avilug

le voici ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:11:04, on 27/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Microsoft Money\System\urlmap.exe C:\Documents and Settings\mr bouazziz.SN4970687158\Bureau\HiJackjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.fr/center R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {77805660-2AF5-4E03-9084-85ED0D67E220} - C:\WINDOWS\system32\cbXPICur.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKCU\..\Run: [PreAnnotate] C:\WINDOWS\System32\PreAnntt.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1b899115aa524635ae2c03ac4feee1f2 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1b899115aa524635ae2c03ac4feee1f2 O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bw+0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: fwfapd.dll O21 - SSODL: Version1 - {E66A144F-B461-4FC1-8ECC-BF0767232FC8} - direct3dfx.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:KyMK1j...ack%2BWhale.jpg O24 - Desktop Component 1: (no name) - file:///C:/Program%20Files/fond-ecran-wallpaper/fleur/images/image_004.jpg O24 - Desktop Component 2: (no name) - file:///C:/Program%20Files/fond-ecran-wallpaper/fleur/images/image_001.jpg O24 - Desktop Component 3: (no name) - http://www.fond-ecran-wallpaper.com/fleur/.../fleur-0004.jpg -- End of file - 24092 bytes

eh ben y avait pas mal de trucs... Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1809 Windows 5.1.2600 Service Pack 3 27/02/2009 15:36:33 mbam-log-2009-02-27 (15-36-33).txt Type de recherche: Examen rapide Eléments examinés: 86140 Temps écoulé: 10 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 24 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 23 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\cbXNHYsP.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fwfapd.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\jkkLEWmM.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkklewmm (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e543f86b-d92f-43c7-a39a-2fc9ee95597c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{e543f86b-d92f-43c7-a39a-2fc9ee95597c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efe72a82-7a83-4896-93d4-b09600f16a04} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{efe72a82-7a83-4896-93d4-b09600f16a04} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{efe72a82-7a83-4896-93d4-b09600f16a04} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e543f86b-d92f-43c7-a39a-2fc9ee95597c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70437b1f (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxnhysp -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxnhysp -> Delete on reboot. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\jkkLEWmM.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cbXNHYsP.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\PsYHNXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PsYHNXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fwfapd.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ewfmhfps.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\spfhmfwe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\fxstaller.exe (Backdoor.Rbot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ojnluz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\whcpesgj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\f3PSSavr.scr.XXX (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hdikdycc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGywvsS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jhesayif.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jiteia.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfkfguig.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\szgghn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdlcoclc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qfrtpi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qyfiuq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXPICur.VIR (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yacosmyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yrgcluad.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

en cours

ah ben ça alors ! alors que j'ai lancé 20 fois xp depuis, voila que ... ça remarche ! bon c'est toujours verollé à mort, mais le fichier SYSTEM n'est pplus corrompu !!!! bon je comprend pas tout mais passons à la désinfection si tu veux bien, motif originel de ma présence dans cette section du forum. ça c'est antivir : Virus or unwanted program 'WORM/Rbot.52786.3 [worm]' detected in file 'C:\WINDOWS\fxstaller.exe. Virus or unwanted program 'TR/Monder.ajut [trojan]' detected in file 'C:\WINDOWS\system32\revasqnx.dll. voici le log HIJACK Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:59:06, on 27/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Microsoft Money\System\urlmap.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Documents and Settings\mr bouazziz.SN4970687158\Bureau\HiJackjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.fr/center R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jkkLEWmM.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {77805660-2AF5-4E03-9084-85ED0D67E220} - C:\WINDOWS\system32\cbXPICur.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {E543F86B-D92F-43C7-A39A-2FC9EE95597C} - C:\WINDOWS\system32\cbXNHYsP.dll O2 - BHO: {40a61f00-690b-4d39-6984-38a728a27efe} - {efe72a82-7a83-4896-93d4-b09600f16a04} - C:\WINDOWS\system32\fwfapd.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe O4 - HKLM\..\Run: [70437b1f] rundll32.exe "C:\WINDOWS\system32\revasqnx.dll",b O4 - HKCU\..\Run: [PreAnnotate] C:\WINDOWS\System32\PreAnntt.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1b899115aa524635ae2c03ac4feee1f2 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1b899115aa524635ae2c03ac4feee1f2 O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bw+0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {743ADC40-D623-41F2-8011-4BF2A778C266} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: fwfapd.dll O20 - Winlogon Notify: jkkLEWmM - C:\WINDOWS\SYSTEM32\jkkLEWmM.dll O21 - SSODL: Version1 - {E66A144F-B461-4FC1-8ECC-BF0767232FC8} - direct3dfx.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:KyMK1j...ack%2BWhale.jpg O24 - Desktop Component 1: (no name) - file:///C:/Program%20Files/fond-ecran-wallpaper/fleur/images/image_004.jpg O24 - Desktop Component 2: (no name) - file:///C:/Program%20Files/fond-ecran-wallpaper/fleur/images/image_001.jpg O24 - Desktop Component 3: (no name) - http://www.fond-ecran-wallpaper.com/fleur/.../fleur-0004.jpg -- End of file - 24533 bytes je sais que ça n'est pas très cohérent, falkra, pourtant je t'assure que je n'ai rien fait !!!

déjà fait une sauveagarde avec copieur expert 8. et y a pas de partition cachée (sinon il me l'aurait montré) bon on va testé xp restoration

en fait c'est le pc d'une amie. c'est un packard bell vraisemblablement acheté en grande surface et ... elle a pas ou plus le Cd, évidemment, ç'aurait été trop beau ! Moi, j'ai mon cd xp mais j'ai un peu peur de faire la réinstall depuis le mien : et si y avait une petite diff de version entre ces deux cd ? bon , c'est sur, vu que rien ne démarre, le risque d'empirer et minime. qu'en penses-tu ?

Si mais ce sont des vieilles versions qui s'y trouvent ! (fev 2002 !!)

j'ai été voir les solutions proposées mais elles sont soit inapplicables (il n'y avait AUCUN point de restauration dans le pc), soit inintéressante (restaurer XP à la date de création/installation d'XP sans aucun programme ni driver installé? quel intérêt ?) Tu ne connaîtrais pas une logiciel capable de vérifier le fichier SYSTEM ? si ça se trouve ya juste qq octets corrompus et ça plante ... en plus , la taille du fichier a l'air bonne (7Mo) !

bonjour falkra merci pour ta réponse. voici le message de l'écran bleu : Stop : c0000218 {Défaillance d'un fichier du Registre} Le Registre ne peut pas charger la ruche (fichier) : \SystemRoot\System32\Config\SYSTEM ou son journal ou sa copie Il est endomagé ou corrompu ou protégé en écriture. vidage mémoire blabla donc tu penses que antivir n'y est pour rien ???

