flav

Bonjour à tous, Aprés démarrage de Windows XP, mon micro ne peut démarrer aucune application... Est ce que quelqu'un peu regarder de prés ce rapport généré en mode sans échec - merci bcp Flav Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:24:11, on 19/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE F:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200690047752 O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.photoweb.fr/telechargement/telechargement-photoweb-6.5.6.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 5791 bytes

Ma machine s'est arrêté = écran s'éteint (voyant orange) et ventilo tourne - je suis alors obligé de couper l'alim pour redemarrer - reset impossible

Bonsoir, Rien ne va plus...j'ai de nouveau le problème. Ma machine s'est arrêté aprés avoir lancé une video en streaming. J'ai remarqué par ailleurs que ça me le faisait aprés une visio sur MSN aussi... carte graphique ? Je ne vois pas comment vérifier le matériel défectueux. flav

Bonsoir, J'ai nettoyé à l'air sec tout l'intérieur de la tour...pour l'instant tout semble ok...à surveiller cette semaine. Je te confirme à bientôt

Bonsoir, d'accord merci. Je tenterai un nettoyage à l'air sec le week-end prochain et te tiens au courant dans une semaine (déplacement toute la semaine ...) Voici les rapports - à bientôt disque C : Malwarebytes' Anti-Malware 1.30 Database version: 1454 Windows 5.1.2600 Service Pack 3 06/12/2008 20:04:53 mbam-log-2008-12-06 (20-04-53).txt Scan type: Full Scan (C:\|) Objects scanned: 91178 Time elapsed: 45 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) disque D : Malwarebytes' Anti-Malware 1.30 Database version: 1454 Windows 5.1.2600 Service Pack 3 06/12/2008 20:57:16 mbam-log-2008-12-06 (20-57-16).txt Scan type: Full Scan (D:\|) Objects scanned: 57492 Time elapsed: 47 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Bonjour, Ma semaine était bien remplie, je réponds seulement ce soir à ton dernier post. Je n'arrive pas à faire l'analyse avec Malwarebytes' Anti-Malware. La machine redémarre au bout d'une heure d'analyse...Pas de rapport donc, mais à priori pas d'infection sur C/...Je vais tenter une dernière fois ce soir avec une analyse par disque : C puis D. Si ça marche je t'envoie 1 rapport pour chaque disque J'ai acheté une bombe pour nettoyer les composants... Ma machine est effectivement vielle 7/8 ans et ça fait longtemps que je n'ai pas ouvert la tour... Je te tiens au courant. merci

Bonsoir, ta remarque concernant un pb matériel ne m'étonne qu'à moitié. Au démarrage, on dirait qu'il faut que la bête soit chaude (1mn) pour que mon écran s'allume et que Windows démarre maintenant... Voici les rapports de virustotal : Je poste le rapport MalwareByte's dans le message qui suit... Fichier prntfix.exe reçu le 2008.12.03 21:32:10 (CET) Situation actuelle: terminé Résultat: 0/37 (0.00%) Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.4.0 2008.12.03 - AntiVir 7.9.0.36 2008.12.03 - Authentium 5.1.0.4 2008.12.03 - Avast 4.8.1281.0 2008.12.03 - AVG 8.0.0.199 2008.12.03 - BitDefender 7.2 2008.12.03 - CAT-QuickHeal 10.00 2008.12.03 - ClamAV 0.94.1 2008.12.03 - DrWeb 4.44.0.09170 2008.12.03 - eSafe 7.0.17.0 2008.12.03 - eTrust-Vet 31.6.6241 2008.12.03 - Ewido 4.0 2008.12.03 - F-Prot 4.4.4.56 2008.12.03 - F-Secure 8.0.14332.0 2008.12.03 - Fortinet 3.117.0.0 2008.12.03 - GData 19 2008.12.03 - Ikarus T3.1.1.45.0 2008.12.03 - K7AntiVirus 7.10.541 2008.12.03 - Kaspersky 7.0.0.125 2008.12.03 - McAfee 5453 2008.12.03 - McAfee+Artemis 5453 2008.12.03 - Microsoft 1.4205 2008.12.03 - NOD32 3662 2008.12.03 - Norman 5.80.02 2008.12.03 - Panda 9.0.0.4 2008.12.03 - PCTools 4.4.2.0 2008.12.03 - Prevx1 V2 2008.12.03 - Rising 21.06.22.00 2008.12.03 - SecureWeb-Gateway 6.7.6 2008.12.03 - Sophos 4.36.0 2008.12.03 