 0 02/07/07 12:04:34 [Note]: FSRAW library version 1.7.1021 02/07/07 12:09:12 [Note]: 2000 1012 02/07/07 12:10:22 [Note]: 7007 0 Voili Voilou Merci re, sinon pour ta question sur MonitorMagic, je ne saurais te dire si c'est moi ou non qu'il l'ait installé.

up du jour, bonjour

Rebonjour tous, juste un petit up car je pense que mon post est tombé dans les abysses de l'oubli Merci et à bientôt

suis je un cas désespéré ? ^^ au cas où cela puisse servir un rapport smitfraud. SmitFraudFix v2.137 Rapport fait à 16:06:46,38, ven. 02/02/2007 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonjour à tous, me revoilà pour un souci particulier, pour moi, et j'espère trouver de l'aide pour y remédier Sur un des mes ordinateurs, il y a un truc qui se lance en fond à intervalle régulier, qui me fait perdre le focus de la fenêtre où je me trouve (déjà 2 fois rien que pour écrire ces quelques mots). Lorsque cela arrive, je fais un ALT+TAB et je vois dans la liste des logiciels ouverts un item "téléchargement" avec le signe fenêtre windows vieille version (un peu comme une application DOS). J'ai vidé fichiers temporaires, scan antivirus, anti-spyware en mode sans échecs et toujours le même souci J'ai tenté de mettre un firewall de plus sur la machine mais là j'ai du désintaller car le firewall du réseau est un célibataire dans l'âme... Bref, j'ai fait ce que je connaissais à mon niveau mais là je sèche, donc HELP MEEEEEE !!! Merci d'avance et pour le début voici le rapport HJT ! ------------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 10:26:37, on 02/02/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Spamihilator\spamihilator.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.10.10.3:4421;http=10.10.10.3:4480;https=10.10.10.3:4480;socks=10.10.10.3:1080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{2304CC4B-B5C0-41DD-B1F8-243E03D5DF15}: NameServer = 194.2.0.20,194.2.0.50 O17 - HKLM\System\CS1\Services\Tcpip\..\{2304CC4B-B5C0-41DD-B1F8-243E03D5DF15}: NameServer = 194.2.0.20,194.2.0.50 O17 - HKLM\System\CS2\Services\Tcpip\..\{2304CC4B-B5C0-41DD-B1F8-243E03D5DF15}: NameServer = 194.2.0.20,194.2.0.50 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: MonitorMagic (1279,48155) (MonitorMagic) - Unknown owner - C:\Program Files\MonitorMagicService\NM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe -------------------------------------------

re bonsoir Charles, bon après un reboot il n'y a toujours rien dans la partie du log HJT, de plus le souci de focus semble avoir disparu. Je pense donc que tout est réglé !! un GRAND merci à toi mais aussi à Jack pour votre aide encore une fois très précieuse et toujours aussi efficace . A bientôt (dans d'autres conditions j'espère) DeaThLiFe

hého ^^ j'ai trouvé pourquoi cela ne fonctionnait pas le coup du .bat en relisant ta réponse d'hier en fait c'est "d:\windows" qu'il fallait faire et non pas "c:\windows" à présent plus rien dans la partie du log hjt, par contre j'ai toujours le coup de la perte de focus Voilou edit : je reboot voir ce que ça donne

bonjour bonjour, la ligne en question s'y trouve encore, c'est grave docteur ? ^^