VALERY

Suite à un "écran bleu" ce matin, j'ai réussi à noter le code ! BAD_POOL_HEADER STOP 0x00000019 (0x00000020, 0xE163E8A8, 0xE163E8FO, 0x0C09040E) Voilà, si quelqu'un a une idée pour solutionner ce problème qui n'a sans doute rien à voir avec Worm/Gobot.y @+

up

Voilà... Logfile of HijackThis v1.99.1 Scan saved at 09:00:47, on 11/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\SOUNDMAN.EXE C:\apps\ABoard\ABoard.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: (no name) - {CA8BE10D-F215-42B7-A585-836E21B32389} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O5 "LPT1:" /M "Stylus CX3200" O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan/fr...n_principal.htm (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: WebControlDeploy - https://grouper.com/v1/GrouperSetup.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe La suite... chercher v1.0.1 par Malekal_morte http://www.malekal.com C:\WINDOWS\System32\wpa.dbl -->11/10/2006 08:40:49 C:\WINDOWS\System32\PerfStringBackup.INI -->10/10/2006 07:38:41 C:\WINDOWS\System32\perfh00C.dat -->10/10/2006 07:38:41 C:\WINDOWS\System32\perfh009.dat -->10/10/2006 07:38:41 C:\WINDOWS\System32\perfc00C.dat -->10/10/2006 07:38:41 C:\WINDOWS\System32\perfc009.dat -->10/10/2006 07:38:41 C:\WINDOWS\System32\FNTCACHE.DAT -->08/10/2006 17:34:50 C:\WINDOWS\System32\spupdwxp.log -->08/10/2006 17:02:14 C:\WINDOWS\System32\spupdsvc.inf -->08/10/2006 16:57:56 C:\WINDOWS\System32\CmdLineExt03.dll -->08/10/2006 11:34:45 C:\WINDOWS\System32\MRT.exe -->11/09/2006 19:37:22 C:\WINDOWS\System32\fltlib.dll -->21/08/2006 14:26:16 C:\WINDOWS\System32\fltmc.exe -->21/08/2006 11:14:58 C:\WINDOWS\System32\CmdLineExt.dll -->20/08/2006 14:58:22 C:\WINDOWS\System32\mshtml.dll -->28/07/2006 13:28:08 C:\WINDOWS\System32\inetcomm.dll -->27/07/2006 15:26:19 C:\WINDOWS\System32\urlmon.dll -->25/07/2006 22:41:01 C:\WINDOWS\System32\hlink.dll -->21/07/2006 10:32:15 C:\WINDOWS\System32\netapi32.dll -->14/07/2006 17:41:05 C:\WINDOWS\System32\hhctrl.ocx -->14/07/2006 17:27:53 C:\WINDOWS\System32\shell32.dll -->13/07/2006 15:36:01 C:\WINDOWS\System32\kernel32.dll -->05/07/2006 12:56:38 C:\WINDOWS\System32\rasadhlp.dll -->26/06/2006 19:41:32 C:\WINDOWS\System32\dnsapi.dll -->26/06/2006 19:41:32 C:\WINDOWS\System32\wininet.dll -->23/06/2006 13:11:45 C:\WINDOWS\WindowsUpdate.log -->11/10/2006 08:42:56 C:\WINDOWS\0.log -->11/10/2006 08:40:29 C:\WINDOWS\wiadebug.log -->11/10/2006 08:40:17 C:\WINDOWS\QTFont.qfn -->11/10/2006 08:40:14 C:\WINDOWS\wiaservc.log -->11/10/2006 08:40:07 C:\WINDOWS\SchedLgU.Txt -->11/10/2006 08:39:33 C:\WINDOWS\bootstat.dat -->11/10/2006 08:39:22 C:\WINDOWS\setuperr.log -->11/10/2006 07:44:01 C:\WINDOWS\NeroDigital.ini -->09/10/2006 07:56:20 C:\WINDOWS\Thumbs.db -->08/10/2006 17:57:10 C:\WINDOWS\WMSysPr9.prx -->08/10/2006 17:02:29 C:\WINDOWS\QTFont.for -->08/10/2006 16:53:58 C:\WINDOWS\system.ini -->17/05/2006 10:36:45 C:\WINDOWS\pavsig.txt -->25/03/2006 09:20:47 C:\WINDOWS\Sti_Trace.log -->24/03/2006 18:48:52 C:\WINDOWS\jre.exe |09/10/2005 16:05:55 C:\WINDOWS\jrew.exe |09/10/2005 16:05:55 C:\WINDOWS\slrundll.exe |01/01/1980 01:00:00 C:\WINDOWS\SmCfg.exe |06/01/2004 13:57:31 C:\WINDOWS\uinst001.exe |27/02/2005 17:32:20 C:\WINDOWS\UpdtNv28.exe |24/12/2005 10:59:05 C:\WINDOWS\daemon.dll |22/08/2004 17:04:56 C:\WINDOWS\SlantAdj.dll |29/09/2004 19:39:13 C:\WINDOWS\system32\append.exe |30/09/2002 13:48:50 C:\WINDOWS\system32\ati2sgag.exe |08/03/2006 10:09:48 C:\WINDOWS\system32\debug.exe |30/09/2002 13:48:56 C:\WINDOWS\system32\DivXsm.exe |23/11/2005 06:00:00 C:\WINDOWS\system32\dosx.exe |30/09/2002 13:48:56 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 18:47:34 C:\WINDOWS\system32\E2.exe |21/12/2004 18:02:48 C:\WINDOWS\system32\edlin.exe |30/09/2002 13:49:05 C:\WINDOWS\system32\exe2bin.exe |30/09/2002 13:49:05 C:\WINDOWS\system32\fastopen.exe |30/09/2002 13:49:06 C:\WINDOWS\system32\FileOps.exe |26/01/2004 21:52:47 C:\WINDOWS\system32\mem.exe |30/09/2002 13:49:13 C:\WINDOWS\system32\minirec.exe |06/01/2004 13:57:31 C:\WINDOWS\system32\mscdexnt.exe |30/09/2002 13:49:15 C:\WINDOWS\system32\nlsfunc.exe |30/09/2002 13:49:20 C:\WINDOWS\system32\redir.exe |30/09/2002 13:49:26 C:\WINDOWS\system32\service.exe |14/06/2006 10:53:25 C:\WINDOWS\system32\setver.exe |30/09/2002 13:49:29 C:\WINDOWS\system32\share.exe |30/09/2002 13:49:29 C:\WINDOWS\system32\slmh.exe |06/01/2004 13:57:31 C:\WINDOWS\system32\slserv.exe |01/01/1980 01:00:00 C:\WINDOWS\system32\UAService7.exe |16/04/2005 08:57:15 C:\WINDOWS\system32\UnCutePP.exe |19/01/2005 21:48:27 C:\WINDOWS\system32\UninstXviDDec.exe |26/01/2004 19:51:05 C:\WINDOWS\system32\amr_cpl.dll |06/01/2004 13:57:31 C:\WINDOWS\system32\amstream.dll |12/12/2002 01:14:32 C:\WINDOWS\system32\CmdLineExt03.dll |02/10/2006 18:41:12 C:\WINDOWS\system32\coinst.dll |01/01/1980 01:00:00 C:\WINDOWS\system32\compatui.dll |30/09/2002 13:48:54 C:\WINDOWS\system32\cool.dll |19/11/2005 17:14:09 C:\WINDOWS\system32\cutemon2k.dll |19/01/2005 21:48:27 C:\WINDOWS\system32\DivXWMPExtType.dll |24/01/2006 20:08:29 C:\WINDOWS\system32\EBAPI.dll |29/09/2004 19:37:42 C:\WINDOWS\system32\EEBAPI.dll |29/09/2004 19:37:42 C:\WINDOWS\system32\EEBDSCVR.dll |29/09/2004 19:37:42 C:\WINDOWS\system32\encdec.dll |26/11/2002 15:15:52 C:\WINDOWS\system32\ieencode.dll |08/10/2006 16:53:11 C:\WINDOWS\system32\ir32_32.dll |30/09/2002 13:49:10 C:\WINDOWS\system32\libeay32.dll |10/08/2005 00:13:31 C:\WINDOWS\system32\msdmo.dll |12/12/2002 01:14:32 C:\WINDOWS\system32\msencode.dll |30/09/2002 13:49:16 C:\WINDOWS\system32\ogg.dll |30/01/2004 21:02:08 C:\WINDOWS\system32\paqsp.dll |23/08/2001 18:47:16 C:\WINDOWS\system32\psisdecd.dll |19/12/2004 20:27:18 C:\WINDOWS\system32\pythoncom21.dll |29/09/2004 19:40:58 C:\WINDOWS\system32\PyWinTypes21.dll |29/09/2004 19:40:59 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 01:14:32 C:\WINDOWS\system32\qt-dx331.dll |12/08/2005 23:57:09 C:\WINDOWS\system32\sbe.dll |26/11/2002 15:15:50 C:\WINDOWS\system32\slextspk.dll |01/01/1980 01:00:00 C:\WINDOWS\system32\SLGen.dll |01/01/1980 01:00:00 C:\WINDOWS\system32\SLLights.dll |06/01/2004 13:57:31 C:\WINDOWS\system32\ssleay32.dll |10/08/2005 00:13:31 C:\WINDOWS\system32\TDI-SonyOMG.dll |24/10/2001 16:00:40 C:\WINDOWS\system32\tsd32.dll |30/09/2002 13:49:35 C:\WINDOWS\system32\vorbis.dll |30/01/2004 21:02:08 C:\WINDOWS\system32\vorbisenc.dll |30/01/2004 21:02:08 C:\WINDOWS\system32\wbload.dll |24/12/2005 15:55:59 C:\WINDOWS\system32\win87em.dll |30/09/2002 13:49:38 C:\WINDOWS\system32\xmlparse.dll |25/01/2004 15:49:09 C:\WINDOWS\system32\xmltok.dll |25/01/2004 15:49:09 C:\WINDOWS\system32\xvidcore.dll |11/02/2004 07:20:01 C:\WINDOWS\system32\ZPORT4AS.dll |22/03/2006 22:38:43 C:\WINDOWS\jre.exe |09/10/2005 16:05:55 C:\WINDOWS\jrew.exe |09/10/2005 16:05:55 C:\WINDOWS\slrundll.exe |01/01/1980 01:00:00 C:\WINDOWS\uinst001.exe |27/02/2005 17:32:20 C:\WINDOWS\UpdtNv28.exe |24/12/2005 10:59:05 C:\WINDOWS\SlantAdj.dll |29/09/2004 19:39:13 C:\WINDOWS\system32\append.exe |30/09/2002 13:48:50 C:\WINDOWS\system32\debug.exe |30/09/2002 13:48:56 C:\WINDOWS\system32\DivXsm.exe |23/11/2005 06:00:00 C:\WINDOWS\system32\dosx.exe |30/09/2002 13:48:56 C:\WINDOWS\system32\E2.exe |21/12/2004 18:02:48 C:\WINDOWS\system32\edlin.exe |30/09/2002 13:49:05 C:\WINDOWS\system32\exe2bin.exe |30/09/2002 13:49:05 C:\WINDOWS\system32\fastopen.exe |30/09/2002 13:49:06 C:\WINDOWS\system32\FileOps.exe |26/01/2004 21:52:47 C:\WINDOWS\system32\mem.exe |30/09/2002 13:49:13 C:\WINDOWS\system32\mscdexnt.exe |30/09/2002 13:49:15 C:\WINDOWS\system32\nlsfunc.exe |30/09/2002 13:49:20 C:\WINDOWS\system32\redir.exe |30/09/2002 13:49:26 C:\WINDOWS\system32\service.exe |14/06/2006 10:53:25 C:\WINDOWS\system32\setver.exe |30/09/2002 13:49:29 C:\WINDOWS\system32\share.exe |30/09/2002 13:49:29 C:\WINDOWS\system32\UAService7.exe |16/04/2005 08:57:15 C:\WINDOWS\system32\UnCutePP.exe |19/01/2005 21:48:27 C:\WINDOWS\system32\UninstXviDDec.exe |26/01/2004 19:51:05 C:\WINDOWS\system32\amstream.dll |12/12/2002 01:14:32 C:\WINDOWS\system32\CmdLineExt03.dll |02/10/2006 18:41:12 C:\WINDOWS\system32\cool.dll |19/11/2005 17:14:09 C:\WINDOWS\system32\cutemon2k.dll |19/01/2005 21:48:27 C:\WINDOWS\system32\DivXWMPExtType.dll |24/01/2006 20:08:29 C:\WINDOWS\system32\EBAPI.dll |29/09/2004 19:37:42 C:\WINDOWS\system32\EEBAPI.dll |29/09/2004 19:37:42 C:\WINDOWS\system32\EEBDSCVR.dll |29/09/2004 19:37:42 C:\WINDOWS\system32\encdec.dll |26/11/2002 15:15:52 C:\WINDOWS\system32\ieencode.dll |08/10/2006 16:53:11 C:\WINDOWS\system32\ir32_32.dll |30/09/2002 13:49:10 C:\WINDOWS\system32\libeay32.dll |10/08/2005 00:13:31 C:\WINDOWS\system32\msdmo.dll |12/12/2002 01:14:32 C:\WINDOWS\system32\msencode.dll |30/09/2002 13:49:16 C:\WINDOWS\system32\ogg.dll |30/01/2004 21:02:08 C:\WINDOWS\system32\psisdecd.dll |19/12/2004 20:27:18 C:\WINDOWS\system32\pythoncom21.dll |29/09/2004 19:40:58 C:\WINDOWS\system32\PyWinTypes21.dll |29/09/2004 19:40:59 C:\WINDOWS\system32\qedwipes.dll |12/12/2002 01:14:32 C:\WINDOWS\system32\qt-dx331.dll |12/08/2005 23:57:09 C:\WINDOWS\system32\sbe.dll |26/11/2002 15:15:50 C:\WINDOWS\system32\SLGen.dll |01/01/1980 01:00:00 C:\WINDOWS\system32\ssleay32.dll |10/08/2005 00:13:31 C:\WINDOWS\system32\tsd32.dll |30/09/2002 13:49:35 C:\WINDOWS\system32\vorbis.dll |30/01/2004 21:02:08 C:\WINDOWS\system32\vorbisenc.dll |30/01/2004 21:02:08 C:\WINDOWS\system32\wbload.dll |24/12/2005 15:55:59 C:\WINDOWS\system32\win87em.dll |30/09/2002 13:49:38 C:\WINDOWS\system32\xmlparse.dll |25/01/2004 15:49:09 C:\WINDOWS\system32\xmltok.dll |25/01/2004 15:49:09 C:\WINDOWS\system32\xvidcore.dll |11/02/2004 07:20:01 C:\WINDOWS\system32\ZPORT4AS.dll |22/03/2006 22:38:43 Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est C4C1-EDB9 Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 58 023 944 192 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est C4C1-EDB9 Répertoire de C:\WINDOWS\Downloaded Program Files 01/10/2006 19:32 <REP> . 