bonsoir à toute l'équipe sécurité mon pc est bien infecté : antivir crie dès le démarage de windows. Pour gagner du temps AVANT de demander votre aide, j'ai lancé le CD d'antivir (CD de boot) , j'ai laissé tourné, ça a désinfecté qq trucs et ... WINDOWS REFUSE DE DEMARRER MAINTENANT : problème avec le fichier SYSTEM (pb de ruche) et écran bleu d'arrêt. donc je n'ai même pas pu faire de rapport Hijack ! Evidemment, il n'y avait pas de sauvegarde automatique donc pas de restauration systeme possible. MA QUESTION : Antivir a-t-il vraiment pu "massacrer" le registre comme ça ???? SI les dégats sont légers, les fichiers de la ruche sont-ils réparables avec un utilitaire ? si vous avez une bonne idée ... merci le log d'antivir AntiVir / Linux Version 2.1.12-96 Copyright © 2008 by Avira GmbH. All rights reserved. Report created on 02/26/2009 23:39:11 Command line: --archive-max-size=555953K -ren -s --scan-in-archive --allfiles --alltypes --scan-in-mbox -e --with-dialer --with-joke --with-game --with-spr / -ro -rf/tmp/avlogfile -r1 Warning: The file "antivir.vdf" is more than 14 days old. VDF version: 7.1.0.195 created 05 Dec 2008 AntiVir license: 149995 for AntiVir Rescue System checking drive/path (list): / /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/DivagoSurfairy.zip Date: 19.11.2006 Time: 15:56:00 Size: 49182 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/DivagoSurfairy1.zip Date: 19.11.2006 Time: 15:56:01 Size: 793 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/DivagoSurfairy2.zip Date: 19.11.2006 Time: 15:56:01 Size: 841 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/DivagoSurfairy3.zip Date: 19.11.2006 Time: 15:56:02 Size: 804 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/DivagoSurfairy4.zip Date: 19.11.2006 Time: 15:56:02 Size: 709 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/DivagoSurfairy5.zip Date: 19.11.2006 Time: 15:56:02 Size: 905 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/DivagoSurfairy6.zip Date: 19.11.2006 Time: 15:56:02 Size: 927 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/DivagoSurfairy7.zip Date: 19.11.2006 Time: 15:56:03 Size: 718 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard.zip Date: 19.11.2006 Time: 15:56:04 Size: 146865 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard1.zip Date: 19.11.2006 Time: 15:56:04 Size: 140636 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard2.zip Date: 19.11.2006 Time: 15:56:04 Size: 672 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard3.zip Date: 19.11.2006 Time: 15:56:04 Size: 878 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard4.zip Date: 19.11.2006 Time: 15:56:05 Size: 981 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard5.zip Date: 19.11.2006 Time: 15:56:05 Size: 430 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard6.zip Date: 19.11.2006 Time: 15:56:05 Size: 769 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard7.zip Date: 19.11.2006 Time: 15:56:06 Size: 715 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/ErrorGuard8.zip Date: 19.11.2006 Time: 15:56:06 Size: 785 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb.zip Date: 19.11.2006 Time: 16:27:42 Size: 744 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb1.zip Date: 19.11.2006 Time: 16:27:43 Size: 906 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb10.zip Date: 19.11.2006 Time: 16:27:45 Size: 736 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb11.zip Date: 19.11.2006 Time: 16:27:45 Size: 746 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb12.zip Date: 19.11.2006 Time: 16:27:46 Size: 724 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb13.zip Date: 19.11.2006 Time: 16:27:46 Size: 723 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb14.zip Date: 19.11.2006 Time: 16:27:46 Size: 734 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb2.zip Date: 19.11.2006 Time: 16:27:43 Size: 884 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb3.zip Date: 19.11.2006 Time: 16:27:43 Size: 850 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb4.zip Date: 19.11.2006 Time: 16:27:43 Size: 848 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb5.zip Date: 19.11.2006 Time: 16:27:43 Size: 813 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb6.zip Date: 19.11.2006 Time: 16:27:44 Size: 807 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb7.zip Date: 19.11.2006 Time: 16:27:44 Size: 1243 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb8.zip Date: 19.11.2006 Time: 16:27:45 Size: 740 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWeb9.zip Date: 19.11.2006 Time: 16:27:45 Size: 749 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts.zip Date: 19.11.2006 Time: 15:56:06 Size: 942 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts1.zip Date: 19.11.2006 Time: 15:56:06 Size: 910 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts10.zip Date: 19.11.2006 Time: 15:56:09 Size: 737 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts11.zip Date: 19.11.2006 Time: 15:56:10 Size: 746 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts12.zip Date: 19.11.2006 Time: 15:56:10 Size: 737 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts13.zip Date: 19.11.2006 Time: 15:56:10 Size: 745 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts14.zip Date: 19.11.2006 Time: 15:56:10 Size: 749 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts15.zip Date: 19.11.2006 Time: 15:56:10 Size: 759 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts16.zip Date: 19.11.2006 Time: 15:56:10 Size: 744 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts17.zip Date: 19.11.2006 Time: 15:56:10 Size: 753 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts2.zip Date: 19.11.2006 Time: 15:56:06 Size: 918 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts3.zip Date: 19.11.2006 Time: 15:56:07 Size: 945 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts4.zip Date: 19.11.2006 Time: 15:56:07 Size: 677 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts6.zip Date: 19.11.2006 Time: 15:56:07 Size: 676 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts7.zip Date: 19.11.2006 Time: 15:56:07 Size: 675 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts8.zip Date: 19.11.2006 Time: 15:56:09 Size: 190938 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts9.zip Date: 19.11.2006 Time: 15:56:09 Size: 810 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Hotbar.zip Date: 19.11.2006 Time: 16:01:54 Size: 612 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Hotbar1.zip Date: 19.11.2006 Time: 16:02:03 Size: 852 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Hotbar2.zip Date: 19.11.2006 Time: 16:02:07 Size: 755 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Hotbar3.zip Date: 19.11.2006 Time: 16:02:09 Size: 783 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Hotbar4.zip Date: 19.11.2006 Time: 16:02:10 Size: 765 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Hotbar5.zip Date: 19.11.2006 Time: 16:02:11 Size: 780 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Hotbar6.zip Date: 19.11.2006 Time: 16:02:11 Size: 782 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/HotsearchBar.zip Date: 19.11.2006 Time: 16:02:38 Size: 2933 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip Date: 19.11.2006 Time: 16:02:40 Size: 785 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip Date: 19.11.2006 Time: 16:02:41 Size: 784 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/FunWebProducts5.zip Date: 19.11.2006 Time: 15:56:07 Size: 676 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip Date: 19.11.2006 Time: 16:02:39 Size: 787 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch11.zip Date: 19.11.2006 Time: 16:02:48 Size: 683 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch26.zip Date: 19.11.2006 Time: 16:02:59 Size: 798 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch1.zip Date: 19.11.2006 Time: 16:03:00 Size: 805 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch7.zip Date: 19.11.2006 Time: 16:03:02 Size: 781 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch12.zip Date: 19.11.2006 Time: 16:02:48 Size: 864 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch13.zip Date: 19.11.2006 Time: 16:02:48 Size: 818 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch14.zip Date: 19.11.2006 Time: 16:02:48 Size: 816 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch15.zip Date: 19.11.2006 Time: 16:02:55 Size: 937290 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch16.zip Date: 19.11.2006 Time: 16:02:56 Size: 1758 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch17.zip Date: 19.11.2006 Time: 16:02:56 Size: 780 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch18.zip Date: 19.11.2006 Time: 16:02:57 Size: 779 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch19.zip Date: 19.11.2006 Time: 16:02:57 Size: 883 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch2.zip Date: 19.11.2006 Time: 16:02:44 Size: 945 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch20.zip Date: 19.11.2006 Time: 16:02:58 Size: 747 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch21.zip Date: 19.11.2006 Time: 16:02:58 Size: 756 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch22.zip