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.03 - TheHacker 6.3.1.2.172 2008.12.02 - TrendMicro 8.700.0.1004 2008.12.03 - VBA32 3.12.8.10 2008.12.03 - ViRobot 2008.12.3.1498 2008.12.03 - VirusBuster 4.5.11.0 2008.12.03 - Information additionnelle File size: 147456 bytes MD5...: 606854c3ed1767217ca999dbf477c0a6 SHA1..: 2a7174f210cee968c5f0c1f3d8a4f3273bcc000d SHA256: 210be4f877188af8ef5b4787306539458e2f0c13e631ea50fc18e9ebfc0ac916 SHA512: d0139724842f372423ef3327c4fa328d742dde109c0d581ef3a64497ec578271 7ca25a9186b9155c71ac78015239e7d2ab8743482d74606689334b5913acb37d ssdeep: 3072:TpUBx0NVcFj+K2ZX40WS9nC0o7LnQ50vI:tUBxjjj2boQ5 PEiD..: Armadillo v1.71 TrID..: File type identification Win64 Executable Generic (54.6%) Win32 Executable MS Visual C++ (generic) (24.0%) Windows Screen Saver (8.3%) Win32 Executable Generic (5.4%) Win32 Dynamic Link Library (generic) (4.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40559f timedatestamp.....: 0x39996dcf (Tue Aug 15 16:20:31 2000) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1641c 0x17000 6.46 b07a84dbfe2b3319fd50b84ed12cd7ba .rdata 0x18000 0x4c8a 0x5000 4.60 fd1c3c9257347c0c883168855e475063 .data 0x1d000 0x6f00 0x4000 1.65 97bb4d30893d2cafcd58a67f13e36ebd .rsrc 0x24000 0x2f48 0x3000 3.93 5f0973e001c7c52edb633e179842b17f ( 6 imports ) > KERNEL32.dll: GetFileAttributesA, GetFullPathNameA, RtlUnwind, HeapFree, ExitProcess, MoveFileA, SetEndOfFile, GetCommandLineA, RaiseException, GetTimeZoneInformation, GetACP, HeapReAlloc, HeapSize, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, DeleteFileA, TerminateProcess, IsBadWritePtr, GetStartupInfoA, HeapAlloc, SetFilePointer, GetVersion, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetDriveTypeA, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetStdHandle, FindClose, WritePrivateProfileStringA, GetPrivateProfileIntA, LocalFree, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, ReleaseMutex, SetCurrentDirectoryA, FlushFileBuffers, CreateFileA, WriteFile, ReadFile, SetErrorMode, GetCurrentProcess, GetOEMCP, GetCPInfo, GlobalFlags, GetProcessVersion, GetCurrentDirectoryA, TlsSetValue, TlsGetValue, LocalReAlloc, GlobalHandle, GlobalReAlloc, TlsFree, FileTimeToLocalFileTime, TlsAlloc, LocalAlloc, EnterCriticalSection, FileTimeToSystemTime, lstrcpynA, InitializeCriticalSection, LeaveCriticalSection, DeleteCriticalSection, FreeLibrary, CreateMutexA, LoadLibraryA, UnhandledExceptionFilter, lstrcatA, WaitForSingleObject, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, FindNextFileA, lstrcpyA, FindFirstFileA, GetLastError, SetLastError, FreeEnvironmentStringsA, FreeEnvironmentStringsW, HeapCreate, VirtualFree, VirtualAlloc > USER32.dll: CopyRect, AdjustWindowRectEx, SetFocus, GetSysColor, MapWindowPoints, SetWindowTextA, ShowWindow, ClientToScreen, GetDC, ReleaseDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, LoadStringA, LoadCursorA, GetClassNameA, PtInRect, GetSysColorBrush, DestroyMenu, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, DestroyWindow, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, UnhookWindowsHookEx, GetTopWindow, GetMenu, wsprintfA, EnableWindow, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, EndDialog, UnregisterClassA > GDI32.dll: SetTextColor, GetObjectA, DeleteDC, SaveDC, RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteObject, GetDeviceCaps, PtVisible, TextOutA, ExtTextOutA, RectVisible, Escape, CreateBitmap, GetClipBox, SetBkColor > WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA > ADVAPI32.dll: RegOpenKeyExA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, RegDeleteValueA, RegQueryValueA, RegCreateKeyExA, RegDeleteKeyA > COMCTL32.dll: - ( 0 exports ) Fichier unin040c.exe reçu le 2008.12.03 21:37:16 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/37 (0%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 3. L'heure estimée de démarrage est entre 54 et 77 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.4.0 2008.12.03 - AntiVir 7.9.0.36 2008.12.03 - Authentium 5.1.0.4 2008.12.03 - Avast 4.8.1281.0 2008.12.03 - AVG 8.0.0.199 2008.12.03 - BitDefender 7.2 2008.12.03 - CAT-QuickHeal 10.00 2008.12.03 - ClamAV 0.94.1 2008.12.03 - DrWeb 4.44.0.09170 2008.12.03 - eSafe 7.0.17.0 2008.12.03 - eTrust-Vet 31.6.6241 2008.12.03 - Ewido 4.0 2008.12.03 - F-Prot 4.4.4.56 2008.12.03 - F-Secure 8.0.14332.0 2008.12.03 - Fortinet 3.117.0.0 2008.12.03 - GData 19 2008.12.03 - Ikarus T3.1.1.45.0 2008.12.03 - K7AntiVirus 7.10.541 2008.12.03 - Kaspersky 7.0.0.125 2008.12.03 - McAfee 5453 2008.12.03 - McAfee+Artemis 5453 2008.12.03 - Microsoft 1.4205 2008.12.03 - NOD32 3662 2008.12.03 - Norman 5.80.02 2008.12.03 - Panda 9.0.0.4 2008.12.03 - PCTools 4.4.2.0 2008.12.03 - Prevx1 V2 2008.12.03 - Rising 21.06.22.00 2008.12.03 - SecureWeb-Gateway 6.7.6 2008.12.03 - Sophos 4.36.0 2008.12.03 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.03 - TheHacker 6.3.1.2.172 2008.12.02 - TrendMicro 8.700.0.1004 2008.12.03 - VBA32 3.12.8.10 2008.12.03 - ViRobot 2008.12.3.1498 2008.12.03 - VirusBuster 4.5.11.0 2008.12.03 - Information additionnelle File size: 298496 bytes MD5...: 46a6c63222d2c22ce5ed1196816857df SHA1..: 557d7c6bb30dc979ac4dc5040af7c93f39098840 SHA256: 4dfa7304f12873bcc974521d3f78fc2865d06d95ba7a5ab277dc22482198ba9d SHA512: 8b36e13507b261874deb4d1520f32ffb29411d1efc8bf9cf09440e64b9ec06dd 39838db555d347bcfd3c584e8237c8e6f033bc71c652879b338dadf93fd0561c ssdeep: 6144:kXfh31OHAJmXfTt0UzTE3JJLVHyRUd8a:a1HmX7t0yWD5MY8 PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ 4.x (53.7%) InstallShield setup (17.1%) Win32 Executable MS Visual C++ (generic) (15.0%) Windows Screen Saver (5.2%) Win32 Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x41c7c0 timedatestamp.....: 0x3357a614 (Fri Apr 18 16:49:24 1997) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1e686 0x1e800 5.88 2b7f26fbb35463cfaf3da92b43be5a9b .rdata 0x20000 0x35b 0x400 4.61 54e879d786ecdf634c7ab3b471f39d85 .data 0x21000 0x2518 0x1a00 3.95 06c798d7683e0eb4a429b9527331df86 .idata 0x24000 0x1772 0x1800 5.34 43e4fb6c05fe1ed109b5608fb30b8c68 .rsrc 0x26000 0x24df4 0x24e00 6.22 3650c3699af13c92d015db16d1a14830 .reloc 0x4b000 0x1d72 0x1e00 6.28 9407dfcd8c623d1d0d251b099612cfa7 ( 7 imports ) > USER32.dll: LoadStringA, SetRect, SendMessageA, OemToCharA, ReleaseDC, GetDC, EndPaint, BeginPaint, EndDialog, LoadBitmapA, GetSystemMetrics, SetWindowPos, UpdateWindow, ShowWindow, DestroyWindow, wsprintfA, GetSysColor, MessageBeep, MessageBoxA, LoadIconA, LoadCursorA, RegisterClassA, CreateWindowExA, SetTimer, PeekMessageA, IsWindow, IsDialogMessageA, TranslateMessage, DispatchMessageA, KillTimer, SetWindowTextA, SetDlgItemTextA, DialogBoxParamA, CharLowerA, GetClientRect, CreateDialogParamA, CharUpperA, CharToOemA, CharPrevA, PostQuitMessage, DefWindowProcA, GetDlgItem, GetWindowTextA, InvalidateRect, IsWindowVisible, SetFocus, EnableWindow, PostMessageA, CharNextA, InflateRect, ScreenToClient, GetWindowRect, SetRectEmpty, ExitWindowsEx, FindWindowA, RegisterWindowMessageA, DdeGetData, DdeFreeDataHandle, DdeConnect, DdeClientTransaction, DdeGetLastError, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, DdeInitializeA, DdeCreateStringHandleA, GetClassInfoA, GetWindowLongA, GetWindow, GetClassNameA, FillRect > GDI32.dll: SetPixel, DeleteObject, GetTextExtentPointA, GetSystemPaletteEntries, CreatePalette, CreateDIBitmap, CreateBitmap, SetBkColor, CreatePen, MoveToEx, LineTo, CreateCompatibleBitmap, SaveDC, CreateSolidBrush, GetStockObject, Rectangle, RestoreDC, GetDeviceCaps, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, SelectPalette, RealizePalette, GetObjectA > KERNEL32.dll: SetErrorMode, CloseHandle, GetFileSize, SetFileTime, LocalFileTimeToFileTime, GetFileType, SetHandleCount, GetOEMCP, GetACP, GetCPInfo, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, MultiByteToWideChar, FreeEnvironmentStringsA, UnhandledExceptionFilter, RtlUnwind, TerminateProcess, ExitProcess, HeapCreate, GetLocalTime, GetSystemTime, GetTimeZoneInformation, GetCommandLineA, GetStartupInfoA, HeapAlloc, HeapFree, GlobalHandle, GlobalCompact, GlobalReAlloc, GetCurrentDirectoryA, _llseek, _lwrite, FileTimeToLocalFileTime, GetFileTime, Sleep, GetStdHandle, GetStringTypeA, GetStringTypeW, CompareStringA, CompareStringW, SetEnvironmentVariableA, HeapReAlloc, GetTickCount, GetModuleFileNameA, lstrcpyA, IsDBCSLeadByte, FreeLibrary, GetProcAddress, LoadLibraryA, GetVersion, GlobalFree, GlobalUnlock, FreeResource, _lclose, _hwrite, OpenFile, lstrcatA, GetWindowsDirectoryA, GlobalLock, GlobalAlloc, LockResource, SizeofResource, LoadResource, FindResourceA, GetModuleHandleA, GetSystemInfo, MoveFileExA, lstrcmpiA, GetCurrentProcess, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, FindFirstFileA, lstrlenA, WinExec, GetPrivateProfileSectionA, WritePrivateProfileStringA, GetProfileSectionA, WriteProfileStringA, WritePrivateProfileSectionA, WriteProfileSectionA, GetSystemDirectoryA, CreateFileA, FileTimeToDosDateTime, WriteFile, ReadFile, _lread, GetPrivateProfileStringA, DosDateTimeToFileTime, lstrcmpA, GetCurrentThread, SetEndOfFile, SetFilePointer, SetCurrentDirectoryA, MoveFileA, GetFileAttributesA, RemoveDirectoryA, CreateDirectoryA, GetDriveTypeA, GetDiskFreeSpaceA, GetLastError > VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA > ADVAPI32.dll: RegCloseKey, RegDeleteValueA, RegQueryValueExA, LookupPrivilegeValueA, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, GetTokenInformation, EqualSid, RegEnumValueA, RegConnectRegistryA, InitializeSecurityDescriptor, RegSetValueExA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, AllocateAndInitializeSid, SetSecurityDescriptorOwner, RegCreateKeyExA, FreeSid > comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA > SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDList ( 0 exports )

Bonjour, et merci j'ai un périphérique HP sur mon micro, il s'agit d'un scanner. Voici les rapports : log.txt Logfile of random's system information tool 1.04 (written by random/random) Run by Flavien at 2008-12-02 22:36:47 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 2 GB (17%) free of 10 GB Total RAM: 511 MB (37% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37:29, on 02/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Commun\Applications\Gspot\GSpot.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Flavien\Bureau\RSIT.exe C:\Program Files\trend micro\Flavien.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5836 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-03 806912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-03 806912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-11-14 919016] "AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-08-01 684032] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560] "nwiz"=nwiz.exe /install [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497] "zzzHPSETUP"=F:\Setup.exe [] "hpppta"=C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe [2000-12-05 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"=C:\WINDOWS\system32\NVMCTRAY.DLL [2003-10-06 49152] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2008-12-02 22:36:50 ----D---- C:\Program Files\trend micro 2008-12-02 22:36:47 ----D---- C:\rsit 2008-11-30 19:38:54 ----D---- C:\Program Files\MP3 WAV Converter 2008-11-30 19:29:43 ----D---- C:\Program Files\Audacity 2008-11-30 12:28:21 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-30 