01/10/2006 19:32 <REP> .. 19/12/2005 14:35 135 168 asinst.dll 28/11/2005 17:40 525 asinst.inf 30/09/2002 14:03 65 desktop.ini 14/10/1997 19:52 697 DirectAnimation Java Classes.osd 25/07/2002 19:13 24 576 dwusplay.dll 25/07/2002 19:13 196 608 dwusplay.exe 25/06/2006 12:50 1 793 erma.inf 27/10/2005 12:37 184 320 GrouperSetup.dll 16/02/2005 18:15 401 408 isusweb.dll 26/08/2005 16:57 495 LegitCheckControl.inf 20/01/2000 16:25 1 162 Microsoft XML Parser for Java.osd 27/10/2005 12:37 625 OSD36DF.OSD 02/05/2004 02:50 114 688 SassCln.dll 02/05/2004 01:26 305 SASSCLN.INF 08/12/2003 14:58 3 759 swflash.inf 15 fichier(s) 1 066 194 octets Total des fichiers listés : 15 fichier(s) 1 066 194 octets 2 Rép(s) 58 023 944 192 octets libres Recherche de rootkit (merci S!Ri !) Liste des programmes installes Ad-Aware SE Personal Adobe Illustrator 10.0.3 Adobe Photoshop 7.0.1 Adobe Photoshop Album 2.0 Edition Découverte Adobe Reader 7.0.7 - Français Adobe Shockwave Player Adobe SVG Viewer 3.0 Age of Mythology AIDA32 v3.93 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver AutoUpdate Avira AntiVir PersonalEdition Classic Black & White® 2 CCleaner (remove only) CDRWIN Colin McRae Rally 04 Demo Correctif Windows XP - KB873333 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 CutePDF Printer Setup DAEMON Tools DawnOfWar DawnOfWar DivFix 1.10 Fr DivX DivX Converter DivX Player DivX Web Player eMule Encyclopédie Hachette Multimédia EPSON Copy Utility EPSON Logiciel imprimante EPSON Photo Print EPSON Smart Panel EPSON TWAIN 5 ewido anti-malware Eye On Network (désinstallation) FairUse Wizard Free - Kit de connexion Freeplayer GizmoZone.com WaterWorld - Deep Sea Screensaver Google Earth Google Toolbar for Internet Explorer GUILD WARS Heuralec HijackThis 1.99.1 IL-2 Sturmovik: Forgotten Battles IL-2 Sturmovik: Forgotten Battles AEP IncrediMail Xe InterActual Player Java Runtime Environment 1.1 jv16 PowerTools 1.3 Lecteur Windows Media 10 LEGO Star Wars LEGO Star Wars LEGO TECHNIC Bionicle Nestlé Lock On: Air Combat Simulation LoMan 2.1 Final Macromedia Flash Player 8 Masses Microsoft .NET Framework 1.1 Microsoft Office 2000 Professional Microsoft Plus! pour Windows XP Microsoft Word 2002 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Monkey's Audio MP3 Dancer MSXML4 Parser Nero Suite Nic's XviD Decoder ObjectDock ObjectDock Fr ObjectDock Plus OpenMG Limited Patch 4.1-05-13-31-01 OpenMG Secure Module 4.1.00 OpenMG Secure Module 4.1.00 Packard Bell Companion Panda ActiveScan PF+FB+AEP PF+FB+AEP Prince of Persia l'Ame du Guerrier Prince of Persia Les Sables du Temps Quadrillage Repro QuarkXPress 6.0 SAGEM F@st 800-908 ScanToWeb SereneScreen Marine Aquarium 2 Shockwave Skinpack C6 FB+AEP+PF SonicStage 3.0 Spybot - Search & Destroy 1.4 Star Wars Battlefront Star Wars Battlefront II Star Wars Republic Commando Star Wars Starfighter Star Wars Knights of the Old Republic II: The Sith Lords Star Wars: Knights of the Old Republic Starsky&Hutch Sunbelt Kerio Personal Firewall Total Immersion Racing Viewpoint Media Player (Remove Only) Visionneuse Journal Windows Microsoft WebFldrs XP WinAce Archiver Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Media Format Runtime Windows XP Service Pack 2 WinRAR archiver XG WarCat 6.2 Liste des dossiers de C:\Program Files Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est C4C1-EDB9 Répertoire de C:\Program Files 11/10/2006 07:37 <REP> . 11/10/2006 07:37 <REP> .. 26/11/2005 16:18 <REP> Adobe 26/11/2005 12:10 <REP> Ahead 27/02/2006 21:16 <REP> AIDA32 - Personal System Information 14/09/2006 20:36 <REP> AntiVir PersonalEdition Classic 24/03/2006 18:51 <REP> ATF-Cleaner 08/03/2006 10:08 <REP> ATI Technologies 23/02/2004 21:57 <REP> BitmapEx 24/11/2005 19:39 <REP> CCleaner 11/11/2005 20:33 <REP> CDRWIN 04/04/2004 10:35 <REP> Codemasters 01/02/2005 22:25 <REP> Common Files 30/09/2002 14:01 <REP> ComPlus Applications 06/01/2004 14:12 <REP> CyberLink 29/01/2006 20:45 <REP> D-Tools 23/04/2004 20:24 <REP> Datel 29/11/2005 20:01 <REP> DivFix 09/09/2006 20:43 <REP> DivX 18/03/2006 09:10 <REP> EA Games 09/09/2006 20:43 <REP> EHMINSTALL 07/09/2005 14:01 <REP> Empire Interactive 22/09/2006 19:39 <REP> eMule 29/09/2004 19:40 <REP> EPSON 27/02/2005 17:05 <REP> Euros-Monnaie 11/10/2006 08:00 <REP> ewido anti-malware 26/12/2005 16:12 <REP> Eye On Network 09/09/2006 20:43 <REP> FairUse Wizard 18/05/2006 07:57 <REP> Fichiers communs 29/01/2006 20:45 <REP> FpTest 19/02/2004 22:37 <REP> Free.fr 29/01/2006 20:45 <REP> FreeBrowser 09/09/2006 20:43 <REP> Freeplayer 24/01/2005 20:38 <REP> GameSpy Arcade 09/07/2005 16:02 <REP> Giant 14/09/2006 