Date: 19.11.2006 Time: 16:02:58 Size: 749 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch23.zip Date: 19.11.2006 Time: 16:02:58 Size: 759 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch24.zip Date: 19.11.2006 Time: 16:02:59 Size: 743 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch25.zip Date: 19.11.2006 Time: 16:02:59 Size: 753 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch27.zip Date: 19.11.2006 Time: 16:02:59 Size: 795 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch28.zip Date: 19.11.2006 Time: 16:02:59 Size: 810 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch29.zip Date: 19.11.2006 Time: 16:02:59 Size: 799 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch3.zip Date: 19.11.2006 Time: 16:02:45 Size: 923 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch30.zip Date: 19.11.2006 Time: 16:02:59 Size: 815 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch31.zip Date: 19.11.2006 Time: 16:27:47 Size: 24017 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch32.zip Date: 27.05.2007 Time: 15:57:19 Size: 24017 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch4.zip Date: 19.11.2006 Time: 16:02:45 Size: 875 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch5.zip Date: 19.11.2006 Time: 16:02:45 Size: 683 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch6.zip Date: 19.11.2006 Time: 16:02:46 Size: 848 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch7.zip Date: 19.11.2006 Time: 16:02:46 Size: 683 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch8.zip Date: 19.11.2006 Time: 16:02:46 Size: 794 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch9.zip Date: 19.11.2006 Time: 16:02:47 Size: 865 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch.zip Date: 19.11.2006 Time: 16:02:59 Size: 758 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch.zip Date: 19.11.2006 Time: 16:02:42 Size: 896 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch1.zip Date: 19.11.2006 Time: 16:02:43 Size: 731 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWayMyWebSearch10.zip Date: 19.11.2006 Time: 16:02:47 Size: 933 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch10.zip Date: 19.11.2006 Time: 16:03:04 Size: 801 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch11.zip Date: 19.11.2006 Time: 16:03:04 Size: 794 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch12.zip Date: 19.11.2006 Time: 16:03:05 Size: 798 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch13.zip Date: 19.11.2006 Time: 16:03:05 Size: 802 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch14.zip Date: 19.11.2006 Time: 16:03:05 Size: 802 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch15.zip Date: 19.11.2006 Time: 16:03:06 Size: 798 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch16.zip Date: 19.11.2006 Time: 16:03:06 Size: 793 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch17.zip Date: 19.11.2006 Time: 16:03:06 Size: 784 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch18.zip Date: 19.11.2006 Time: 16:03:07 Size: 780 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch19.zip Date: 19.11.2006 Time: 16:03:07 Size: 796 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch2.zip Date: 19.11.2006 Time: 16:03:00 Size: 799 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch20.zip Date: 19.11.2006 Time: 16:03:07 Size: 789 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch3.zip Date: 19.11.2006 Time: 16:03:01 Size: 802 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch4.zip Date: 19.11.2006 Time: 16:03:01 Size: 805 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch5.zip Date: 19.11.2006 Time: 16:03:02 Size: 802 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch6.zip Date: 19.11.2006 Time: 16:03:02 Size: 803 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch8.zip Date: 19.11.2006 Time: 16:03:03 Size: 798 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MyWebSearch9.zip Date: 19.11.2006 Time: 16:03:03 Size: 795 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/RegistryOptimizer.zip Date: 19.11.2006 Time: 16:03:08 Size: 878 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/RegistryOptimizer1.zip Date: 19.11.2006 Time: 16:03:09 Size: 787 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/SmitfraudCToolbar.zip Date: 19.11.2006 Time: 16:03:09 Size: 916 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Swizzor.zip Date: 19.11.2006 Time: 16:03:12 Size: 188707 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Swizzor1.zip Date: 19.11.2006 Time: 16:03:12 Size: 776 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Swizzor2.zip Date: 19.11.2006 Time: 16:03:13 Size: 771 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Swizzor3.zip Date: 19.11.2006 Time: 16:03:14 Size: 764 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/Swizzor4.zip Date: 19.11.2006 Time: 16:03:16 Size: 759 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/TeknumUpdater.zip Date: 19.11.2006 Time: 16:27:47 Size: 731 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/TeknumUpdater1.zip Date: 19.11.2006 Time: 16:27:48 Size: 12972 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/WinsoftwareWinAntiVirusPro.zip Date: 19.11.2006 Time: 16:03:17 Size: 675 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/chercher le garcon.mp3 Date: 06.09.2008 Time: 21:40:01 Size: 5745425 ALERT: [EXP/ASF.GetCodec.Gen] /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/chercher le garcon.mp3 <<< Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen not removable file renamed. /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/mon ptit gars.mp3 Date: 17.12.2008 Time: 17:58:19 Size: 3545425 ALERT: [EXP/ASF.GetCodec.Gen] /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/mon ptit gars.mp3 <<< Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen not removable file renamed. //mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/julien dore.mp3 Date: 06.09.2008 Time: 21:23:31 Size: 5745425 ALERT: [EXP/ASF.GetCodec.Gen] /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/julien dore.mp3 <<< Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen not removable file renamed. /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/when i grow up pussicat dols(hot remix).mp3 Date: 17.12.2008 Time: 18:26:36 Size: 5745425 ALERT: [EXP/ASF.GetCodec.Gen] /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/when i grow up pussicat dols(hot remix).mp3 <<< Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen not removable file renamed. /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/when i grow up pussicat dols.mp3 Date: 17.12.2008 Time: 18:38:27 Size: 3545425 ALERT: [EXP/ASF.GetCodec.Gen] /mnt/hda1/Documents and Settings/mr boua.SN4970687158/Shared/when i grow up pussicat dols.mp3 <<< Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen not removable file renamed. /mnt/hda1/DRIVERS/OTHER.EXE Date: 04.07.2000 Time: 08:16:52 Size: 41136 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/DRIVERS/MCDBF/SOURCE1/OTHER.EXE Date: 04.07.2000 Time: 08:16:52 Size: 41136 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/DRIVERS/MCDBF/SOURCE1/TSADDON.EXE Date: 29.09.2001 Time: 14:26:50 Size: 114494 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/APPS/Packard Bell Companion/settings.pak Date: 30.04.2002 Time: 09:24:08 Size: 889 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/APPS/Packard Bell Companion/users/usersettings.pak Date: 29.04.2002 Time: 16:18:24 Size: 541 WARNING: archive not completely scanned: contents encrypted /mnt/hda1/Program Files/MSN Messenger/riched20.dll Date: 22.05.2005 Time: 19:25:57 Size: 24576 ALERT: [ADSPY/Mywebsearch.A.47] /mnt/hda1/Program Files/MSN Messenger/riched20.dll <<< Contains detection pattern of the Ad- or Spyware ADSPY/Mywebsearch.A.47 not removable file renamed. /mnt/hda1/Program Files/Microsoft AntiSpyware/Quarantine/227A23C2-19E7-49F9-9172-4074F2/E4C519D8-3E43-416E-AD46-0E0A93 Date: 27.12.2001 Time: 12:57:24 Size: 294912 ALERT: [ADSPY/Hotbar.EA] /mnt/hda1/Program Files/Microsoft AntiSpyware/Quarantine/227A23C2-19E7-49F9-9172-4074F2/E4C519D8-3E43-416E-AD46-0E0A93 <<< Contains detection pattern of the Ad- or Spyware ADSPY/Hotbar.EA not removable file renamed. /mnt/hda1/WINDOWS/RESTORE.INS Date: 17.01.2002 Time: 21:12:53 Size: 1500311 ALERT: [sPR/PsKill.A.13] /mnt/hda1/WINDOWS/RESTORE.INS --> C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE <<< Contains detection pattern of the SPR/PsKill.A.13 program file renamed. /mnt/hda1/WINDOWS/system32/f3PSSavr.scr Date: 22.05.2005 Time: 19:25:57 Size: 28672 ALERT: [ADSPY/Mywebsearch.A.46] /mnt/hda1/WINDOWS/system32/f3PSSavr.scr <<< Contains detection pattern of the Ad- or Spyware ADSPY/Mywebsearch.A.46 not removable file renamed. /mnt/hda1/WINDOWS/system/RESTORE.INS Date: 17.01.2002 Time: 21:12:53 Size: 1500311 ALERT: [sPR/PsKill.A.13] /mnt/hda1/WINDOWS/system/RESTORE.INS --> C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE <<< Contains detection pattern of the SPR/PsKill.A.13 program file renamed. ------ scan results ------ directories: 10652 scanned files: 373152 skipped files: 1 alerts: 11 suspicious: 0 repaired: 0 deleted: 0 renamed: 11 quarantined: 0 warnings: 131 scan time: 01:00:48 --------------------------