10:43:17 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-28 22:26:32 ----D---- C:\Program Files\mp3DirectCut 2008-11-28 21:38:12 ----D---- C:\OutputFolder 2008-11-28 17:51:56 ----D---- C:\Program Files\bobyte 2008-11-24 21:22:08 ----A---- C:\WINDOWS\unin040c.exe 2008-11-24 19:00:31 ----RA---- C:\WINDOWS\system32\hpsjvset.dll 2008-11-24 19:00:31 ----A---- C:\WINDOWS\system32\lfpng70n.dll 2008-11-24 19:00:31 ----A---- C:\WINDOWS\system32\lfbmp70n.dll 2008-11-24 19:00:31 ----A---- C:\WINDOWS\system32\hpmd32u.dll 2008-11-24 19:00:31 ----A---- C:\WINDOWS\system32\Hpmd32p.dll 2008-11-24 19:00:31 ----A---- C:\WINDOWS\system32\hpmd32.dll 2008-11-24 19:00:31 ----A---- C:\WINDOWS\system32\hpgreg32.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\ltkrn70n.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\ltfil70n.DLL 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\lftif70n.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\lfpcx70n.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\Lfkodak.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\lfgif70n.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\lffpx70n.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\Lffpx7.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\lffax70n.dll 2008-11-24 19:00:30 ----A---- C:\WINDOWS\system32\LFCMP70n.DLL 2008-11-24 19:00:29 ----RA---- C:\WINDOWS\system32\prntfix.exe 2008-11-24 19:00:29 ----A---- C:\WINDOWS\system32\ipeistor12.dll 2008-11-24 19:00:29 ----A---- C:\WINDOWS\system32\ipebase12.dll 2008-11-24 19:00:29 ----A---- C:\WINDOWS\system32\ipeapi12.dll 2008-11-24 18:59:18 ----D---- C:\Program Files\Hewlett-Packard 2008-11-24 18:55:16 ----A---- C:\usblog.txt 2008-11-12 23:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-12 23:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-12 23:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ ======List of files/folders modified in the last 1 months====== 2008-12-02 22:37:10 ----D---- C:\WINDOWS\Prefetch 2008-12-02 22:36:50 ----RD---- C:\Program Files 2008-12-02 22:29:03 ----D---- C:\WINDOWS\system32\ZoneLabs 2008-12-02 22:22:21 ----D---- C:\WINDOWS\Temp 2008-12-02 22:18:00 ----D---- C:\WINDOWS\Internet Logs 2008-11-30 19:39:22 ----D---- C:\WINDOWS\system32 2008-11-30 10:44:12 ----D---- C:\WINDOWS 2008-11-30 10:12:37 ----D---- C:\WINDOWS\Debug 2008-11-30 10:12:36 ----SHD---- C:\RECYCLER 2008-11-30 10:12:36 ----D---- C:\WINDOWS\Minidump 2008-11-29 16:51:58 ----D---- C:\Documents and Settings\Flavien\Application Data\FileZilla 2008-11-28 08:09:09 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-26 21:48:02 ----D---- C:\Program Files\Paint Shop Pro 6 2008-11-25 22:35:30 ----D---- C:\WINDOWS\inf 2008-11-24 19:04:50 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-24 19:04:45 ----HD---- C:\WINDOWS\system32\drivers 2008-11-24 19:04:41 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-11-24 19:04:24 ----A---- C:\WINDOWS\win.ini 2008-11-24 19:00:28 ----D---- C:\WINDOWS\twain_32 2008-11-15 16:14:59 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-15 16:11:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-12 23:06:50 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [] R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-01-20 61424] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-01-20 23420] R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-08-13 240128] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-08-01 132058] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-08-01 206464] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-11-14 394952] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096] R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804] R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-01-13 