Alpinette74

Merci pour votre aide, J ai finalement decide de reinstaller windows .... Pour le moment tout va bien mis a part le clavier... Merci encore et A bientot

Bonjour, Oui BitDefender me dit toujours qu' il détecte un fichier File c:\cp2141.nls infected with Trojan.Spabot.NAC dans son journal d' evenements. Par contre apres un scan je ne trouve pas virus dans les logs du scan. Pourtant cette alerte sur la présence du virus est ecrite toutes les minutes dans le journal des events de Bitdefender. C.

Rebonsoir, Et voici le rapport Kespersky : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, December 14, 2007 12:17:38 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 13/12/2007 Kaspersky Anti-Virus database records: 481845 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ J:\ K:\ Scan Statistics: Total number of scanned objects: 72828 Number of viruses found: 2 Number of infected objects: 2 Number of suspicious objects: 0 Duration of the scan process: 01:03:04 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\backup\DOCUME~1\Celina\LOCALS~1\Temp\wjeeoeqj.dll Infected: Trojan.Win32.Inject.mf skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Celina\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Celina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Celina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Celina\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Celina\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Celina\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Celina\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{ECAC9B5E-ECA9-484F-9EBC-6874B7C7B5F5}\RP220\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\bdss.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\ndis.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\tmp00002769\tmp00000000 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{ECAC9B5E-ECA9-484F-9EBC-6874B7C7B5F5}\RP220\change.log Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped J:\Installs\instala-emule.exe Infected: not-a-virus:FraudTool.Win32.Takedawnload.a skipped J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.

Bonsoir ! Me revoici de retour à la maison. Voici les posts de search.bat et ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot AlternateShell REG_SZ cmd.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys <SANS NOM> REG_SZ FSFilter System Recovery HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000} <SANS NOM> REG_SZ Universal Serial Bus controllers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ CD-ROM Drive HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ DiskDrive HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Standard floppy disk controller HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Hdc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Keyboard HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Mouse HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ PCMCIA Adapters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ SCSIAdapter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ System HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Floppy disk drive HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF} <SANS NOM> REG_SZ Volume shadow copy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F} <SANS NOM> REG_SZ Volume HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} <SANS NOM> REG_SZ Human Interface Devices HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sharedaccess <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys <SANS NOM> REG_SZ FSFilter System Recovery HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI <SANS NOM> REG_SZ Driver Group HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000} <SANS NOM> REG_SZ Universal Serial Bus controllers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ CD-ROM Drive HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ DiskDrive HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Standard floppy disk controller HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Hdc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Keyboard HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Mouse HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Net HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ NetClient HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ NetService HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ NetTrans HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ PCMCIA Adapters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ SCSIAdapter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ System HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318} <SANS NOM> REG_SZ Floppy disk drive HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F} <SANS NOM> REG_SZ Volume HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} <SANS NOM> REG_SZ Human Interface Devices

Bonjour Charles, Je ne suis plus a la maison je ne peux pour le moment pas continuer le travail sur mon ordinateur. Je reviens Jeudi, j'espère que vous serez toujours là ! Merci encore pour votre aide, A bientot.

Bonsoir et merci pour votre aide, Charles . Voici les resultats comme demandé. J' ai également mis a la fin le resultat extra.txt (a l' air de contenir des trucs interessants ...) Le virus SPABOT.NAC est toujours présenz... il me genere toujours le probleme de modification de mon IP et m' oblige toujours a fait le netsh winsock reset pour recuperer ma connection. Il genere un fichier dans C: nommé cp154.nls impossible a supprimer .... Deckard's System Scanner v20071014.68 Run by Celina on 2007-12-09 23:10:39 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 76: 2007-12-09 22:10:42 UTC - RP220 - Deckard's System Scanner Restore Point 75: 2007-12-09 12:49:34 UTC - RP219 - Point de vérification système 74: 2007-12-08 11:41:45 UTC - RP218 - Point de vérification système 73: 2007-12-04 21:54:52 UTC - RP217 - Point de vérification système 72: 2007-12-03 21:22:11 UTC - RP216 - Point de vérification système -- First Restore Point -- 1: 2007-09-28 12:18:26 UTC - RP145 - Supprimé Livebox Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Celina.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 23:11:13, on 09/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g\WLANUTL.exe C:\Documents and Settings\Celina\Bureau\dss.exe C:\PROGRA~1\Celina.