Re; Voila c'est fixé ! A part ça, il n'y a pas de partition E ! (une principale C; 2 CD; 4 disques amovibles) (E est un des lecteurs CD) a+ NB : tu m'avais dit "Edit: si tu ne parviens pas à faire le scan en ligne (à cause de la connexion) on téléchargera un utilitaire pour nettoyer comme il faut ." je suis très interessé par ce soft car ça fait longtemps que j'en cherche ! (ça m'évitera de démonter les HD de mes amis, j'en ai assez de bossé le PC ouvert

bonjour charles; voici le rapport HIJACKTHIS ci dessous (nb : d'où sort le fichier dans E:\RECYCLER que tu m'as dit d'effacer ? je n'ai même pas de disk dur E dans le PC de mon ami ! sinon pour le reste il n'y a pas eu de problème) bonne journée Logfile of HijackThis v1.99.1 Scan saved at 13:31:42, on 27/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Labtec\Mouse\2.1\moffice.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\UltimateZip 2007\uzqkst.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [uabwrqf] c:\windows\system32\uabwrqf.exe uabwrqf O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

bonsoir ! j'ai fait les opérations demandées. Pour le scan avec PANDA, j'ai branché le HD de mon ami sur mon pc et j'ai scanné (comme ça, plus de pb de connection internet !) voici le rapport bonne nuit ! Incident Statut Analyse Spyware:Cookie/RealMedia No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@247realmedia[1].txt Spyware:Cookie/2o7 No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@2o7[2].txt Spyware:Cookie/YieldManager No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@ad.yieldmanager[2].txt Spyware:Cookie/PointRoll No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@ads.pointroll[2].txt Spyware:Cookie/Adtech No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@adtech[2].txt Spyware:Cookie/Advertising No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@advertising[1].txt Spyware:Cookie/Atlas DMT No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@atdmt[2].txt Spyware:Cookie/Serving-sys No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@bs.serving-sys[2].txt Spyware:Cookie/Doubleclick No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@doubleclick[2].txt Spyware:Cookie/FastClick No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@fastclick[1].txt Spyware:Cookie/FastClick No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@media.fastclick[2].txt Spyware:Cookie/Mediaplex No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@mediaplex[1].txt Spyware:Cookie/Overture No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@overture[1].txt Spyware:Cookie/Serving-sys No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@serving-sys[1].txt Spyware:Cookie/Smartadserver No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@smartadserver[1].txt Spyware:Cookie/Statcounter No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@statcounter[1].txt Spyware:Cookie/WebtrendsLive No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@statse.webtrendslive[2].txt Spyware:Cookie/Tradedoubler No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@tradedoubler[2].txt Spyware:Cookie/Tribalfusion No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@tribalfusion[2].txt Spyware:Cookie/Weborama No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@xiti[1].txt Spyware:Cookie/Zedo No Désinfecté E:\Documents and Settings\AVI\Cookies\avi@zedo[2].txt Spyware:Cookie/adultfriendfinder No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@adultfriendfinder[2].txt Spyware:Cookie/Advertising No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@advertising[1].txt Spyware:Cookie/Atlas DMT No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@atdmt[2].txt Spyware:Cookie/Bluestreak No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@bluestreak[1].txt Spyware:Cookie/Serving-sys No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@bs.serving-sys[1].txt Spyware:Cookie/Doubleclick No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@doubleclick[1].txt Spyware:Cookie/Winantivirus No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@go.winantispyware[1].txt Spyware:Cookie/Mediaplex No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@mediaplex[1].txt Spyware:Cookie/Serving-sys No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@serving-sys[1].txt Spyware:Cookie/Reliablestats No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@stats1.reliablestats[2].txt Spyware:Cookie/Tradedoubler No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@tradedoubler[1].txt Spyware:Cookie/Weborama No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@weborama[1].txt Spyware:Cookie/Xiti No Désinfecté E:\Documents and Settings\cecile\Cookies\cecile@xiti[1].txt Outil indésirable:Application/DriveCleaner No Désinfecté E:\Driver\installdrivecleanerstart_fr.exe Outil indésirable:Application/Processor No Désinfecté E:\Program Files\Navilog1\Process.exe Outil indésirable:Application/DriveCleaner No Désinfecté E:\RECYCLER\S-1-5-21-1935655697-1770027372-839522115-1003\Dc283\SDRmon.exe Outil indésirable:Application/InternetGameBox No Désinfecté E:\System Volume Information\_restore{03E57067-618F-432D-9155-A0A9631DF6DF}\RP324\A0272421.exe Adware:Adware/NaviPromo No Désinfecté E:\System Volume Information\_restore{03E57067-618F-432D-9155-A0A9631DF6DF}\RP324\A0272422.exe[²ÜÇ\NSUtils.dll] Outil indésirable:Application/Processor No Désinfecté E:\System Volume Information\_restore{03E57067-618F-432D-9155-A0A9631DF6DF}\RP324\A0272424.exe Adware:Adware/NaviPromo No Désinfecté E:\System Volume Information\_restore{E24ACB87-6A60-4DEC-BE0C-37EF323FB3A6}\RP438\A1167160.exe[²ÜÇ\NSUtils.dll] Outil indésirable:Application/InternetGameBox No Désinfecté E:\System Volume Information\_restore{E24ACB87-6A60-4DEC-BE0C-37EF323FB3A6}\RP438\A1167160.exe[internetGameBox.exe] Outil indésirable:Application/DriveCleaner No Désinfecté E:\System Volume Information\_restore{E24ACB87-6A60-4DEC-BE0C-37EF323FB3A6}\RP438\A1167276.exe