12500] R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-08-01 30246] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-07 5888] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-08-03 404990] R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-08-03 13240] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312] R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-01-17 23000] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-08-01 25578] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-08-03 180360] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-08-03 95424] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 STV679;NMS Video Camera (Webcam); C:\WINDOWS\system32\drivers\STV679.sys [2003-12-16 91648] S3 STV679m;NMS Video Camera (Webcam)m; C:\WINDOWS\system32\drivers\STV679m.sys [2003-12-16 6144] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-27 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-27 151297] R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880] R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2004-12-24 106496] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-10-06 81920] R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-11-14 75304] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF----------------- et info.txt info.txt logfile of random's system information tool 1.04 2008-12-02 22:37:36 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} adsl TV-->C:\Program Files\adslTV\Uninstal.exe Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AviSplit Classic Version 1.43-->"C:\Program Files\bobyte\AviSplit classic\unins000.exe" BlueSoleil-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x40c Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} FileZilla Client 3.0.7.1-->C:\Program Files\FileZilla Client\uninstall.exe Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HP PrecisionScan--> -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPUninstallIs.dll" IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe JAlbum 7.0-->C:\Program Files\JAlbum7.0\Uninstall.exe Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" MP3 WAV Converter 3.52-->C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG MPEG TO AVI version 3.1.1-->"C:\Program Files\MPEGTOAVI\unins000.exe" NMS Video Camera v203 Installation Files-->C:\PROGRA~1\Generic\STV679~1\UNWISE.EXE C:\PROGRA~1\Generic\STV679~1\INSTALL.LOG NVIDIA Display Driver-->C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver Paint Shop Pro 6.0 (CD-ROM)-->C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2609.exe" _?=C:\Program Files\PDFCreator Toolbar PDFCreator-->C:\Program Files\PDFCreator\unins000.exe Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U VideoLAN VLC media player 0.8.6e-->C:\Program Files\adslTV\uninstall.exe Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Hosts File====== 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com ======Security center information====== AV: Avira AntiVir PersonalEdition FW: ZoneAlarm Pro Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adaptec Shared\System "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=000a "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "tvdumpflags"=8 -----------------EOF-----------------

Bonjour, Mon PC plante, redemarre, écran qui s'éteint (voyant orange) et blocage ensuite... Voici mon rapport HijackThis - merci de votre aide Logfile of HijackThis v1.99.1 Scan saved at 21:39:18, on 01/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Flavien\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bon... il m'est impossible de faire quoi que ce soit sur ma machine depuis le dernier incident. Je capitule et me lance dans un formatage radical... A bientôt