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165677364702 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6BB3C3AD-E6D0-41E5-AA6E-880016EA099F}: NameServer = 192.168.1.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) -- HijackThis Fixed Entries (C:\PROGRA~1\backups\) ----------------------------- backup-20070301-181447-570 O21 - SSODL: CDRecorder030 - {A3BC5E20-0235-1ABF-9CE1-00AA00512030} - C:\WINDOWS\system32\zuyi32.dll (file missing) backup-20070301-181447-653 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll backup-20071031-203208-440 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab backup-20071031-203209-396 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys <Not Verified; Softwin SRL; BitDefender 10> R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9> R3 catchme - c:\docume~1\celina\locals~1\temp\catchme.sys (file missing) R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel® PRO/1000 PL Network Connection Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_81C21043&REV_00\4&38D2602C&0&00E1 Manufacturer: Intel Name: Intel® PRO/1000 PL Network Connection PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_81C21043&REV_00\4&38D2602C&0&00E1 Service: e1express Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Carte réseau 1394 Device ID: V1394\NIC1394\B4C22E11D800 Manufacturer: Microsoft Name: Carte réseau 1394 PNP Device ID: V1394\NIC1394\B4C22E11D800 Service: NIC1394 -- Files created between 2007-11-09 and 2007-12-09 ----------------------------- 2007-12-09 23:11:12 218112 --a------ C:\Program Files\Celina.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis> 2007-12-09 12:37:47 0 d-------- C:\WINDOWS\ERUNT 2007-12-08 13:15:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Voisinage réseau 2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Voisinage d'impression 2007-12-08 13:13:38 0 dr-h----- C:\Documents and Settings\Administrateur.HOME.004\SendTo 2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Recent 2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Modèles 2007-12-08 13:13:38 0 d-------- C:\Documents and Settings\Administrateur.HOME.004\Mes documents 2007-12-08 13:13:38 0 dr------- C:\Documents and Settings\Administrateur.HOME.004\Menu Démarrer 2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Local Settings 2007-12-08 13:13:38 0 d-------- C:\Documents and Settings\Administrateur.HOME.004\Favoris 2007-12-08 13:13:38 0 d---s---- C:\Documents and Settings\Administrateur.HOME.004\Cookies 2007-12-08 13:13:38 0 d-------- C:\Documents and Settings\Administrateur.HOME.004\Bureau 2007-12-08 13:13:38 0 dr-h----- C:\Documents and Settings\Administrateur.HOME.004\Application Data 2007-12-08 13:13:38 0 d---s---- C:\Documents and Settings\Administrateur.HOME.004\Application Data\Microsoft 2007-12-08 13:13:37 524288 --ah----- C:\Documents and Settings\Administrateur.HOME.004\NTUSER.DAT 2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Voisinage réseau 2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Voisinage d'impression 2007-12-08 13:12:36 0 dr-h----- C:\Documents and Settings\Administrateur.HOME.003\SendTo 2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Recent 2007-12-08 13:12:36 237568 --ah----- C:\Documents and Settings\Administrateur.HOME.003\NTUSER.DAT 2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Modèles 2007-12-08 13:12:36 0 d-------- C:\Documents and Settings\Administrateur.HOME.003\Mes documents 2007-12-08 13:12:36 0 dr------- C:\Documents and Settings\Administrateur.HOME.003\Menu Démarrer 2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Local Settings 2007-12-08 13:12:36 0 d-------- C:\Documents and Settings\Administrateur.HOME.003\Favoris 2007-12-08 13:12:36 0 d---s---- C:\Documents and Settings\Administrateur.HOME.003\Cookies 2007-12-08 13:12:36 0 d-------- C:\Documents and Settings\Administrateur.HOME.003\Bureau 2007-12-08 13:12:36 0 dr-h----- C:\Documents and Settings\Administrateur.HOME.003\Application Data 2007-12-08 13:12:36 0 d---s---- C:\Documents and Settings\Administrateur.HOME.003\Application Data\Microsoft 2007-11-30 09:59:05 5180 --a------ C:\Documents and Settings\Celina\z -- Find3M Report --------------------------------------------------------------- 2007-12-09 23:11:13 5013 --a------ C:\Program Files\hijackthis.log 2007-12-09 23:06:28 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-11-01 17:23:44 267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner> 2007-11-01 17:23:44 71749 --a------ C:\WINDOWS\hcextoutput.dll 2007-11-01 17:23:43 1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI> 2007-11-01 17:23:43 86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI> 2007-10-31 20:32:09 0 d-------- C:\Program Files\backups 2007-10-29 18:49:08 468490 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-10-29 18:49:08 75506 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-10-18 23:03:14 0 d-------- C:\Program Files\SAGEM 2007-10-18 00:18:56 0 d-------- C:\Program Files\Wanadoo -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [12/10/2006 03:10] "RTHDCPL"="RTHDCPL.EXE" [19/12/2005 07:52 C:\WINDOWS\RTHDCPL.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [20/09/2005 03:35] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [20/09/2005 03:36] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [20/09/2005 03:32] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [18/04/2007 16:01] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [10/04/2007 19:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 16:09] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [09/12/2006 21:51:21] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=sockspy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" *Newly Created Service* - KPROCCHECK *Newly Created Service* - PCANDIS5 -- End of Deckard's System Scanner: finished at 2007-12-09 23:11:49 ------------ Voici la reponse au scan en ligne : Results PC infected 49 examples of less dangerous malicious software. 