17:30 <REP> Google 01/08/2005 19:36 <REP> GUILD WARS 09/09/2006 20:43 <REP> Heuralec 02/05/2004 19:49 <REP> HighMAT CD Writing Wizard 11/10/2006 07:17 <REP> HijackThis 02/11/2005 16:48 <REP> Icons 15/02/2004 11:15 <REP> ICQLite 01/02/2005 22:25 <REP> IncrediMail 25/01/2004 11:16 <REP> InterActual 08/10/2006 17:31 <REP> Internet Explorer 09/10/2005 16:05 <REP> JavaSoft 07/12/2005 19:56 <REP> JeffProd 27/02/2005 18:02 <REP> JoWooD 24/03/2006 07:54 <REP> jv16 PowerTools 08/10/2006 18:09 <REP> Lavasoft 28/01/2004 21:21 <REP> LEGO Software 06/09/2006 15:11 <REP> Lionhead Studios 09/09/2006 20:43 <REP> LoMan 08/02/2006 17:40 <REP> LucasArts 14/09/2006 18:06 <REP> Masses 31/12/2005 10:42 <REP> Maxis 08/10/2006 17:27 <REP> Messenger 10/10/2006 07:54 <REP> Microsoft Bootvis 14/07/2005 17:26 <REP> microsoft frontpage 04/12/2005 11:14 <REP> Microsoft Games 26/01/2004 20:18 <REP> Microsoft Office 11/11/2005 21:54 <REP> Microsoft Plus! 06/01/2004 14:14 <REP> Microsoft Visual Studio 18/11/2005 08:45 <REP> Monkey's Audio 08/10/2006 16:53 <REP> Movie Maker 01/11/2005 18:17 <REP> MP3Dancer 30/09/2002 14:00 <REP> MSN 30/09/2002 14:00 <REP> MSN Gaming Zone 08/10/2006 16:48 <REP> NetMeeting 22/08/2004 20:36 <REP> Netscape 06/01/2004 14:11 <REP> Nullsoft 05/02/2005 15:36 <REP> Oberon Media 27/02/2005 20:03 <REP> OpenOffice.org1.1.4 08/10/2006 17:29 <REP> Outlook Express 01/11/2005 10:49 <REP> Pinnacle 25/03/2006 16:40 <REP> Prolific Publishing, Inc 27/02/2005 17:06 <REP> Quadrillage Repro 01/10/2004 18:30 <REP> Quark 25/03/2006 01:44 <REP> QuickTime 25/11/2005 21:18 <REP> Ray Adams 06/01/2004 14:11 <REP> Real 13/02/2004 15:34 <REP> SAGEM 11/11/2005 21:46 <REP> SereneScreen 30/09/2002 14:00 <REP> Services en ligne 29/10/2005 10:23 <REP> Shortcut 16/10/2005 20:52 <REP> Sony 16/10/2005 12:14 <REP> Sony Corporation 09/04/2006 12:23 <REP> Spybot - Search & Destroy 26/12/2005 12:13 <REP> Stardock 17/05/2006 10:33 <REP> Sunbelt Software 13/06/2005 20:14 <REP> THQ 18/03/2006 09:24 <REP> UBISOFT 06/01/2004 14:11 <REP> Viewpoint 06/01/2004 14:16 <REP> Virtual CD v4 SDK 14/09/2006 18:06 <REP> Vsk3Demo 11/11/2004 11:45 <REP> War of the Ring Demo 22/03/2006 23:55 <REP> WinAce 14/09/2006 18:06 <REP> Winamp 02/05/2004 19:59 <REP> Windows Journal Viewer 08/10/2006 16:53 <REP> Windows Media Player 08/10/2006 16:48 <REP> Windows NT 12/06/2006 17:05 <REP> WinRAR 30/09/2002 14:05 <REP> xerox 08/03/2006 10:24 <REP> XG WarCat 6.2 0 fichier(s) 0 octets 104 Rép(s) 58 023 878 656 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est C4C1-EDB9 Répertoire de C:\Program Files\fichiers communs 18/05/2006 07:57 <REP> . 18/05/2006 07:57 <REP> .. 26/01/2004 21:56 <REP> Adobe 26/11/2005 12:07 <REP> Ahead 06/01/2004 14:11 <REP> AOL 06/01/2004 14:14 <REP> Designer 29/01/2005 14:17 <REP> DirectX 29/09/2004 19:37 <REP> EPSON 11/02/2006 14:08 <REP> InstallShield 11/11/2005 21:52 <REP> Microsoft Shared 30/09/2002 14:02 <REP> MSSoap 26/11/2005 12:09 <REP> Nero 20/02/2005 16:49 <REP> NSV 30/09/2002 13:55 <REP> ODBC 29/09/2004 19:40 <REP> Python 18/05/2006 07:57 <REP> Real 30/09/2002 14:02 <REP> Services 16/10/2005 12:14 <REP> Sony Shared 30/09/2002 13:55 <REP> SpeechEngines 25/03/2006 09:31 <REP> Stardock 17/05/2006 12:38 <REP> Symantec Shared 08/10/2006 17:29 <REP> System 06/01/2004 14:12 <REP> TVNavigTechnologies Shared 0 fichier(s) 0 octets 23 Rép(s) 58 023 874 560 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est C4C1-EDB9 Répertoire de C:\Program Files\common files 01/02/2005 22:25 <REP> . 01/02/2005 22:25 <REP> .. 01/02/2005 22:25 <REP> Microsoft Shared 12/08/2004 09:00 <REP> System 0 fichier(s) 0 octets 4 Rép(s) 58 023 874 560 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est C4C1-EDB9 Répertoire de C:\ 09/03/2000 10:06 28 680 FLIPART.EXE 29/08/2002 16:03 6 384 GETDRIVE.EXE 24/05/2001 13:59 162 304 UNWISE.EXE 3 fichier(s) 197 368 octets 0 Rép(s) 58 023 874 560 octets libres c:\Documents and Settings\TOUS\Application Data\Microsoft\Installer\{A990EAA7-8941-4621-BC27-4F16261D3180}\ARPPRODUCTICON.exe c:\Documents and Settings\TOUS\Application Data\Microsoft\Installer\{A990EAA7-8941-4621-BC27-4F16261D3180}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe c:\Documents and Settings\TOUS\Application Data\Microsoft\Installer\{A990EAA7-8941-4621-BC27-4F16261D3180}\NewShortcut3_8315396A5EA1419DBEC4978284BDF556.exe c:\Documents and Settings\TOUS\Bureau\diaghelp\FilesInfoCmd.exe c:\Documents and Settings\TOUS\Bureau\diaghelp\Fport.exe c:\Documents and Settings\TOUS\Bureau\diaghelp\grep.exe c:\Documents and Settings\TOUS\Bureau\diaghelp\LFiles.exe c:\Documents and Settings\TOUS\Bureau\diaghelp\LISTDLLS.exe c:\Documents and Settings\TOUS\Bureau\diaghelp\pslist.exe c:\Documents and Settings\TOUS\Bureau\diaghelp\streams.exe c:\Documents and Settings\TOUS\Bureau\diaghelp\swreg.exe c:\Documents and Settings\TOUS\Local