re-salut ! Le message d'erreur au démarrage : "ElbyCDIO not running ElbyCheck will stop" Le rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 22:15:58, on 23/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Adaptec Shared\CreateCD\CreateCD50.exe C:\WINDOWS\System32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095620160484 O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: Windows Task Scheduler (Schedule Tasks) - Unknown owner - C:\WINDOWS\shtasks.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing) O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing) merci

Bonjour, Je ne suis pas chez moi. Je n'ai pas touché au fichier system32, mais bien services.exe Par ailleurs, j'ai pu lancer ma machine hier soir : 20 minutes au moins pour que windows se lance. Il y a une message mais pas de type "Windows n'a pas pu démarrer car le fichier suivant est manquant ou endommagé...." Je l'ai noté mais il est chez moi. J'ai lancé HijackThis...j'ai rapport. Je peux par ailleurs utiliser mon utilitaire de gravage...et j'ai commencé à sauvegarder mes données. je transmets tout ça ce soir au cas où...

Bonjour, Rien ne va plus ! J'ai procédé à la manip. Tout était ok jusqu'à l'étape 8 incluse (sauf que je n'ai pas pu supprimer le fichier services.exe : je l'ai déplacé sur mon bureau et renommé __services.exe et que la commande sc delete Windows Update Service ne marchait pas...). Le pb, c'est que maintenant Windows ne redemarre pas (mode normal, sans échec, dernière bonne configuration) : plantage après la fenetre Win XP. Je suis inquiet pour mes données que je n'ai pas sauvegardé !!! Help please Ci joint la rapport de eScan Antivirus File C:\WINDOWS\System32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Fchampeaux\Mes documents\Mes logiciels\eDonkey0.46.exe tagged as not-a-virus:AdWare.Win32.Ucmore.a. No Action Taken. File C:\Documents and Settings\Fchampeaux\Mes documents\Mes logiciels\kazaalite_202_b1.zip tagged as not-a-virus:AdWare.Win32.Altnet.o. No Action Taken. File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0P2B8TMF\sysdat[1].exe infected by "Trojan-Proxy.Win32.Ranky.ek" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0169877.exe infected by "Email-Worm.Win32.Locksky.al" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0169893.dll tagged as not-a-virus:AdWare.Win32.Ihbo.gen. No Action Taken. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172901.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172902.exe infected by "not-virus:Hoax.Win32.Renos.bw" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172909.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172910.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172911.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172912.dll tagged as not-a-virus:AdWare.Win32.AzSearch.c. No Action Taken. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172913.exe infected by "not-virus:Hoax.Win32.Renos.bw" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172914.exe infected by "Trojan-Downloader.Win32.Tiny.bm" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172917.dll infected by "Trojan-Downloader.Win32.Delf.aic" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172946.exe infected by "Email-Worm.Win32.Locksky.al" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP529\A0172948.exe infected by "Trojan-Downloader.Win32.Agent.agg" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP532\A0179358.exe infected by "Trojan-Downloader.Win32.Adload.q" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{C790C567-333E-4DDB-85E7-9134BE4049F7}\RP534\A0185484.exe infected by "Backdoor.Win32.SdBot.xd" Virus. Action Taken: File Renamed. File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: File Deleted. File C:\WINDOWS\Downloaded Program Files\load.exe infected by "Trojan-Downloader.Win32.Small.ckj" Virus. Action Taken: File Deleted.

