nikita02

bonsoir , gof voici le rapport de kaspersky que tu m as demander j espere que se rapport pourra tant dire plus concernant mon probleme . j KASPERSKY ONLINE SCANNER REPORT Monday, January 28, 2008 2:05:58 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 28/01/2008 Kaspersky Anti-Virus database records: 499185 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 56160 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:52:42 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\katia\Cookies\index.dat Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Messenger\nikita02toutoun@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Messenger\nikita02toutoun@hotmail.fr\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Messenger\nikita02toutoun@hotmail.fr\SharingMetadata\Working\database_E264_226_6401_FE53\dfsr.db Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Messenger\nikita02toutoun@hotmail.fr\SharingMetadata\Working\database_E264_226_6401_FE53\fsr.log Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Messenger\nikita02toutoun@hotmail.fr\SharingMetadata\Working\database_E264_226_6401_FE53\fsrtmp.log Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Messenger\nikita02toutoun@hotmail.fr\SharingMetadata\Working\database_E264_226_6401_FE53\tmp.edb Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Windows Live Contacts\nikita02toutoun@hotmail.fr\real\members.stg Object is locked skipped C:\Documents and Settings\katia\Local Settings\Application Data\Microsoft\Windows Live Contacts\nikita02toutoun@hotmail.fr\shadow\members.stg Object is locked skipped C:\Documents and Settings\katia\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\katia\Local Settings\Historique\History.IE5\MSHist012008012820080129\index.dat Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temp\Perflib_Perfdata_798.dat Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temp\Perflib_Perfdata_dac.dat Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temp\Perflib_Perfdata_db4.dat Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temp\~DF80EC.tmp Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temp\~DFC99A.tmp Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temp\~DFC9A7.tmp Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temp\~DFE12C.tmp Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temp\~DFE13A.tmp Object is locked skipped C:\Documents and Settings\katia\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\katia\NTUSER.DAT Object is locked skipped C:\Documents and Settings\katia\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037743.dll Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037744.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037745.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037746.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037747.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037748.dll Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037749.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037750.dll Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037751.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037752.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037753.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037754.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037755.dll Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037756.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP256\A0037757.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP260\A0037994.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP280\A0045076.exe Object is locked skipped C:\System Volume Information\_restore{15C08565-D44B-4C88-8DDE-E540104B1B32}\RP310\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. e tant remercie a l avance pour ton aide. par contre je rencontre un autre probleme sur mon pc a chaque fois que je veux graver sur un dvd en passant par nero mon pc s eteint automatiquement a 2 reprise de gravure et a la 3 eme fois il ne s eteint plus . je ne comprend pas c est pour cela que je me retourne vers toi je te remercie cordialement nikita02