Settings\Application Data\IM\Identities\{0E21214C-2AC5-4FE5-B4C6-D2305727BEAE}\Message Store\Attachments\AoM.eXe c:\Documents and Settings\TOUS\Local Settings\Application Data\IM\Identities\{0E21214C-2AC5-4FE5-B4C6-D2305727BEAE}\Message Store\Attachments\cuteprinter-PDF.exe c:\Documents and Settings\TOUS\Local Settings\Application Data\IM\Identities\{0E21214C-2AC5-4FE5-B4C6-D2305727BEAE}\Message Store\Attachments\swkotor.exe c:\Documents and Settings\TOUS\Menu Démarrer\Programmes\COKTEL\Configuration 3D.exe c:\Documents and Settings\TOUS\Menu Démarrer\Programmes\COKTEL\Désinstalleur Coktel.exe c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll Et l'ancien rapport Antivir... Version information: AVSCAN.EXE : 7.0.0.47 200744 14/09/2006 17:32:47 AVSCAN.DLL : 7.0.0.45 41000 14/09/2006 17:32:47 LUKE.DLL : 7.0.0.47 118824 14/09/2006 17:32:48 LUKERES.DLL : 7.0.0.47 9256 14/09/2006 17:32:49 ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 18:57:08 ANTIVIR1.VDF : 6.36.0.89 1745920 02/10/2006 17:16:30 ANTIVIR2.VDF : 6.36.0.90 2048 02/10/2006 17:16:30 ANTIVIR3.VDF : 6.36.0.96 62976 06/10/2006 17:17:14 AVEWIN32.DLL : 7.2.0.25 1860096 05/10/2006 17:16:32 AVPREF.DLL : 7.0.0.2 23592 14/09/2006 17:32:47 AVREP.DLL : 6.36.0.79 843816 05/10/2006 17:16:31 AVRPBASE.DLL : 7.0.0.0 2162728 17/05/2006 08:44:58 AVPACK32.DLL : 7.2.0.0 368680 14/09/2006 17:32:51 AVREG.DLL : 6.31.0.90 27688 28/07/2005 09:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 06:56:49 NETNW.DLL : 7.0.0.0 9768 14/09/2006 17:32:49 RCIMAGE.DLL : 7.0.0.74 1642536 14/09/2006 17:32:39 RCTEXT.DLL : 7.0.1.4 77864 27/09/2006 17:15:22 Configuration settings for the scan: Jobname.......................: Local Drives Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Boot sectors..................: C,G,A,D,E,F Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003, Macro heuristic...............: 1 File heuristic................: 2 Primary action................: 1 Secondary action..............: 0 Start of the scan: dimanche 8 octobre 2006 18:18 The scan of running processes will be started 5 Processes were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( 14 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\cf2be29571d70d109f7d6cbf2b58f783\mrt.exe [WARNING] The file could not be opened! C:\cf2be29571d70d109f7d6cbf2b58f783\mrtstub.exe [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\ntuser.dat [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Documents\!ReadMe.exe [DETECTION] Contains signature of the worm WORM/Gobot.Y [iNFO] The file was deleted! C:\Documents and Settings\NetworkService\ntuser.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Program Files\Virtual CD v4 SDK\System\VCDImg.dat [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB824141$\user32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB824141$\win32k.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\shell32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\ndis.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\netshell.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\colbact.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comuid.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\es.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\ole32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\txflog.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB833998$\shell32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB833998$\sxs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\callcont.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\h323.tsp [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msgina.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mst120.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\schannel.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\dao360.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\shell32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\sxs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ828026$\wmp.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\config\DEFAULT [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SOFTWARE [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SYSTEM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! The path A:\ could not be found! Le périphérique n'est pas prêt. The path D:\ could not be found! Le périphérique n'est pas prêt. The path E:\ could not be found! Le périphérique n'est pas prêt. The path F:\ could not be found! Le périphérique n'est pas prêt. End of the scan: dimanche 8 octobre 2006 20:16 Used time: 1:58:05 min The scan has been done completely. 10966 Scanning directories 315655 Files were scanned 1 viruses and/or unwanted programs were found 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 7161 Archives were scanned 94 Warnings 0 Notes @+ et merci encore !