Bonsoir Charles Ingals. Quelle réponse rapide !!! j'ai fait ce que tu as demandé. voici les rapports : Encore merci pour ton aide. Clean Navipromo version 2.0.5 commencé le 26/07/2007 à 2:19:46,32 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** fsbl1.txt non trouvé *** (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche) *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\InternetGameBox ...suppression... C:\Program Files\InternetGameBox supprimé ! *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\AVI\Application Data *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\AVI\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique : * C:\WINDOWS\System32\uabwrqf.dat trouvé ! Copie C:\WINDOWS\system32\uabwrqf.dat réalise avec succes ! C:\WINDOWS\system32\uabwrqf.dat supprimé ! ** *** **** ***** C:\WINDOWS\System32\uabwrqf_nav.dat trouvé ! Copie C:\WINDOWS\system32\uabwrqf_nav.dat réalise avec succes ! C:\WINDOWS\system32\uabwrqf_nav.dat supprimé ! ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! 4)Certificats : Certificat Egroup supprimé ! *** Nettoyage termine le 26/07/2007 à 2:22:06,07 *** DiagHelp version v1.1.2 - http://www.malekal.com excute le 26/07/2007 à 2:23:02,64 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\asctrm.sys -->19/03/2007 00:43:22 C:\WINDOWS\System32/drivers\nwrdr.sys -->13/10/2006 12:23:15 C:\WINDOWS\System32/drivers\fltmgr.sys -->21/08/2006 11:14:58 C:\WINDOWS\System32/drivers\tcpip6.sys -->16/08/2006 11:37:30 C:\WINDOWS\System32/drivers\srv.sys -->14/08/2006 12:34:41 C:\WINDOWS\System32/drivers\rmcast.sys -->13/07/2006 10:48:58 C:\WINDOWS\System32/drivers\wdmaud.sys -->14/06/2006 11:00:45 C:\WINDOWS\System32\_nvidia_xxx_.log -->26/07/2007 02:21:00 C:\WINDOWS\System32\nmp.log -->26/07/2007 02:19:43 C:\WINDOWS\System32\wpa.dbl -->24/07/2007 12:09:21 C:\WINDOWS\System32\PerfStringBackup.INI -->08/07/2007 21:26:04 C:\WINDOWS\System32\perfh00C.dat -->08/07/2007 21:26:04 C:\WINDOWS\System32\perfh009.dat -->08/07/2007 21:26:04 C:\WINDOWS\System32\perfc00C.dat -->08/07/2007 21:26:04 C:\WINDOWS\System32\perfc009.dat -->08/07/2007 21:26:04 C:\WINDOWS\System32\FNTCACHE.DAT -->13/04/2007 13:24:33 C:\WINDOWS\System32\MRT.exe -->03/04/2007 22:48:52 C:\WINDOWS\System32\rmoc3260.dll -->19/03/2007 00:43:19 C:\WINDOWS\System32\prefscpl.cpl -->19/03/2007 00:43:17 C:\WINDOWS\System32\pndx5032.dll -->19/03/2007 00:43:17 C:\WINDOWS\System32\pndx5016.dll -->19/03/2007 00:43:17 C:\WINDOWS\System32\pncrt.dll -->19/03/2007 00:43:17 C:\WINDOWS\System32\winsrv.dll -->17/03/2007 15:44:47 C:\WINDOWS\System32\xpsp3res.dll -->09/03/2007 12:24:03 C:\WINDOWS\System32\user32.dll -->08/03/2007 17:37:50 C:\WINDOWS\System32\mf3216.dll -->08/03/2007 17:37:50 C:\WINDOWS\System32\gdi32.dll -->08/03/2007 17:37:50 C:\WINDOWS\System32\win32k.sys -->08/03/2007 17:33:58 C:\WINDOWS\System32\ntoskrnl.exe -->28/02/2007 18:02:36 C:\WINDOWS\System32\ntkrnlpa.exe -->28/02/2007 18:02:36 C:\WINDOWS\System32\TZLog.log -->18/02/2007 12:13:25 C:\WINDOWS\System32\upnphost.dll -->05/02/2007 22:19:06 C:\WINDOWS.log -->26/07/2007 02:21:34 C:\WINDOWS\wiadebug.log -->26/07/2007 02:21:03 C:\WINDOWS\WindowsUpdate.log -->26/07/2007 02:21:02 C:\WINDOWS\wiaservc.log -->26/07/2007 02:21:01 C:\WINDOWS\bootstat.dat -->26/07/2007 02:20:59 C:\WINDOWS\SchedLgU.Txt -->26/07/2007 02:20:19 C:\WINDOWS\setupapi.log -->26/07/2007 02:17:40 C:\WINDOWS\nsw.log -->25/07/2007 22:17:55 C:\WINDOWS\wmsetup.log -->12/07/2007 15:26:06 C:\WINDOWS\wmsetup10.log -->08/07/2007 21:28:08 C:\WINDOWS\tsoc.log -->08/07/2007 21:26:07 C:\WINDOWS\tabletoc.log -->08/07/2007 21:26:07 C:\WINDOWS\ocmsn.log -->08/07/2007 21:26:07 C:\WINDOWS\ocgen.log -->08/07/2007 21:26:07 C:\WINDOWS\ntdtcsetup.log -->08/07/2007 21:26:07 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est CC6A-15BD Répertoire de C:\WINDOWS\system32 19/08/2004 17:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 92 627 529 728 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est CC6A-15BD Répertoire de C:\WINDOWS\Downloaded Program Files 08/07/2007 21:21 <REP> . 08/07/2007 21:21 <REP> .. 07/12/2004 17:07 32 bdcore.dll 25/05/2006 01:21 118 784 bdupd.dll 01/12/2005 10:53 65 desktop.ini 14/10/1997 19:52 697 DirectAnimation Java Classes.osd 10/04/2000 18:12 1 765 fhg.inf 25/05/2006 01:21 53 248 ipsupd.dll 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 08/10/2004 16:01 372 736 MsnPUpld.dll 08/10/2004 16:13 587 MSNPupld.inf 01/06/2006 02:57 1 331 oscan8.inf 01/06/2006 02:54 471 040 oscan8.ocx 31/05/2006 04:15 10 oscan81.ocx_x 22/09/2004 15:59 110 592 PURen-us.dll 15/10/2004 07:59 110 592 PURfr-xx.dll 14/03/2005 14:58 7 073 scanoptions.tsi 18 fichier(s) 1 257 279 octets Total des fichiers listés : 18 fichier(s) 1 257 279 octets 2 Rép(s) 92 627 525 632 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-26 02:23:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 588 - smss.exe 668 - csrss.exe 692 - winlogon.exe 736 - services.exe 748 - lsass.exe 892 - ati2evxx.exe 904 - svchost.exe 980 - svchost.exe 1024 - svchost.exe 1072 - svchost.exe 1124 - svchost.exe 1320 - spoolsv.exe 1464 - Apache.exe 1528 - Rtvscan.exe 1576 - nSvcIp.exe 1676 - svchost.exe 1736 - nSvcAppFlt.exe 1864 - Apache.exe 2328 - alg.exe 2648 - ati2evxx.exe 2684 - cmd.exe 2864 - wmiprvse.exe 3640 - wuauclt.exe 3952 - explorer.exe Total number of processes = 25 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7ADC000 - \WINDOWS\system32\KDCOM.DLL F79EC000 - \WINDOWS\system32\BOOTVID.dll F74B5000 - d347bus.sys F7486000 - ACPI.sys F7ADE000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F7475000 - pci.sys F75DC000 - isapnp.sys F7BA4000 - pciide.sys F785C000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F75EC000 - MountMgr.sys F7456000 - ftdisk.sys F7AE0000 - dmload.sys F7430000 - dmio.sys F7864000 - PartMgr.sys F75FC000 - VolSnap.sys F7418000 - atapi.sys F7401000 - nvata.sys F7AE2000 - d347prt.sys F73E9000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F760C000 - disk.sys F761C000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F73C9000 - fltmgr.sys F73B7000 - sr.sys F73A0000 - KSecDD.sys F7313000 - Ntfs.sys F72E6000 - NDIS.sys F72CB000 - Mup.sys F66EB000 - \SystemRoot\System32\DRIVERS\AmdK8.sys F7944000 - \SystemRoot\System32\DRIVERS\usbohci.sys F6213000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F794C000 - \SystemRoot\System32\DRIVERS\usbehci.sys F5FE2000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F5FBE000 - \SystemRoot\system32\drivers\portcls.sys F66DB000 - \SystemRoot\system32\drivers\drmk.sys F5F9B000 - \SystemRoot\system32\drivers\ks.sys F66CB000 - \SystemRoot\System32\DRIVERS\cdrom.sys F66BB000 - \SystemRoot\System32\DRIVERS\redbook.sys F7954000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F66AB000 - \SystemRoot\System32\DRIVERS\imapi.sys F7A80000 - \SystemRoot\System32\DRIVERS\nvnetbus.sys F5F5B000 - \SystemRoot\System32\DRIVERS\NVNRM.SYS F5F28000 - \SystemRoot\System32\DRIVERS\NVSNPU.SYS F5DE8000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys F5DD4000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F7B30000 - \SystemRoot\System32\DRIVERS\ASACPI.sys F795C000 - \SystemRoot\system32\DRIVERS\fdc.sys F5DC3000 - \SystemRoot\System32\DRIVERS\serial.sys F7A84000 - \SystemRoot\System32\DRIVERS\serenum.sys F5DAF000 - \SystemRoot\System32\DRIVERS\parport.sys F669B000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F7964000 - \SystemRoot\System32\DRIVERS\mouclass.sys F796C000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F7C9E000 - \SystemRoot\system32\drivers\msmpu401.sys F7A88000 - \SystemRoot\System32\DRIVERS\gameenum.sys F7C9F000 - \SystemRoot\System32\DRIVERS\audstub.sys F668B000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F7A8C000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F5D98000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F667B000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F666B000 - \SystemRoot\System32\DRIVERS\raspptp.sys F7974000 - \SystemRoot\System32\DRIVERS\TDI.SYS F5CE7000 - \SystemRoot\System32\DRIVERS\psched.sys F773C000 - \SystemRoot\System32\DRIVERS\msgpc.sys F797C000 - \SystemRoot\System32\DRIVERS\ptilink.sys F7984000 - \SystemRoot\System32\DRIVERS\raspti.sys F5CB6000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F774C000 - \SystemRoot\System32\DRIVERS\termdd.sys F7B32000 - \SystemRoot\System32\DRIVERS\swenum.sys F5C5A000 - \SystemRoot\System32\DRIVERS\update.sys F7AA8000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F7AAC000 - \SystemRoot\system32\drivers\WmBEnum.sys F775C000 - \SystemRoot\system32\drivers\WmXlCore.sys F776C000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7B34000 - \SystemRoot\System32\DRIVERS\USBD.SYS F579B000 - \SystemRoot\System32\Drivers\NDProxy.SYS F578B000 - \SystemRoot\System32\DRIVERS\NVENETFD.sys F78D4000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F7B14000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS B4EB9000 - \SystemRoot\System32\Drivers\Null.SYS F7B16000 - \SystemRoot\System32\Drivers\Beep.SYS B5653000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS B564B000 - \SystemRoot\System32\drivers\vga.sys F7B18000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B1A000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys B5643000 - \SystemRoot\System32\Drivers\Msfs.SYS B563B000 - \SystemRoot\System32\Drivers\Npfs.SYS B6105000 - \SystemRoot\System32\DRIVERS\rasacd.sys B4A7C000 - \SystemRoot\System32\DRIVERS\ipsec.sys B4A24000 - \SystemRoot\System32\DRIVERS\tcpip.sys B4A0B000 - \SystemRoot\System32\DRIVERS\NVTcp.sys B49E3000 - \SystemRoot\System32\DRIVERS\netbt.sys B5A26000 - \SystemRoot\System32\drivers\ws2ifsl.sys B49C1000 - \SystemRoot\System32\drivers\afd.sys B5023000 - \SystemRoot\System32\DRIVERS\netbios.sys B4996000 - \SystemRoot\System32\DRIVERS\rdbss.sys B4927000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys B5003000 - \SystemRoot\System32\Drivers\Fips.SYS B4906000 - \SystemRoot\System32\DRIVERS\ipnat.sys B4FF3000 - \SystemRoot\System32\DRIVERS\wanarp.sys B50BF000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS AD64F000 - \SystemRoot\System32\Drivers\Fastfat.SYS AD638000 - \SystemRoot\System32\Drivers\dump_nvata.sys AF6A1000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys ADAF5000 - \SystemRoot\System32\drivers\Dxapi.sys ADB50000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7CEE000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA12000 - \SystemRoot\System32\ati2cqag.dll BFA45000 - \SystemRoot\System32\atikvmag.dll BFA79000 - \SystemRoot\System32\ati3duag.dll BFCBA000 - \SystemRoot\System32\ativvaxx.dll F5738000 - \SystemRoot\System32\DRIVERS\ndisuio.sys AB60B000 - \SystemRoot\System32\DRIVERS\mrxdav.sys AD9A0000 - \SystemRoot\System32\Drivers\ParVdm.SYS AD80C000 - \SystemRoot\System32\Drivers\ASCTRM.SYS AB5AA000 - \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS AB558000 - \SystemRoot\System32\DRIVERS\srv.sys AB06F000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS AB031000 - \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys AAF5F000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070721.005\NAVEX15.sys AAF4C000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070721.005\NAVENG.sys AAEBB000 - \SystemRoot\System32\Drivers\HTTP.sys AAE56000 - \SystemRoot\system32\drivers\wdmaud.sys F5449000 - \SystemRoot\system32\drivers\sysaudio.sys F7CCA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 129 Liste des programmes installes Adibou et Les Voleurs d'Energie Démo Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Reader 7.0.8 Adobe® Photoshop® Album Edition Découverte 3.0 ArcSoft Panorama Maker 3 ArcSoft PhotoImpression ArcSoft PhotoStudio 5.5 ArcSoft VideoImpression 1.6 AsusUpdate Athlon 64 Processor Driver ATI - Utilitaire de désinstallation du logiciel ATI Catalyst Control Center ATI Display Driver ATI HYDRAVISION AutoUpdate BubbleBall BufferChm Cannon Smash Canon CanoScan Toolbox 4.9 Canon ScanGear Starter Cedric - La chasse au trésor Chicken Attack Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Counter-Strike: Condition Zero CustomerResearchQFolder DAEMON Tools Destinations DeviceFunctionQFolder DeviceManagementQFolder DivX eSupportQFolder EVEREST Home Edition v1.50 Five A Side Football Foot Quiz Challenge Ford Racing 2 Frankie Les Aventuriers du Temps Google Toolbar for Internet Explorer HijackThis 1.99.1 Hijackthis Version Française HP Deskjet 3900 series HP Extended Capabilities 5.0 HP Image Zone Express HP Imaging Device Functions 5.0 HP Software Update HP Solution Center & Imaging Support Tools 5.0 HPDeskjet3900Series HPProductAssistant Interactive Mishna InterActual Player iPod for Windows 2006-06-28 iPod for Windows 2006-06-28 iTunes iTunes Labtec Mouse V2.1 Le Monde de Nemo : Une Odyssée Sous-Marine Le Monde de Nemo : Une Odyssée Sous-Marine LiveUpdate 1.80 (Symantec Corporation) Logitech Gaming Software MarketResearch Media Player Classic fr Microsoft .NET Framework 1.1 Microsoft Office Professional Edition 2003 Microsoft PowerPoint Viewer 97 Microsoft Word Viewer 97 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899589) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB931836) My DSC Nathan Français CE2 Nathan Français CM2 Nathan Mathématiques CM1 Navilog1 Version 2.0.5 Nikon FotoShare Nikon Message Center NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA ForceWare Network Access Manager OmniPage SE 2.0 Oui-Oui -En route pour l'école Panneau de contrôle ATI Philips Digital Audio Player PictureProject PowerDVD PowerPuffs Screen Saver QuickTime QuickTime RealPlayer Basic Realtek AC'97 Audio SLD Codec Pack SolutionCenter Spybot - Search & Destroy 1.4 Starsky&Hutch Status Symantec AntiVirus Client Tibère et la Maison Bleue - Tibère Découvre les 5 sens Total Immersion Racing TrayApp UltimateZip 2007 VideoLAN VLC media player 0.8.4 Viewpoint Media Player Voyage au Pays de la Lecture WebFldrs XP WebReg Windows Genuine Advantage Validation Tool Windows Installer 3.1 (KB893803) Windows Live Messenger Windows XP Service Pack 2 Yahoo! Toolbar zoo Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est CC6A-15BD Répertoire de C:\Program Files 26/07/2007 02:21 <REP> . 