1 suspicious file. We detected that Bitdefender Antivirus is enabled and up-to-date. El texto que corresponda en cada momento After completely scanning your PC, we have not detected any ACTIVE or LATENT malicious software. Become a TotalScan Pro member Includes disinfection! < Back to home Scan details High danger level (0) Medium danger level (1) Trj/Downloader... Virus Latent Show + Info C:\Documents and Settings...top\Quarantine\cp2156.nls Low danger level (48) Cookie/Overtur... Tracking Cookie Latent Show + Info C:\Documents and Settings...s\micheal@overture[1].txt C:\Documents and Settings...s\micheal@overture[2].txt C:\Documents and Settings...es\celina@overture[1].txt Cookie/Comclic... Tracking Cookie Latent Show + Info C:\Documents and [email protected][1].txt Cookie/Cgi-bin Tracking Cookie Latent Show + Info C:\Documents and Settings...es\micheal@cgi-bin[5].txt Cookie/Azjmp Tracking Cookie Latent Show + Info C:\Documents and Settings...kies\micheal@azjmp[1].txt Cookie/RealMed... Tracking Cookie Latent Show + Info C:\Documents and Settings...s\celina@realmedia[1].txt C:\Documents and Settings...\micheal@realmedia[2].txt Cookie/AdDynam... Tracking Cookie Latent Show + Info C:\Documents and [email protected][1].txt Cookie/Com.com Tracking Cookie Latent Show + Info C:\Documents and Settings...Cookies\celina@com[1].txt C:\Documents and Settings...ookies\micheal@com[1].txt Cookie/Toplist Tracking Cookie Latent Show + Info C:\Documents and Settings...ies\celina@toplist[1].txt Cookie/Statcou... Tracking Cookie Latent Show + Info C:\Documents and Settings...celina@statcounter[2].txt Cookie/Hitbox Tracking Cookie Latent Show + Info C:\Documents and [email protected][1].txt Cookie/bravene... Tracking Cookie Latent Show + Info C:\Documents and Settings...s\micheal@bravenet[2].txt Cookie/Xiti Tracking Cookie Latent Show + Info C:\Documents and Settings...ookies\invite@xiti[1].txt C:\Documents and Settings...okies\micheal@xiti[1].txt C:\Documents and Settings...okies\micheal@xiti[1].txt C:\Documents and Settings...ookies\celina@xiti[1].txt Cookie/BurstNe... Tracking Cookie Latent Show + Info C:\Documents and Settings...s\micheal@burstnet[1].txt Cookie/Tradedo... Tracking Cookie Latent Show + Info C:\Documents and Settings...elina@tradedoubler[1].txt C:\Documents and Settings...nvite@tradedoubler[1].txt Cookie/Adverti... Tracking Cookie Latent Show + Info C:\Documents and Settings...celina@advertising[1].txt Cookie/Webtren... Tracking Cookie Latent Show + Info C:\Documents and Settings...atse.webtrendslive[1].txt Cookie/Adviva Tracking Cookie Latent Show + Info C:\Documents and Settings...kies\celina@adviva[2].txt Cookie/fe.lea.... Tracking Cookie Latent Show + Info C:\Documents and [email protected][1].txt C:\Documents and [email protected][1].txt Cookie/Smartad... Tracking Cookie Latent Show + Info C:\Documents and Settings...lina@smartadserver[2].txt C:\Documents and Settings...heal@smartadserver[1].txt Cookie/Zedo Tracking Cookie Latent Show + Info C:\Documents and Settings...ookies\celina@zedo[2].txt Cookie/FastCli... Tracking Cookie Latent Show + Info C:\Documents and Settings...s\celina@fastclick[1].txt Cookie/RealMed... Tracking Cookie Latent Show + Info C:\Documents and Settings...elina@247realmedia[2].txt C:\Documents and Settings...cheal@247realmedia[1].txt Application/Ni... Tracking Application Latent Show + Info C:\System Volume Informat...7B5F5}\RP218\A0065212.exe Cookie/Serving... Tracking Cookie Latent Show + Info C:\Documents and Settings...icheal@serving-sys[1].txt C:\Documents and Settings...celina@serving-sys[2].txt C:\Documents and Settings...icheal@serving-sys[1].txt Cookie/Go Tracking Cookie Latent Show + Info C:\Documents and Settings...Cookies\micheal@go[2].txt C:\Documents and Settings...Cookies\micheal@go[1].txt C:\Documents and Settings...\Cookies\celina@go[1].txt Cookie/Serving... Tracking Cookie Latent Show + Info C:\Documents and [email protected][2].txt C:\Documents and [email protected][2].txt C:\Documents and [email protected][2].txt Cookie/2o7 Tracking Cookie Latent Show + Info C:\Documents and Settings...ies\[email protected][1].txt Trj/Spabot.BJ Virus Latent Show + Info C:\Documents and Settings...\Desktop\Quarantine\q.dll Cookie/BurstBe... Tracking Cookie Latent Show + Info C:\Documents and [email protected][2].txt Cookie/Tribalf... Tracking Cookie Latent Show + Info C:\Documents and Settings...cheal@tribalfusion[1].txt C:\Documents and Settings...cheal@tribalfusion[1].txt Cookie/WUpd Tracking Cookie Latent Show + Info C:\Documents and Settings...es\micheal@revenue[2].txt Application/Pr... Tracking Application Latent Show + Info C:\Documents and Settings...e[sDFix\apps\Process.exe] C:\Documents and Settings...IX\SDFix\apps\Process.exe Cookie/Traffic... Tracking Cookie Latent Show + Info C:\Documents and Settings...\micheal@trafficmp[1].txt Cookie/MetriWe... Tracking Cookie Latent Show + Info C:\Documents and Settings...es\celina@metriweb[1].txt Cookie/Atwola Tracking Cookie Latent Show + Info C:\Documents and Settings...ies\micheal@atwola[1].txt Cookie/Mediapl... Tracking Cookie Latent Show + Info C:\Documents and Settings...s\celina@mediaplex[1].txt Cookie/Casalem... Tracking Cookie Latent Show + Info C:\Documents and Settings...celina@casalemedia[1].txt Cookie/Doublec... Tracking Cookie Latent Show + Info C:\Documents and Settings...celina@doubleclick[1].txt Cookie/Weboram... Tracking Cookie Latent Show + Info C:\Documents and Settings...s\micheal@weborama[2].txt C:\Documents and Settings...es\celina@weborama[2].txt C:\Documents and Settings...s\micheal@weborama[2].txt Cookie/Atlas D... Tracking Cookie Latent Show + Info C:\Documents and Settings...okies\celina@atdmt[1].txt Cookie/Adtech Tracking Cookie Latent Show + Info C:\Documents and Settings...ies\micheal@adtech[2].txt C:\Documents and Settings...ies\micheal@adtech[2].txt C:\Documents and Settings...kies\celina@adtech[1].txt Cookie/YieldMa... Tracking Cookie Latent Show + Info C:\Documents and [email protected][1].txt Cookie/Server.... Tracking Cookie Latent Show + Info C:\Documents and Settings...ver.iad.liveperson[2].txt Cookie/PointRo... Tracking Cookie Latent Show + Info C:\Documents and [email protected][1].txt C:\Documents and [email protected][1].txt Cookie/adultfr... Tracking Cookie Latent Show + Info C:\Documents and Settings...@adultfriendfinder[1].txt Cookie/Questio... Tracking Cookie Latent Show + Info C:\Documents and Settings...ina@questionmarket[1].txt C:\Documents and Settings...eal@questionmarket[2].txt C:\Documents and Settings...eal@questionmarket[1].txt Cookie/Apmebf Tracking Cookie Latent Show + Info C:\Documents and Settings...kies\celina@apmebf[2].txt Cookie/Bluestr... Tracking Cookie Latent Show + Info C:\Documents and Settings...\celina@bluestreak[2].txt Suspicious files (1) C:\System Volume Informat...7B5F5}\RP200\A0056500.exe