Bonjour à tous. Voilà, en faisant mes petits nettoyages habituels, Antivir m'a trouvé cette bestiole et semble l'avoir supprimé. Est-ce suffisant ou faut-il faire autre chose ? Ewido et Spybot ne trouvent rien et un second passage d'Antivir ne trouve rien non plus. Adaware par contre bloque sur une clé typelib\...... et plante... et de temps en temps j'ai un écran bleu suivi d'un plantage, mais là je pense à un problème lié à Kerio (je n'ai pas eu le temps de relevé les codes, il faut que je désactive le redémarrage auto pour cela). Qu'en pensez-vous ? windows xp sp2 @+

Merci pour tout... V@léry

Bon finalement j'ai mis à jour les pilotes du joystick et tout est redevenu normal... J'ai passé HijackThis et l'entrée Desk10.exe n'est pas là donc sûrement pas liée à Saitek. Je reviendrai vers toi si jamais je constate quelquechose... Merci encore pour ton aide précieuse. Valéry

Salut, Dans le tableau msconfig il n'y a pas de ligne correspondant à Desk10.exe et tout est coché... Une autre proposition ?

Petit probleme... J'ai fait la manip, mais j'ai eu un message de spybot pour l'autorisation de la modif dans la base de registre... avec un bug d'affichage qui ne me permettait pas de lire le contenu des 2 boutons, J'ai cliqué à droite, erreur, il a detruit la ligne... Comment puis-je la remettre car elle n'est plus dans la restore de HijackThis... Le Boulet

Est-il possible que le fameux Desk10.exe soit lié à mon joystick Saitek cyborg gold usb ou les applications qui si rapportent car je n'ai plus de profiler dans le Systray... Peut-être une piste... Sinon tout semble fontionner correctement. a+