26/07/2007 02:21 <REP> .. 14/05/2006 14:08 <REP> Adobe 01/12/2005 11:02 <REP> AMD 02/02/2006 16:51 <REP> ArcSoft 24/04/2007 21:56 <REP> Asus 01/12/2005 11:08 <REP> ATI Technologies 01/12/2005 11:01 <REP> AvRack 27/10/2006 15:39 <REP> BRIDGE 24/07/2007 13:41 <REP> BubbleBall 28/11/2006 12:57 <REP> Cannon Smash 08/12/2005 23:30 <REP> Canon 25/09/2006 15:14 <REP> Coktel 04/02/2007 19:18 <REP> Cryo 11/12/2005 18:10 <REP> CyberLink 24/04/2007 20:30 <REP> DivX 01/12/2005 11:44 <REP> D-Tools 15/02/2006 20:37 <REP> Duran 08/01/2006 16:23 <REP> Empire Interactive 13/02/2007 15:03 <REP> eoRezo 24/04/2007 20:37 <REP> Fichiers communs 24/01/2007 10:57 <REP> Five A Side Football 23/04/2006 12:49 <REP> Frankie 06/03/2007 16:19 <REP> Google 05/03/2006 18:48 <REP> Hachette Multimédia 08/12/2005 23:15 <REP> Hewlett-Packard 26/07/2007 00:15 <REP> Hijackthis Version Française 08/12/2005 23:16 <REP> HP 11/01/2006 00:07 <REP> InterActual 18/02/2007 12:13 <REP> Internet Explorer 28/02/2007 19:09 <REP> iPod 18/03/2007 00:19 <REP> iTunes 24/04/2007 20:31 <REP> Labtec 01/12/2005 11:59 <REP> Lavalys 08/12/2005 23:22 <REP> Logitech 03/01/2006 00:20 <REP> Media Player Classic 28/03/2006 08:46 <REP> Messenger 01/12/2005 10:54 <REP> microsoft frontpage 01/12/2005 11:52 <REP> Microsoft Office 01/12/2005 11:52 <REP> Microsoft.NET 01/12/2005 11:19 <REP> Movie Maker 01/12/2005 10:51 <REP> MSN 01/12/2005 10:51 <REP> MSN Gaming Zone 26/02/2007 10:45 <REP> MSN Messenger 24/07/2007 16:29 <REP> Nathan 26/07/2007 02:22 <REP> Navilog1 01/12/2005 11:18 <REP> NetMeeting 31/01/2006 23:28 <REP> Nikon 01/12/2005 11:00 <REP> NVIDIA Corporation 17/12/2006 02:00 <REP> Outlook Express 02/11/2006 23:14 <REP> Philips 21/04/2006 10:23 <REP> PowerPoint Viewer 24/04/2007 20:31 <REP> QuickTime 19/03/2007 00:43 <REP> Real 08/12/2005 23:29 <REP> ScanSoft 20/02/2007 17:33 <REP> SDLL 01/12/2005 10:51 <REP> Services en ligne 03/01/2006 00:22 <REP> SLD Codec Pack 25/07/2007 23:55 <REP> Spybot - Search & Destroy 06/07/2006 13:31 <REP> SUCCOTH 01/12/2005 11:38 <REP> Symantec 01/12/2005 11:38 <REP> Symantec_Client_Security 17/07/2007 10:26 <REP> THQ 22/12/2005 20:45 <REP> Torah Fun 26/07/2007 02:19 <REP> UltimateZip 2007 17/12/2005 23:10 <REP> VideoLAN 07/04/2006 13:35 <REP> Viewpoint 24/04/2007 20:32 <REP> Windows Live Toolbar 24/04/2007 20:31 <REP> Windows Media Player 01/12/2005 11:18 <REP> Windows NT 21/04/2006 10:22 <REP> WordView 01/12/2005 10:54 <REP> xerox 12/11/2006 14:01 <REP> Xing 14/05/2006 14:08 <REP> Yahoo! 21/04/2006 11:10 <REP> zoo 0 fichier(s) 0 octets 75 Rép(s) 92 627 107 840 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est CC6A-15BD Répertoire de C:\Program Files\fichiers communs 24/04/2007 20:37 <REP> . 24/04/2007 20:37 <REP> .. 10/05/2007 12:18 <REP> Adobe 24/04/2007 20:30 <REP> AOL 07/04/2006 13:36 <REP> aolback 01/12/2005 11:52 <REP> DESIGNER 01/12/2005 12:01 <REP> DirectX 06/02/2007 00:21 <REP> DriveCleaner 2006 Free 08/12/2005 23:16 <REP> HP 01/12/2005 11:01 <REP> InstallShield 08/12/2005 23:22 <REP> Logitech 24/04/2007 20:32 <REP> Microsoft Shared 01/12/2005 10:52 <REP> MSSoap 26/01/2007 09:41 <REP> Nikon 07/04/2006 13:35 <REP> Nullsoft 24/04/2007 20:37 <REP> ODBC 19/03/2007 00:43 <REP> Real 30/11/2006 22:03 <REP> ScanSoft Shared 01/12/2005 10:52 <REP> Services 01/12/2005 10:45 <REP> SpeechEngines 01/12/2005 11:38 <REP> Symantec Shared 17/12/2006 02:00 <REP> System 0 fichier(s) 0 octets 22 Rép(s) 92 627 107 840 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est CC6A-15BD Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 01/12/2005 11:52 <REP> . 01/12/2005 11:52 <REP> .. 01/12/2005 11:52 <REP> 1033 01/12/2005 11:52 <REP> 1036 11/07/2003 11:15 1 292 872 MSONSEXT.DLL 15/07/2003 07:52 35 896 MSOSV.DLL 03/06/1999 15:09 122 937 MSOWS409.DLL 07/03/2001 10:00 127 033 MSOWS40c.DLL 11/07/2003 03:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 92 627 107 840 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est CC6A-15BD Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 08/07/2007 21:30 9 304 688 Windows_Media_Player_9.exe 3 fichier(s) 9 476 208 octets 0 Rép(s) 92 627 107 840 octets libres c:\Documents and Settings\AVI\Application Data\Microsoft\Installer\{7548AA9A-BE7D-479F-9D4C-3D47D336AD98}\ARPPRODUCTICON.exe c:\Documents and Settings\AVI\Application Data\Microsoft\Installer\{7548AA9A-BE7D-479F-9D4C-3D47D336AD98}\Five_A_Side_English__7548AA9ABE7D479F9D4C3D47D336AD98.exe c:\Documents and Settings\AVI\Application Data\Microsoft\Installer\{7548AA9A-BE7D-479F-9D4C-3D47D336AD98}\FiveASide.exe_7548AA9ABE7D479F9D4C3D47D336AD98.exe c:\Documents and Settings\AVI\Application Data\Microsoft\Installer\{7548AA9A-BE7D-479F-9D4C-3D47D336AD98}\FiveASide.exe1_7548AA9ABE7D479F9D4C3D47D336AD98.exe c:\Documents and Settings\AVI\Application Data\Microsoft\Installer\{7548AA9A-BE7D-479F-9D4C-3D47D336AD98}\UNINST_Uninstall_Fiv_7548AA9ABE7D479F9D4C3D47D336AD98.exe c:\Documents and Settings\AVI\Application Data\Microsoft\Installer\{FAD1DFD3-FFB7-4CCF-9DB5-01E42B2BCE34}\_8C0F54FF9E0C_48D9_83FF_4B48BB80A170.exe c:\Documents and Settings\AVI\Bureau\BubbleBall_Setup.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\diff.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\find2.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\grep.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\streams.exe c:\Documents and Settings\AVI\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\AVI\Bureau\MalkaLi (D)\mpfull.exe c:\Documents and Settings\AVI\Bureau\MalkaLi (D)\Show.exe c:\Documents and Settings\AVI\Bureau\MalkaLi (D)\start.exe c:\Documents and Settings\AVI\Bureau\MalkaLi (D)\????.exe c:\Documents and Settings\AVI\Bureau\MalkaLi (D)\s\ACMOVIE2.exe c:\Documents and Settings\AVI\Bureau\MalkaLi (D)\s\mpfull.exe c:\Documents and Settings\AVI\Bureau\MalkaLi (D)\s\Mpfull3.exe c:\Documents and Settings\AVI\Bureau\savta ariela savir\RUNMPEG.EXE c:\Documents and Settings\AVI\Bureau\savta ariela savir\Copie de MalkaLi (D)\mpfull.exe c:\Documents and Settings\AVI\Bureau\savta ariela savir\Copie de MalkaLi (D)\Show.exe c:\Documents and Settings\AVI\Bureau\savta ariela savir\Copie de MalkaLi (D)\start.exe c:\Documents and Settings\AVI\Menu Démarrer\Programmes\COKTEL\Configuration 3D.exe c:\Documents and Settings\AVI\Menu Démarrer\Programmes\COKTEL\Désinstalleur Coktel.exe c:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\FormatDisk.exe c:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\PhotoCD.exe c:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\Logiciel\PSNum.exe c:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\Logiciel\PhotoshopAlbum2ED\instmsia.exe c:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\Logiciel\PhotoshopAlbum2ED\instmsiw.exe c:\Documents and Settings\AVI\Mes documents\LUGASSY (D)\Logiciel\PhotoshopAlbum2ED\setup.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\AVI\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll ****** Fin du rapport DiagHelp