Et voici le rapport DiagHelp DiagHelp version v1.4 - http://www.malekal.com excute le 09/12/2007 à 12:51:13,89 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->09/12/2007 12:51:06 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->09/12/2007 12:51:03 C:\WINDOWS\prefetch\IZARC.EXE-2B73BBEB.pf -->09/12/2007 12:49:36 C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf -->09/12/2007 12:49:30 C:\WINDOWS\prefetch\JUCHECK.EXE-272A8733.pf -->09/12/2007 12:48:27 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->09/12/2007 12:45:32 C:\WINDOWS\prefetch\HIJACKTHIS.EXE-0D776E28.pf -->09/12/2007 12:45:28 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->09/12/2007 12:44:14 C:\WINDOWS\prefetch\WLANUTL.EXE-1BD782E6.pf -->09/12/2007 12:44:02 C:\WINDOWS\prefetch\RTHDCPL.EXE-06918CFA.pf -->09/12/2007 12:43:28 C:\WINDOWS\System32\drivers\ndis.sys -->10/02/2007 09:10:42 C:\WINDOWS\System32\drivers\RtkHDAud.Sys -->19/12/2005 10:37:42 C:\WINDOWS\System32\drivers\ialmnt5.sys -->20/09/2005 04:00:54 C:\WINDOWS\System32\drivers\e1e5132.sys -->01/09/2005 06:52:50 C:\WINDOWS\System32\drivers\Hdaudbus.sys -->07/01/2005 17:07:18 C:\WINDOWS\System32\drivers\Hdaudio.sys -->07/01/2005 17:07:16 C:\WINDOWS\System32\drivers\tdtcp.sys -->19/08/2004 16:10:20 C:\WINDOWS\System32\bdod.bin -->09/12/2007 12:46:16 C:\WINDOWS\System32\bdss.log -->09/12/2007 12:41:06 C:\WINDOWS\System32\wpa.dbl -->08/12/2007 11:18:21 C:\WINDOWS\System32\PerfStringBackup.INI -->29/10/2007 18:49:08 C:\WINDOWS\System32\perfh00C.dat -->29/10/2007 18:49:08 C:\WINDOWS\System32\perfh009.dat -->29/10/2007 18:49:08 C:\WINDOWS\System32\perfc00C.dat -->29/10/2007 18:49:08 C:\WINDOWS\System32\perfc009.dat -->29/10/2007 18:49:08 C:\WINDOWS\System32\swreg.exe -->22/07/2007 17:39:27 C:\WINDOWS\System32\testscript.tmp -->10/04/2007 20:45:32 C:\WINDOWS\System32\xreglib.dll -->10/04/2007 19:42:07 C:\WINDOWS\System32\Uninstall.ico -->01/03/2007 19:13:34 C:\WINDOWS\System32\pavas.ico -->01/03/2007 19:13:34 C:\WINDOWS\System32\Help.ico -->01/03/2007 19:13:34 C:\WINDOWS\System32\asfiles.txt -->01/03/2007 11:08:07 C:\WINDOWS\System32\FNTCACHE.DAT -->27/02/2007 20:54:51 C:\WINDOWS\System32\jupdate-1.5.0_09-b03.log -->14/12/2006 10:18:50 C:\WINDOWS\System32\LoopyMusic.wav -->09/12/2006 17:08:21 C:\WINDOWS\System32\BuzzingBee.wav -->09/12/2006 17:08:21 C:\WINDOWS\System32\spupdwxp.log -->09/12/2006 17:00:24 C:\WINDOWS\System32\wmpscheme.xml -->09/12/2006 15:58:23 C:\WINDOWS\System32\$winnt$.inf -->09/12/2006 15:54:56 C:\WINDOWS\System32\CONFIG.NT -->09/12/2006 15:53:34 C:\WINDOWS\System32\nscompat.tlb -->09/12/2006 15:53:31 C:\WINDOWS\System32\amcompat.tlb -->09/12/2006 15:53:31 C:\WINDOWS.log -->09/12/2007 12:41:14 C:\WINDOWS\wiadebug.log -->09/12/2007 12:41:08 C:\WINDOWS\WindowsUpdate.log -->09/12/2007 12:41:07 C:\WINDOWS\wiaservc.log -->09/12/2007 12:41:07 C:\WINDOWS\bootstat.dat -->09/12/2007 12:41:04 C:\WINDOWS\ntbtlog.txt -->09/12/2007 12:37:20 C:\WINDOWS\SchedLgU.Txt -->09/12/2007 12:36:26 C:\WINDOWS\win.ini -->08/12/2007 20:38:31 C:\WINDOWS\setupact.log -->08/12/2007 13:28:07 C:\WINDOWS\setuperr.log -->08/12/2007 13:25:26 C:\WINDOWS\setupapi.log -->05/12/2007 10:54:14 C:\WINDOWS\NeroDigital.ini -->03/12/2007 21:22:22 C:\WINDOWS\wmsetup.log -->26/11/2007 20:59:31 C:\WINDOWS\tsc.ini -->01/11/2007 17:58:43 C:\WINDOWS\tsc.ptn -->01/11/2007 17:23:45 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 560 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll 0x10000000 0x26000 3.00.0000.4396 C:\WINDOWS\System32\igfxpph.dll 0x02310000 0x13000 3.00.0000.4396 C:\WINDOWS\System32\hccutils.DLL 0x02350000 0x24000 3.00.0000.4396 C:\WINDOWS\system32\igfxres.dll 0x023c0000 0x16f000 3.00.0000.4396 C:\WINDOWS\system32\igfxress.dll 0x02570000 0xe000 3.00.0000.4396 C:\WINDOWS\System32\igfxsrvc.dll 0x02580000 0xe000 1.00.0000.0002 C:\Program Files\UltraEdit-32\ue32ctmn.dll 0x025a0000 0x9b000 C:\PROGRA~1\IZArc\IZArcCM.dll 0x027e0000 0x12000 1.00.0000.0002 C:\Program Files\Softwin\BitDefender10\bdshelxt.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x013e0000 0x8000 1.00.0000.0001 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 0x6d610000 0x6a000 5.00.0090.0003 C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll 0x60990000 0xe000 3.00.3790.2180 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 696 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 3430-2C4B Répertoire de C:\WINDOWS\system 23/12/1997 02:23 4 672 wowpost.exe 1 fichier(s) 4 672 octets 0 Rép(s) 18 790 768 640 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 3430-2C4B Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 18 790 768 640 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 3430-2C4B Répertoire de C:\WINDOWS\Downloaded Program Files 31/10/2007 20:32 <REP> . 31/10/2007 20:32 <REP> .. 24/08/2006 08:28 141 424 asinst.dll 22/08/2006 09:06 537 asinst.inf 07/12/2004 17:07 32 bdcore.dll 25/05/2006 01:21 118 784 bdupd.dll 09/12/2006 15:52 65 desktop.ini 06/12/2006 16:27 1 249 erma.inf 28/12/2004 16:14 652 736 fscax.dll 25/05/2006 01:21 53 248 ipsupd.dll 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 20/06/2006 14:44 379 704 MsnPUpld.dll 19/06/2006 13:40 393 MsnPUpld.inf 31/05/2006 04:15 10 oscan81.ocx_x 20/11/2006 10:04 117 088 PURen-ie.dll 20/06/2006 14:44 117 560 PURen-us.dll 14/03/2005 14:58 7 073 scanoptions.tsi 14/02/2007 15:30 144 setup.inf 09/11/2006 14:36 5 019 swflash.inf 26/05/2005 04:19 291 wuweb.inf 02/11/2005 18:01 1 777 xscan.inf 02/11/2005 18:07 435 712 xscan53.ocx 22 fichier(s) 2 040 411 octets Total des fichiers listés : 22 fichier(s) 2 040 411 octets 2 Rép(s) 18 790 764 544 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.5" "C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 12:51:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 332 - RTHDCPL.exe 560 - explorer.exe 672 - csrss.exe 696 - winlogon.exe 740 - services.exe 752 - lsass.exe 952 - svchost.exe 1008 - svchost.exe 1048 - iexplore.exe 1096 - svchost.exe 1200 - svchost.exe 1212 - bdagent.exe 1256 - svchost.exe 1312 - ctfmon.exe 1380 - vsserv.exe 1832 - xcommsvr.exe 1932 - bdss.exe 1944 - livesrv.exe 2012 - bdmcon.exe 2260 - WLANUTL.exe 3392 - jucheck.exe 3732 - cmd.exe Total number of processes = 23 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 80701000 - \WINDOWS\system32\hal.dll F7987000 - \WINDOWS\system32\KDCOM.DLL F7897000 - \WINDOWS\system32\BOOTVID.dll F75A7000 - ACPI.sys F7989000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F7596000 - pci.sys F75F7000 - isapnp.sys F7607000 - ohci1394.sys F7617000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F7A4F000 - pciide.sys F7707000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F7627000 - MountMgr.sys F74D7000 - ftdisk.sys F798B000 - dmload.sys F74B1000 - dmio.sys F770F000 - PartMgr.sys F7637000 - VolSnap.sys F7499000 - atapi.sys F7647000 - disk.sys F7657000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F747A000 - fltmgr.sys F7468000 - sr.sys F7451000 - KSecDD.sys F7B52000 - Ntfs.sys F7422000 - NDIS.sys F7407000 - Mup.sys BAF50000 - \SystemRoot\System32\DRIVERS\intelppm.sys BA865000 - \SystemRoot\System32\DRIVERS\ialmnt5.sys BA851000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS BA82C000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F77B7000 - \SystemRoot\System32\DRIVERS\usbuhci.sys BA809000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F77BF000 - \SystemRoot\system32\DRIVERS\usbehci.sys BA7F5000 - \SystemRoot\System32\DRIVERS\parport.sys F79A7000 - \SystemRoot\System32\DRIVERS\ASACPI.sys BAF40000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F77C7000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F77CF000 - \SystemRoot\System32\DRIVERS\mouclass.sys BA7E4000 - \SystemRoot\System32\DRIVERS\serial.sys BAFF0000 - \SystemRoot\System32\DRIVERS\serenum.sys BAF30000 - \SystemRoot\System32\Drivers\Imapi.SYS BAF20000 - \SystemRoot\System32\DRIVERS\cdrom.sys BAF10000 - \SystemRoot\System32\DRIVERS\redbook.sys BA7C1000 - \SystemRoot\System32\DRIVERS\ks.sys F7A9E000 - \SystemRoot\System32\DRIVERS\audstub.sys BAA33000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys BAFE8000 - \SystemRoot\System32\DRIVERS\ndistapi.sys BA7AA000 - \SystemRoot\System32\DRIVERS\ndiswan.sys BAA23000 - \SystemRoot\System32\DRIVERS\raspppoe.sys BAA13000 - \SystemRoot\System32\DRIVERS\raspptp.sys F77D7000 - \SystemRoot\System32\DRIVERS\TDI.SYS BA799000 - \SystemRoot\System32\DRIVERS\psched.sys BAA03000 - \SystemRoot\System32\DRIVERS\msgpc.sys F77DF000 - \SystemRoot\System32\DRIVERS\ptilink.sys F77E7000 - \SystemRoot\System32\DRIVERS\raspti.sys BA768000 - \SystemRoot\System32\DRIVERS\rdpdr.sys BA9F3000 - \SystemRoot\System32\DRIVERS\termdd.sys F79A9000 - \SystemRoot\System32\DRIVERS\swenum.sys BA734000 - \SystemRoot\System32\DRIVERS\update.sys BAFC0000 - \SystemRoot\System32\DRIVERS\mssmbios.sys BA9D3000 - \SystemRoot\System32\Drivers\NDProxy.SYS AA221000 - \SystemRoot\system32\drivers\RtkHDAud.sys AA1FF000 - \SystemRoot\system32\drivers\portcls.sys BA9C3000 - \SystemRoot\system32\drivers\drmk.sys BA9B3000 - \SystemRoot\System32\DRIVERS\usbhub.sys F79B1000 - \SystemRoot\System32\DRIVERS\USBD.SYS F79B3000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7A63000 - \SystemRoot\System32\Drivers\Null.SYS F79B5000 - \SystemRoot\System32\Drivers\Beep.SYS F7817000 - \SystemRoot\System32\drivers\vga.sys F79B7000 - \SystemRoot\System32\Drivers\mnmdd.SYS F79B9000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F781F000 - \SystemRoot\System32\Drivers\Msfs.SYS F774F000 - \SystemRoot\System32\Drivers\Npfs.SYS BABA9000 - \SystemRoot\System32\DRIVERS\rasacd.sys A9C8E000 - \SystemRoot\System32\DRIVERS\ipsec.sys A9C36000 - \SystemRoot\System32\DRIVERS\tcpip.sys F7757000 - \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys A9C15000 - \SystemRoot\System32\DRIVERS\ipnat.sys A9BED000 - \SystemRoot\System32\DRIVERS\netbt.sys BA9A3000 - \SystemRoot\System32\DRIVERS\wanarp.sys F792B000 - \SystemRoot\System32\drivers\ws2ifsl.sys A9BCB000 - \SystemRoot\System32\drivers\afd.sys F7697000 - \SystemRoot\System32\DRIVERS\netbios.sys A9B9F000 - \SystemRoot\System32\DRIVERS\rdbss.sys A9B30000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F76B7000 - \SystemRoot\System32\Drivers\Fips.SYS A9A0B000 - \SystemRoot\system32\DRIVERS\WlanUIG.sys F7767000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS F76D7000 - \SystemRoot\System32\Drivers\Cdfs.SYS A99F3000 - \SystemRoot\System32\Drivers\dump_atapi.sys F79BD000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F776F000 - \SystemRoot\System32\watchdog.sys F794B000 - \SystemRoot\System32\drivers\Dxapi.sys BF9C1000 - \SystemRoot\System32\drivers\dxg.sys BAC16000 - \SystemRoot\System32\drivers\dxgthk.sys BF9E1000 - \SystemRoot\System32\ialmdnt5.dll BF9D3000 - \SystemRoot\System32\ialmrnt5.dll BFA03000 - \SystemRoot\System32\ialmdev5.DLL BFA38000 - \SystemRoot\System32\ialmdd5.DLL A99A7000 - \SystemRoot\system32\DRIVERS\mdc8021x.sys A99A3000 - \SystemRoot\System32\DRIVERS\ndisuio.sys A971E000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F79D3000 - \SystemRoot\System32\Drivers\ParVdm.SYS A9847000 - \SystemRoot\System32\Drivers\Aspi32.SYS A9843000 - \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys A9667000 - \SystemRoot\System32\DRIVERS\srv.sys A93AA000 - \SystemRoot\system32\drivers\wdmaud.sys A9547000 - \SystemRoot\system32\drivers\sysaudio.sys A9E77000 - \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys A93CF000 - \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys A90B7000 - \??\C:\DOCUME~1\Celina\LOCALS~1\Temp\catchme.sys A8FFA000 - \SystemRoot\System32\Drivers\HTTP.sys A9A78000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS BADD6000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 117 Liste des programmes installes Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Photoshop 7.0 Adobe Shockwave Player AVIcodec (remove only) BitDefender Antivirus v10 Canon iP4200 CCleaner (remove only) eMule Google Earth High Definition Audio Driver Package - KB888111 HijackThis 1.99.1 Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers IZArc 3.81 J2SE Runtime Environment 5.0 Update 9 livebox Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Office 2000 Premium MSN Messenger 7.5 Native Instruments Traktor DJ Studio v2.5.3 Nero 6 Demo Orion Pro DEMO Panda ActiveScan PowerDVD Realtek High Definition Audio Driver Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g SweetMovieLife 1.0E Trading Floor 2 UltraCompare Professional UltraEdit-32 WebFldrs XP Westwood Shared Internet Components Windows Genuine Advantage Validation Tool (KB892130) Windows XP Service Pack 2 XviD 1.2.-127 standalone decoder uninstall Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 3430-2C4B Répertoire de C:\Program Files 09/12/2007 12:45 <REP> . 