Voici le rapport, pour le Panda était vierge. En ce qui concerne Desk10.exe, toujours introuvable... Y a t'il un outil plus perfomant pour le trouver ? (recherche window xp pas terrible) Google fonctionne normalement pour le moment. Merci et à+ Valéry StartupList report, 25/03/2006, 08:17:48 StartupList version: 1.52.2 Started from : C:\Program Files\HijackThis\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\SOUNDMAN.EXE C:\apps\ABoard\ABoard.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\TOUS\Menu Démarrer\Programmes\Démarrage] Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE ACTIVBOARD = c:\apps\ABoard\ABoard.exe VCSPlayer = "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" ccApp = "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" ccRegVfy = "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot EPSON Stylus CX3200 (Copie 1) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O5 "LPT1:" /M "Stylus CX3200" Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer SSC_UserPrompt = C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe Profiler = C:\Program Files\Saitek\Software\Profiler.exe SaiSmart = C:\Program Files\Saitek\Software\SaiSmart.exe NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found* -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Analyser mon ordinateur.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [teleir_cert] CODEBASE = https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab OSD = C:\WINDOWS\Downloaded Program Files\teleir_cert.osd [WebControlDeploy] CODEBASE = https://grouper.com/v1/GrouperSetup.cab OSD = C:\WINDOWS\Downloaded Program Files\OSD36DF.OSD [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [sassCln Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll CODEBASE = http://www.microsoft.com/security/controls/SassCln.CAB [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services abp480n5: System32\DRIVERS\ABP480N5.SYS (system) Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart) USB ADSL WAN Adapter: System32\DRIVERS\adiusbaw.sys (manual start) adpu160m: System32\DRIVERS\adpu160m.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Filtre de bus AGP Intel: System32\DRIVERS\agp440.sys (system) Filtre de bus AGP Compaq: System32\DRIVERS\agpCPQ.sys (system) Aha154x: System32\DRIVERS\aha154x.sys (system) aic78u2: System32\DRIVERS\aic78u2.sys (system) aic78xx: System32\DRIVERS\aic78xx.sys (system) Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) AliIde: System32\DRIVERS\aliide.sys (system) Filtre de bus AGP ALI: System32\DRIVERS\alim1541.sys (system) Pilote de filtre du bus AMD AGP: System32\DRIVERS\amdagp.sys (system) Pilote de processeur AMD K7: System32\DRIVERS\amdk7.sys (system) amsint: System32\DRIVERS\amsint.sys (system) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) asc: System32\DRIVERS\asc.sys (system) asc3350p: System32\DRIVERS\asc3350p.sys (system) asc3550: System32\DRIVERS\asc3550.sys (system) Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) cbidf: System32\DRIVERS\cbidf2k.sys (system) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) Symantec Event Manager: "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe" (autostart) Symantec Password Validation Service: "C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe" (manual start) Symantec Proxy Service: "C:\Program Files\Norton Internet Security\ccPxySvc.exe" (autostart) cd20xrnt: System32\DRIVERS\cd20xrnt.sys (system) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) CmdIde: System32\DRIVERS\cmdide.sys (system) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cpqarray: System32\DRIVERS\cpqarray.sys (system) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) d347bus: System32\DRIVERS\d347bus.sys (system) d347prt: System32\Drivers\d347prt.sys (system) dac2w2k: System32\DRIVERS\dac2w2k.sys (system) dac960nt: System32\DRIVERS\dac960nt.sys (system) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) dpti2o: System32\DRIVERS\dpti2o.sys (system) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) EpsonBidirectionalService: C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe (autostart) EPSON Printer Status Agent2: C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe (autostart) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart) ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system) ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte réseau virtuelle FreeBox USB: System32\DRIVERS\fbxusb32.sys (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) hpn: System32\DRIVERS\hpn.sys (system) i2omp: System32\DRIVERS\i2omp.sys (system) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start) Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) ini910u: System32\DRIVERS\ini910u.sys (system) IntelIde: System32\DRIVERS\intelide.sys (system) Fournisseur de pare-feu IPv6: System32\DRIVERS\Ip6Fw.sys (manual start) Pare-feu de connexion Internet IPv6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) mraid35x: System32\DRIVERS\mraid35x.sys (system) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) MSCSPTISRV: "C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) Pilote UART MIDI MPU-401 Microsoft: system32\drivers\msmpu401.sys (manual start) Mtlmnt5: System32\DRIVERS\Mtlmnt5.sys (manual start) Mtlstrm: System32\DRIVERS\Mtlstrm.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Service Norton AntiVirus Auto-Protect: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart) NAVENG: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060322.033\NAVENG.Sys (manual start) NAVEX15: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060322.033\NavEx15.Sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) Norton Internet Security Accounts Manager: "C:\Program Files\Norton Internet Security\NISUM.EXE" (autostart) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NtMtlFax: System32\DRIVERS\NtMtlFax.sys (manual start) Pinnacle Fusion Audio: System32\DRIVERS\nuvaud2.sys (manual start) Pinnacle Fusion Video: System32\DRIVERS\nuvvid2.sys (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleurs hôte IEEE 1394 compatible OHCI: System32\DRIVERS\ohci1394.sys (system) PACSPTISVR: "C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe" (manual start) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) perc2: System32\DRIVERS\perc2.sys (system) perc2hib: System32\DRIVERS\perc2hib.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system) StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\DRIVERS\PxHelp20.sys (system) ql1080: System32\DRIVERS\ql1080.sys (system) Ql10wnt: System32\DRIVERS\ql10wnt.sys (system) ql12160: System32\DRIVERS\ql12160.sys (system) ql1240: System32\DRIVERS\ql1240.sys (system) ql1280: System32\DRIVERS\ql1280.sys (system) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: System32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) recagent: \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver: System32\DRIVERS\R8139n51.SYS (manual start) SaiClass: system32\drivers\SaiNtBus.sys (manual start) SaiH0006: System32\DRIVERS\SaiH0006.sys (manual start) SaiH0107: System32\DRIVERS\SaiH0107.sys (manual start) SaiMini: system32\drivers\SaiMini.sys (manual start) SaiNtBus: system32\drivers\SaiNtBus.sys (manual start) SaiNtHid: System32\DRIVERS\SaiNtHid.sys (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start) SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart) ScriptBlocking Service: C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system) StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system) StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system) StarForce Protection VFS Driver (version 2.x): System32\drivers\sfvfs02.sys (system) Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) SmartLink AMR_PCI Driver: System32\DRIVERS\slntamr.sys (manual start) SlNtHal: System32\DRIVERS\Slnthal.sys (manual start) SmartLinkService: slserv.exe (autostart) SlWdmSup: System32\DRIVERS\SlWdmSup.sys (manual start) Symantec Network Drivers Service: C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (manual start) Pilote de filtrage Sony USB (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start) Sparrow: System32\DRIVERS\sparrow.sys (system) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Sony SPTI Service: "C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe" (manual start) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) SonicStage SCSI Service: C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{0DE4E0AF-C665-4137-B9E9-1AF5249BE96C} (manual start) symc810: System32\DRIVERS\symc810.sys (system) symc8xx: System32\DRIVERS\symc8xx.sys (system) SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start) SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start) SYMIDSCO: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20060322.078\symidsco.sys (manual start) SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start) SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start) SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system) SymWMI Service: C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (autostart) sym_hi: System32\DRIVERS\sym_hi.sys (system) sym_u3: System32\DRIVERS\sym_u3.sys (system) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TosIde: System32\DRIVERS\toside.sys (system) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) ultra: System32\DRIVERS\ultra.sys (system) Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start) Pilote de concentrateur standard USB Microsoft: System32\DRIVERS\usbhub.sys (manual start) Pilote miniport de contrôleur hôte ouvert USB Microsoft: System32\DRIVERS\usbohci.sys (manual start) Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) SecuROM User Access Service (V7): C:\WINDOWS\System32\UAService7.exe (autostart) vcsmpdrv: System32\DRIVERS\vcsmpdrv.sys (system) Virtual CD v4 Security service (SDK - Version): C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (autostart) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Filtre de bus AGP VIA: System32\DRIVERS\viaagp.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\Documents and settings\TOUS\Local Settings\temp\Perflib_Perfdata_ef0.dat||C:\Documents and settings\TOUS\Local Settings\temp\Perflib_Perfdata_f0.dat||C:\Documents and settings\TOUS\Local Settings\temp\~DF442C.tmp||C:\Documents and settings\TOUS\Cookies\index.dat||C:\documents and settings\TOUS\local settings\temp\Perflib_Perfdata_ef0.dat||C:\documents and settings\TOUS\local settings\temp\Perflib_Perfdata_f0.dat||C:\documents and settings\TOUS\local settings\temp\~DF442C.tmp -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: 0aMCPClient: C:\PROGRA~1\FICHIE~1\Stardock\MCPCore.dll PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 42 457 bytes Report generated in 0,250 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