Bon j'ai réussi à terminer un scan Antivir...dont voici le rapport : Report file date: mardi 21 mars 2006 08:18 Jobname: 'Local Drives' Scanning for 340083 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: ABELLON Computer name: DURAND Version informations: AVSCAN.EXE : 7.0.0.28 532520 15/03/2006 20:01:35 AVSCAN.DLL : 7.0.0.28 40488 15/03/2006 20:01:35 LUKE.DLL : 7.0.0.28 114728 15/03/2006 20:01:39 LUKERES.DLL : 7.0.0.28 25600 15/03/2006 20:01:39 ANTIVIR0.VDF : 6.32.0.60 4323840 06/12/2005 10:47:34 ANTIVIR1.VDF : 6.34.0.11 1424384 07/03/2006 21:25:32 ANTIVIR2.VDF : 6.34.0.49 140800 15/03/2006 16:29:32 ANTIVIR3.VDF : 6.34.0.75 72704 21/03/2006 07:14:43 AVEWIN32.DLL : 7.0.0.3 1167872 15/03/2006 20:01:43 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:02 AVREP.DLL : 6.34.0.50 2437160 15/03/2006 16:29:32 AVPACK32.DLL : 6.33.0.6 331816 09/01/2006 09:03:38 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:50 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:50 Start of the scan: mardi 21 mars 2006 08:18 Start scanning boot sectors: Boot sector 'C:' [NOTE] No virus was found! Boot sector 'D:' [NOTE] No virus was found! Boot sector 'E:' [NOTE] No virus was found! Boot sector 'A:' [NOTE] In the drive 'A:' no data medium is inserted! Boot sector 'F:' [NOTE] In the drive 'F:' no data medium is inserted! Starting to scan the registry. The registry was scanned ( 17 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! C:\Documents and Settings\Draynaud\ntuser.dat [WARNING] The file could not be opened! C:\Documents and Settings\Draynaud\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Draynaud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Draynaud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\callcont.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\h323.tsp [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msgina.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mst120.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\schannel.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\___dcom_14.dll [DETECTION] Is the Trojan horse TR/Dldr.Agent.AFL.15 [iNFO] The file was deleted! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\dllcache\iisui.dll [WARNING] The file could not be readed! The path A:\ could not be found! Le périphérique n'est pas prêt. The path F:\ could not be found! Le périphérique n'est pas prêt. The path H:\ could not be found! Le périphérique n'est pas prêt. End of the scan: mardi 21 mars 2006 10:54 Used time: 2:36:00 min The scan has been done completely. 3227 Scanning directories 163944 Files were scanned 1 viruses and/or unwanted programs was found 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1626 Archives were scanned 67 Warnings 15 Notes Après ça j'ai lancer HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 12:33:52, on 21/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095620160484 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Windows Task Scheduler (Schedule Tasks) - Unknown owner - C:\WINDOWS\shtasks.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe J'ai redémarré en mode normal et antivir a détecter quelque chose (trojan...). Je l'ai supprimé. voilà