09/12/2007 12:45 <REP> .. 16/12/2006 17:52 <REP> Adobe 09/12/2006 21:57 <REP> Ahead 24/03/2007 10:39 <REP> AVIcodec 31/10/2007 20:32 <REP> backups 18/08/2007 12:46 <REP> CCleaner 09/12/2006 22:00 <REP> CyberLink 01/03/2007 16:12 <REP> directx 24/03/2007 13:40 <REP> Fichiers communs 18/08/2007 18:34 <REP> Google 10/02/2007 09:41 <REP> Grisoft 21/07/2005 15:42 218 112 HijackThis.exe 09/12/2007 12:45 5 088 hijackthis.log 21/01/2007 18:13 <REP> IDM Computer Solutions 09/12/2006 16:05 <REP> Intel 01/03/2007 19:24 <REP> Internet Explorer 10/07/2007 09:06 <REP> IZArc 14/12/2006 10:18 <REP> Java 22/03/2007 21:03 <REP> Messenger 12/02/2007 10:13 <REP> Microids 09/12/2006 21:19 <REP> microsoft frontpage 09/12/2006 21:19 <REP> Microsoft Office 09/12/2006 21:21 <REP> Microsoft Visual Studio 09/12/2006 16:54 <REP> Movie Maker 09/12/2006 15:51 <REP> MSN 09/12/2006 15:50 <REP> MSN Gaming Zone 28/09/2007 21:07 <REP> MSN Messenger 09/12/2006 16:53 <REP> NetMeeting 12/02/2007 19:24 <REP> OrionPro 09/12/2006 16:53 <REP> Outlook Express 24/03/2007 14:40 <REP> Panasonic 09/12/2006 17:06 <REP> Realtek 18/10/2007 23:03 <REP> SAGEM 28/09/2007 13:10 <REP> Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g 08/09/2007 19:10 <REP> Securitoo 09/12/2006 15:51 <REP> Services en ligne 10/02/2007 09:34 2 144 setup.log 14/03/2007 19:58 <REP> Softwin 24/03/2007 14:37 <REP> Spybot - Search & Destroy 07/08/2007 16:13 <REP> Synthesis Bank 21/01/2007 18:12 <REP> UltraEdit-32 18/10/2003 17:58 64 512 uninstall.exe 18/10/2007 00:18 <REP> Wanadoo 09/12/2006 16:54 <REP> Windows Media Player 09/12/2006 16:53 <REP> Windows NT 09/12/2006 15:53 <REP> xerox 24/03/2007 10:45 <REP> XviD 18/08/2007 13:19 <REP> Yahoo! 4 fichier(s) 289 856 octets 45 Rép(s) 18 789 875 712 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 3430-2C4B Répertoire de C:\Program Files\fichiers communs 24/03/2007 13:40 <REP> . 24/03/2007 13:40 <REP> .. 16/12/2006 17:52 <REP> Adobe 09/12/2006 21:56 <REP> Ahead 09/12/2006 21:21 <REP> Designer 08/09/2007 19:43 <REP> InstallShield 14/12/2006 10:17 <REP> Java 16/01/2007 20:46 <REP> Microsoft Shared 09/12/2006 15:51 <REP> MSSoap 09/12/2006 15:43 <REP> ODBC 24/03/2007 13:40 <REP> Panasonic 09/12/2006 15:51 <REP> Services 14/03/2007 19:58 <REP> Softwin 09/12/2006 15:43 <REP> SpeechEngines 09/12/2006 21:21 <REP> System 0 fichier(s) 0 octets 15 Rép(s) 18 789 871 616 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 3430-2C4B Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 09/12/2006 15:58 <REP> . 09/12/2006 15:58 <REP> .. 18/05/2001 17:57 561 209 MSONSEXT.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 18/03/1999 05:37 593 977 RAGENT.DLL 4 fichier(s) 1 405 156 octets 2 Rép(s) 18 789 871 616 octets libres c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe c:\Documents and Settings\Celina\.housecall6.6\getMac.exe c:\Documents and Settings\Celina\.housecall6.6\patch.exe c:\Documents and Settings\Celina\.housecall6.6\tsc.exe c:\Documents and Settings\Celina\Bureau\SDFix.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Celina\Bureau\DiagHelp\tar.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\catchme.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\dummy.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\cliptext.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\download.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\drivers.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\dummy.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\ERUNT.EXE c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\FixPath.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\isadmin.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\LS.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\MD5File.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\moveex.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\Process.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\procs.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\psservice.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\RegDACL.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\regedit.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\RestartIt!.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\sc.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\SF.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\shutdown.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\swreg.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\swsc.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\unzip.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\WINMSG.EXE c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\zip.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\Replace\XP.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\backups\attrib.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\backups\find.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\backups\findstr.exe c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\backups\regedit.exe c:\Documents and Settings\Invite\Local Settings\Temporary Internet Files\Content.IE5\S1QVW1QV\gg77[1].exe c:\Documents and Settings\Micheal\Local Settings\Temp\46484.exe c:\Documents and Settings\Micheal\Local Settings\Temp\47718.exe c:\Documents and Settings\Micheal\Local Settings\Temp\702953.exe c:\Documents and Settings\Micheal\Local Settings\Temp\dotnetfx.exe c:\Documents and Settings\Micheal\Local Settings\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe c:\Documents and Settings\Micheal\Local Settings\Temp\jre-6u2-windows-i586-p-iftw_7070c3f7.exe c:\Documents and Settings\Micheal\Local Settings\Temp\setup_wm.exe c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\285118USAM.EXE c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\PSSService.exe c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\VCREDIST.EXE c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\WMFDist.exe c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\wmpcdcs8.exe c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\285118USAM.EXE c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\PSSService.exe c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\VCREDIST.EXE c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\WMFDist.exe c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\wmpcdcs8.exe c:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\q.