Bonsoir ! Ayant moi aussi l'âme d'un bon samaritain, j'ai proposé à un ami qui déménage (!) de me passer son PC pour le désinfecter. Après avoir lancé HIJACK et NAVILOG1 (choix 1), il me semble qu'il soit infecté par MAGIC CONTROL J'ai cependant un problème technique : MON PC à moi (qui est sain) est bien connecté à internet (la preuve...) mais je n'arrive pas à connecter SON PC chez moi ni même à partager ma connection ADSL; je ne peux donc pas lancer des antivirus en ligne ! la seule chose que je peux faire est transférer des logiciels par clé USB. Si vous vouliez bien me guider pour lui enlever tout ses problèmes ... MERCI D'AVANCE A TOUS Logfile of HijackThis v1.99.1Scan saved at 00:15:28, on 26/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Labtec\Mouse\2.1\moffice.exe C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\UltimateZip 2007\uzqkst.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe O4 - HKLM\..\Run: [sDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [uabwrqf] c:\windows\system32\uabwrqf.exe uabwrqf O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe Search Navipromo version 2.0.5 commencé le 26/07/2007 à 0:16:28,56 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** InternetGameBox 1.5 *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** C:\Program Files\InternetGameBox trouvé ! *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\AVI\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of October, 2007. Version information: 2.2.1064. [+] Started on 07/26/07 at 00:16:30. [+] Initializing ... [+] Starting scan, press Ctrl-C to abort. [+] Scanning for hidden items .......................................................................... [+] Scan complete. [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming. [+] Exited on 07/26/07 at 00:24:25 (return code = 0). *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\uabwrqf.dat trouvé ! ** C:\WINDOWS\system32\uabwrqf.dat trouvé ! *** **** ***** C:\WINDOWS\system32\uabwrqf_nav.dat trouvé ! ****** ******* ******** 3)Recherche Certificats : Certificat Egroup trouvé ! *** Analyse Terminé le 26/07/2007 à 0:24:43,81 ***