Voila le rapport Panda Incident Statut Analyse Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@apmebf[2].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@bluestreak[1].txt Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@perf.overture[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@xiti[1].txt Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@apmebf[2].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@bluestreak[1].txt Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@perf.overture[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@xiti[1].txt Dialer:dialer.b No Désinfecté C:\WINDOWS\tmlpcert2005 a+

Merci pour le désinstalleur norton 2003, je le met de côté... Pour la désinfection, j'ai réalisé la dernière étape, mais je n'ai pas encore eu le temps de faire le scan Panda... Je viens tout juste de récupérer ma connection internet. Ma Freebox s'est mise en PPP clignotant et n'a rien voulu savoir de la soirée... Donc si je n'ai pas le temps de scanner maintenant, je posterai le rapport demain matin... Merci encore de ton aide et a +

Quelques questions Bonus... Par quoi puis-je avantageusement remplacer Norton Internet Security 2003 ? Antivirus et firewall gratuit de préférence... (J'ai déjà payé un abonnement qui ne me sert pas à grand chose...) (Antivir et Kerio ??? Panda mais pas gratuit) Faut-il faire la mise à jour SP2 ? (J'ai le CD, mais j'hésite...) Merci...

Ok merci, je fais tout cela ce soir (ou demain matin) et je reposte le rapport. Merci

Pas d'info sur le fait de pouvoir revenir en arrière avec jv16 ???? @+

Le panda Incident Statut Analyse Dialer:dialer.b No Désinfecté HKEY_CLASSES_ROOT\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9} Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@bluestreak[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@xiti[1].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@bluestreak[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\TOUS\Cookies\tous@xiti[1].txt Je n'ai pas eu le temps de le finir et je l'ai arrêté un peu avant la fin, j'en ferai un complet ce soir... Au fait, avec jv16 peut-on revenir en arrière si par mégarde on suprime un point rouge ?

Voilà c'est fait, pour le rapport Panda ce sera ce soir car il faut que je parte au bureau... Logfile of HijackThis v1.99.1 Scan saved at 07:06:53, on 24/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\apps\ABoard\ABoard.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\apps\ABoard\AOSD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...se=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O5 "LPT1:" /M "Stylus CX3200" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan/fr...n_principal.htm (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: WebControlDeploy - https://grouper.com/v1/GrouperSetup.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Justement, c'est là le problème, le dossier _DlrApps, je ne le vois pas non plus. Le scan Ewido a été fais avant celui de Panda... Merci encore...

Désolé encore une fois, soi je suis aveugle, soi il y a un truc... CCleaner le voit, aida le voit... mais pas moi, avec la manip pour voir les fichiers cachés et protégés... Une idée ?

Impossible de trouver le fichier desk10.exe, même en affichant les fichiers cachés comme dans la procédure. j'ai fais un scan avec hjt et pourtant lui le voit bien... Je ne comprend pas

Ok, je fais ça ce soir en rentrant... Parcontre, pour les bestioles de Panda, j'ai déjà un peu fais le ménage : j'ai viré le dossier Totem Shared (sans me poser de question.........sur le moment) et j'ai desactivé la restauration, redemaré et ensuite reactivé la restauration... Ai-je eu raison ?

Personne ne veut m'aider ?

Personne pour m'aider ???? Depuis les manip d'hier soir, Google a l'air de se comporter correctement... Parcontre, il reste sûrement les bestioles que Panda à trouvé à virer ? @+

Le nouveau rapport HijakThis, car je suppose que ça a du modifier des trucs... Logfile of HijackThis v1.99.1 Scan saved at 07:26:16, on 23/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\SOUNDMAN.EXE C:\apps\ABoard\ABoard.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\apps\ABoard\AOSD.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\eMule\emule.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...se=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2A5F9A0D-2740-40F0-96CA-0A89B0134CE5} - C:\WINDOWS\System32\sbfrcdlg.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O5 "LPT1:" /M "Stylus CX3200" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [desk10] C:\WINDOWS\_DlrApps\desk10.exe /astart O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan/fr...n_principal.htm (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {F756A28D-DCD5-46be-BCAB-17C088D07227} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: WebControlDeploy - https://grouper.com/v1/GrouperSetup.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Par contre j'ai peut-être fait une bourde : j'ai vire le dosier Totem Shared (sans me poser de question.........sur le moment) et j'ai desactivé la restauration, redemaré et ensuite reactivé la restauration ???????