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules404\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules404\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules404\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules405\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules405\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules405\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules406\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules406\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules406\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules407\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules407\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules407\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules408\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules408\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules408\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules409\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules409\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules409\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40b\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40b\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40b\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40c\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40c\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40c\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40e\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40e\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40e\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules410\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules410\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules410\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules411\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules411\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules411\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules412\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules412\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules412\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules413\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules413\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules413\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules414\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules414\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules414\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules415\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules415\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules415\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules419\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules419\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules419\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41D\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41D\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41D\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41E\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41E\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41E\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41F\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41F\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41F\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules804\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules804\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules804\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules816\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules816\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules816\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModulesc0a\CNMlr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModulesc0a\CNMsr78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModulesc0a\CNMur78.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNM_0260.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMBR260.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDRV.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDUMP5.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMFUS.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMINST.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLMON2.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCN.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCZ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDK.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRES.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFI.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRGR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRHU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRIT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRJ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRKR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNO.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRRU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRSE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTH.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTW.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMOP78.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMP_260.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPCOMM.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPD.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPP.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPV.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMQUEUE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSMSD.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCN.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCZ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDK.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRES.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFI.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRGR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRHU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRIT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRJ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRKR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNO.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRPL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRPT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRRU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRSE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTH.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTW.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSTMN.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMUI.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMUR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURCN.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURCZ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURDE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURDK.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURES.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURFI.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURFR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURGR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURHU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURIT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURJ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURKR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURNL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURNO.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURPL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURPT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURRU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURSE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTH.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTW.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMVS.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMW3.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmi040c.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnminst2.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis4.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis5.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\devid.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Celina\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

Voici les scans SDFIX et HijackThis : SDFix: Version 1.117 Run by Celina on 09/12/2007 at 12:37 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\Celina\Bureau\SDFIX\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Documents and Settings\Micheal\Local Settings\Temp\2.dllb - Deleted C:\Documents and Settings\Micheal\Local Settings\Temp\5.dllb - Deleted C:\Documents and Settings\Micheal\Local Settings\Temp\6.dllb - Deleted C:\Documents and Settings\Micheal\Local Settings\Temp\7.dllb - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 12:41:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.5" "C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Remaining Files: --------------- File Backups: - C:\DOCUME~1\Celina\Bureau\SDFIX\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 14 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 8 Dec 2007 21,504 ...H. --- "C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\q.dll" Finished! Et enfin HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 12:45:21, on 09/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g\WLANUTL.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165677364702 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6BB3C3AD-E6D0-41E5-AA6E-880016EA099F}: NameServer = 192.168.1.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Bonjour et merci pour votre reponse. Je vais faire ce que vous me conseillez, mais avant je voudrai juste signaler que pour le mode sans echec, j^ai un probleme : le mode sans echec ne fonctionne pas, en effet apres avoir choisi ma session, windows redemarre systematiquement. J' opte en attendant pour le mode sans echec avec prise en charge reseau, qui lui fonctionne... De plus j' ai remarqué que lors de mon démarrage, je n' ai plus l' écran d' acces au BIOS comme j' avais avant. IL me met maintenant des le démarrage un écran graphique, avec un image contenant " Asus....". De plus, lorsque je presse f5 ou f8 des les démarrage, j' obtiens une fenetre qui me demande de choisir mon boot device, et la j' ai deux choix : - 3MTSSTCorpCD/DVDW SH-S183A ou 4MST3250220AS. ALors que je n' avais pas cela avant ... cela ne me laisse rien présager de bon. Je resinstallerai bien XP mais je n' ai pas le SP2 inclu et mon CD d' install ne detecte pas toutes mes partitions et je crain de les perdre. Je vais donc déja suivre la procédure que vous me conseillez avec le mode sans échec avec prise en charge réseau. Merci encore.

Bonjour, VOici mon LogHijacThis apres avoir suivi la prodcédure (Antivir en mode sans echec ... -> sauf que j ai été obligé de demarrer en mode sans echec avec prise en charge reseau, car en mode sans echec simple mon ordi reboot apres l' identification de l'utilisateur et j ai essaye avec admin et aussi avc mon utilisateur cela ne change rien ...). qq1 peut il m' aider? les fichier infectés par spabot.nac ne peuvent etre supprimes car utilises par un process et le fichier C:\pagefile.sys [WARNING] The file could not be opened! Merci ... ogfile of HijackThis v1.99.1 Scan saved at 14:25:42, on 08/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165677364702 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6BB3C3AD-E6D0-41E5-AA6E-880016EA099F}: NameServer = 192.168.1.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Bonjour, Depuis maintenant un bon moment, je pense etre infectée par un virus qui modifie mon adresse IP. Il m' oblige a reinstaller TCP/IP avec le netsh winsock reset, voir netsh int ip reset z afin de récupérer ma connexion. J' ai bitdefender comme antivirus et celui-ci me trouve réguilerement des fichiers infectés tels que: File c:\cp1382.nls infected with Trojan.Spabot.NAC. Mais je ne trouve rien pour eradiquer ce trojan ... J' ai deja essayé AVG, Spybot mais eux ne trouvent rien. Je n' arrive vraiment pas a m' en débarasse seule, alors je me résoud a demander de l'aide auprès de vous. J' ai windowns XP avec le SP2. Je vous joins un post HikjackThis. Merci d' avance pour votre aide. Logfile of HijackThis v1.99.1 Scan saved at 11:53:05, on 08/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g\WLANUTL.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165677364702 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6BB3C3AD-E6D0-41E5-AA6E-880016EA099F}: NameServer = 192.168.1.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)