bonjour Gof, voici mon rapport de diag tant attendu : j'ai eu un mal fou mais voila, tout est bien qui finit bien (mon pc n'arrete pas de s'éteindre) DiagHelp version v1.4 - http://www.malekal.com excute le 23/01/2008 à 15:09:54,23 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->23/01/2008 15:09:52 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->23/01/2008 15:08:45 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->23/01/2008 15:07:06 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->23/01/2008 14:46:06 C:\WINDOWS\prefetch\FIND.EXE-0EC32F1E.pf -->23/01/2008 14:45:10 C:\WINDOWS\prefetch\GZIP.EXE-19768360.pf -->23/01/2008 14:42:51 C:\WINDOWS\prefetch\NTVDM.EXE-1A10A423.pf -->23/01/2008 14:42:02 C:\WINDOWS\prefetch\SORT.EXE-194AE83C.pf -->23/01/2008 14:42:01 C:\WINDOWS\prefetch\REG.EXE-0D2A95F7.pf -->23/01/2008 14:41:46 C:\WINDOWS\prefetch\KPROCCHECK.EXE-05BD3957.pf -->23/01/2008 14:41:46 C:\WINDOWS\System32\drivers\avgclean.sys -->21/12/2007 09:27:09 C:\WINDOWS\System32\drivers\avgmfx86.sys -->21/12/2007 09:26:59 C:\WINDOWS\System32\drivers\avg7core.sys -->04/12/2007 19:34:41 C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54 C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 18:20:55 C:\WINDOWS\System32\drivers\update.sys -->23/04/2007 11:32:54 C:\WINDOWS\System32\drivers\avg7rsxp.sys -->28/02/2007 16:30:40 C:\WINDOWS\System32\wpa.dbl -->23/01/2008 09:19:15 C:\WINDOWS\System32\MRT.exe -->02/01/2008 19:21:36 C:\WINDOWS\System32\PerfStringBackup.INI -->17/12/2007 17:54:24 C:\WINDOWS\System32\perfh00C.dat -->17/12/2007 17:54:24 C:\WINDOWS\System32\perfh009.dat -->17/12/2007 17:54:24 C:\WINDOWS\System32\perfc00C.dat -->17/12/2007 17:54:24 C:\WINDOWS\System32\perfc009.dat -->17/12/2007 17:54:24 C:\WINDOWS\System32\FNTCACHE.DAT -->13/12/2007 22:50:22 C:\WINDOWS\System32\TZLog.log -->13/12/2007 03:03:44 C:\WINDOWS\System32\jscript.dll -->14/11/2007 08:28:02 C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11 C:\WINDOWS\System32\lsasrv.dll -->07/11/2007 10:28:31 C:\WINDOWS\System32\mshtml.dll -->30/10/2007 10:57:54 C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32 C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16 C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25 C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30 C:\WINDOWS\System32\LegitCheckControl.dll -->11/10/2007 14:12:48 C:\WINDOWS\System32\wininet.dll -->11/10/2007 06:59:29 C:\WINDOWS\System32\urlmon.dll -->11/10/2007 06:59:29 C:\WINDOWS\System32\shlwapi.dll -->11/10/2007 06:59:28 C:\WINDOWS\System32\shdocvw.dll -->11/10/2007 06:59:28 C:\WINDOWS\System32\pngfilt.dll -->11/10/2007 06:59:27 C:\WINDOWS\System32\mstime.dll -->11/10/2007 06:59:27 C:\WINDOWS\System32\msrating.dll -->11/10/2007 06:59:26 C:\WINDOWS\WindowsUpdate.log -->23/01/2008 14:40:03 C:\WINDOWS\NeroDigital.ini -->23/01/2008 12:16:54 C:\WINDOWS.log -->23/01/2008 09:19:11 C:\WINDOWS\wiaservc.log -->23/01/2008 09:19:10 C:\WINDOWS\wiadebug.log -->23/01/2008 09:19:10 C:\WINDOWS\bootstat.dat -->23/01/2008 09:18:55 C:\WINDOWS\SchedLgU.Txt -->23/01/2008 09:17:15 C:\WINDOWS\ntbtlog.txt -->18/01/2008 19:54:54 C:\WINDOWS\system.ini -->18/01/2008 15:04:28 C:\WINDOWS\setupapi.log -->15/01/2008 15:49:45 C:\WINDOWS\QTFont.qfn -->12/01/2008 18:31:50 C:\WINDOWS\wmsetup.log -->12/01/2008 14:34:38 C:\WINDOWS\regopt.log -->11/01/2008 16:21:41 C:\WINDOWS\tsoc.log -->09/01/2008 21:17:03 C:\WINDOWS\ocmsn.log -->09/01/2008 21:17:03 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1724 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x02e40000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x020a0000 0x13000 1.00.0000.0001 C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll 0x020c0000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x621a0000 0x10000 7.05.0000.0409 C:\Program Files\Grisoft\AVG7\avgse.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x01ec0000 0xd000 7.00.0009.0050 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x16210000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll 0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll 0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL 0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 684 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x11000 6.14.0010.4129 C:\WINDOWS\system32\Ati2evxx.dll 0x01fd0000 0x3b000 1.07.0017.0000 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6401-FE53 Répertoire de C:\WINDOWS\system32 05/08/2004 13:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 177 776 132 096 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6401-FE53 Répertoire de C:\WINDOWS\Downloaded Program Files 30/12/2007 16:03 <REP> . 30/12/2007 16:03 <REP> .. 27/03/2007 15:19 408 912 AdSignerADP.dll 09/03/2007 08:40 747 AdSignerADP.inf 27/03/2007 15:19 273 744 AdVerifierADP.dll 23/03/2006 18:04 65 desktop.ini 06/09/2004 10:47 782 FlashAX.inf 08/08/2006 11:45 576 kavwebscan.inf 04/12/2006 15:16 144 QTPlugin.inf 14/02/2007 15:30 144 setup.inf 8 fichier(s) 685 114 octets Total des fichiers listés : 8 fichier(s) 685 114 octets 2 Rép(s) 177 776 132 096 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Call" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 15:11:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... IPC error: 2 Le fichier spécifié est introuvable. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2] "C040211900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 408 - avgamsvr.exe 516 - HPZipm12.exe 616 - svchost.exe 652 - csrss.exe 684 - winlogon.exe 728 - services.exe 740 - lsass.exe 932 - svchost.exe 952 - emule.exe 1004 - svchost.exe 1100 - svchost.exe 1200 - svchost.exe 1372 - svchost.exe 1580 - spoolsv.exe 1724 - explorer.exe 1844 - vbptask.exe 1900 - CLI.exe 1908 - avgcc.exe 1948 - ctfmon.exe 1972 - msnmsgr.exe 2232 - alg.exe 2392 - wuauclt.exe 2900 - IEXPLORE.EXE 3068 - cmd.exe 3120 - IEXPLORE.EXE 3236 - CLI.exe 3244 - CLI.exe 3540 - usnsvc.exe 3576 - svchost.exe 3656 - livecall.exe Total number of processes = 31 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806FD000 - \WINDOWS\system32\hal.dll F7D2E000 - \WINDOWS\system32\KDCOM.DLL F7C3E000 - \WINDOWS\system32\BOOTVID.dll F77DE000 - ACPI.sys F7D30000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F77CD000 - pci.sys F782E000 - isapnp.sys F783E000 - ohci1394.sys F784E000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7DF6000 - pciide.sys F7AAE000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F785E000 - MountMgr.sys F77AE000 - ftdisk.sys F7AB6000 - PartMgr.sys F7DF7000 - siside.sys F786E000 - VolSnap.sys F7796000 - atapi.sys F787E000 - disk.sys F788E000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7776000 - fltMgr.sys F7764000 - sr.sys F7ABE000 - PxHelp20.sys F774D000 - KSecDD.sys F76C0000 - Ntfs.sys F7693000 - NDIS.sys F7668000 - VVBackd5.sys F7C42000 - sisperf.sys F789E000 - sisidex.sys F78AE000 - RITCPT.sys F764D000 - Mup.sys F6D8B000 - \SystemRoot\system32\DRIVERS\intelppm.sys F6BBD000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F6BA9000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F6D7B000 - \SystemRoot\system32\DRIVERS\imapi.sys F6D6B000 - \SystemRoot\system32\DRIVERS\cdrom.sys F6D5B000 - \SystemRoot\system32\DRIVERS\redbook.sys F6B86000 - \SystemRoot\system32\DRIVERS\ks.sys F67F7000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F67D3000 - \SystemRoot\system32\drivers\portcls.sys F6D4B000 - \SystemRoot\system32\drivers\drmk.sys F7B4E000 - \SystemRoot\system32\DRIVERS\usbohci.sys F67B0000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7B56000 - \SystemRoot\system32\DRIVERS\usbehci.sys F6791000 - \SystemRoot\system32\DRIVERS\SiSGbeXP.sys F6D3B000 - \SystemRoot\system32\DRIVERS\nic1394.sys F7B5E000 - \SystemRoot\system32\DRIVERS\fdc.sys F6780000 - \SystemRoot\system32\DRIVERS\serial.sys F7CFE000 - \SystemRoot\system32\DRIVERS\serenum.sys F676C000 - \SystemRoot\system32\DRIVERS\parport.sys F78DE000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7B66000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7E72000 - \SystemRoot\system32\DRIVERS\audstub.sys F78EE000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7D02000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F6755000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F78FE000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F790E000 - \SystemRoot\system32\DRIVERS\raspptp.sys F7B6E000 - \SystemRoot\system32\DRIVERS\TDI.SYS F6744000 - \SystemRoot\system32\DRIVERS\psched.sys F791E000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7B76000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7B7E000 - \SystemRoot\system32\DRIVERS\raspti.sys F792E000 - \SystemRoot\system32\DRIVERS\termdd.sys F7B86000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7D4A000 - \SystemRoot\system32\DRIVERS\swenum.sys F66EB000 - \SystemRoot\system32\DRIVERS\update.sys F7D12000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F793E000 - \SystemRoot\System32\Drivers\NDProxy.SYS F796E000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7D4C000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7D52000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7F45000 - \SystemRoot\System32\Drivers\Null.SYS F7D54000 - \SystemRoot\System32\Drivers\Beep.SYS F7F46000 - \SystemRoot\System32\Drivers\avgclean.sys F7B96000 - \SystemRoot\System32\drivers\vga.sys F7D56000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7D58000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7B9E000 - \SystemRoot\System32\Drivers\Msfs.SYS F7BA6000 - \SystemRoot\System32\Drivers\Npfs.SYS F7611000 - \SystemRoot\system32\DRIVERS\rasacd.sys AAF3C000 - \SystemRoot\system32\DRIVERS\ipsec.sys AAEE4000 - \SystemRoot\system32\DRIVERS\tcpip.sys AAEBC000 - \SystemRoot\system32\DRIVERS\netbt.sys AAE9B000 - \SystemRoot\system32\DRIVERS\ipnat.sys AAE79000 - \SystemRoot\System32\drivers\afd.sys F798E000 - \SystemRoot\system32\DRIVERS\netbios.sys AAE4E000 - \SystemRoot\system32\DRIVERS\rdbss.sys AADDF000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F799E000 - \SystemRoot\System32\Drivers\Fips.SYS F79AE000 - \SystemRoot\system32\DRIVERS\wanarp.sys F79BE000 - \SystemRoot\system32\DRIVERS\arp1394.sys F7CE2000 - \SystemRoot\system32\DRIVERS\hidusb.sys F79CE000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F7BAE000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS AAC4E000 - \SystemRoot\System32\Drivers\avg7core.sys F7BBE000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F7CE6000 - \SystemRoot\system32\DRIVERS\mouhid.sys F7D70000 - \SystemRoot\System32\Drivers\avg7rsw.sys F7BC6000 - \SystemRoot\System32\Drivers\avg7rsxp.sys F7A2E000 - \SystemRoot\System32\Drivers\Cdfs.SYS AAC36000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7D76000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F66C3000 - \SystemRoot\System32\drivers\Dxapi.sys F7BDE000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7E6D000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA17000 - \SystemRoot\System32\ati2cqag.dll BFA56000 - \SystemRoot\System32\atikvmag.dll BFA8C000 - \SystemRoot\System32\ati3duag.dll BFD10000 - \SystemRoot\System32\ativvaxx.dll F66C7000 - \SystemRoot\system32\DRIVERS\ndisuio.sys A8721000 - \SystemRoot\system32\drivers\wdmaud.sys F7A1E000 - \SystemRoot\system32\drivers\sysaudio.sys A84C4000 - \SystemRoot\system32\DRIVERS\mrxdav.sys A835A000 - \SystemRoot\system32\DRIVERS\srv.sys A8099000 - \SystemRoot\System32\Drivers\HTTP.sys A7A2E000 - \SystemRoot\system32\drivers\kmixer.sys F7F62000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 121 Liste des programmes installes 2570 2570_Help 2570Trb Adobe Flash Player 9 ActiveX Adobe Reader 7.0.9 - Français Adobe Shockwave Player AiO_Scan_CDA AiOSoftwareNPI Archiveur WinRAR ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver AVG 7.5 BufferChm Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB893357) Correctif pour Windows XP (KB896256) Correctif pour Windows XP (KB910728) Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB887797 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB892627 Correctif Windows XP - KB893056 Correctif Windows XP - KB893086 CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config CueTour CustomerResearchQFolder Destinations DeviceFunctionQFolder DeviceManagementQFolder DocProc DocumentViewer DocumentViewerQFolder eMule eSupportQFolder Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP Fax_CDA FullDPAppQFolder Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) HP Document Viewer 5.3 HP Extended Capabilities 5.3 HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP PSC & OfficeJet 5.3.A HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant i-Covers 2007.e InstantShareDevices Java 6 Update 2 Java SE Runtime Environment 6 JourneySoftware JourneySoftwarePromo K-Lite Mega Codec Pack 1.70 Kaspersky On-line Scanner Kaspersky Online Scanner Lecteur Windows Media 11 Les Simpson - Le film Screen Saver MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937143) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB939653) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB942615) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB942840) Mise à jour pour Windows XP (KB946627) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Navilog1 3.4.0 Nero Suite Neuf - Kit de connexion NewCopy_CDA PanoStandAlone PhotoGallery ProductContextNPI RandMap Readme Realtek AC'97 Audio Recover Pro Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update pour Microsoft .NET Framework 2.0 (KB928365) SiSAGP driver SkinsHP1 SolutionCenter Sonic_PrimoSDK Status TrayApp unika_setup Unload VideoLAN VLC media player 0.8.6a Visionneuse Journal Windows Microsoft WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live OneCare safety scanner Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6401-FE53 Répertoire de C:\Program Files 15/01/2008 22:05 <REP> . 15/01/2008 22:05 <REP> .. 24/03/2006 09:24 <REP> Adobe 30/12/2007 15:48 <REP> Ahead 24/03/2006 09:18 <REP> ATI Technologies 23/03/2006 18:03 <REP> ComPlus Applications 23/01/2008 14:52 <REP> eMule 04/01/2008 18:10 <REP> Fichiers communs 15/01/2008 15:47 <REP> Google 28/02/2007 16:30 <REP> Grisoft 20/03/2007 19:04 <REP> Hewlett-Packard 23/03/2006 18:15 <REP> HighMAT CD Writing Wizard 20/03/2007 19:07 <REP> HP 30/05/2007 20:42 <REP> i-Covers 13/12/2007 03:03 <REP> Internet Explorer 19/08/2007 18:27 <REP> Java 14/04/2007 11:00 <REP> K-Lite Codec Pack 28/02/2007 15:29 <REP> McAfee.com 23/03/2006 18:19 <REP> Messenger 16/09/2007 02:01 <REP> Microsoft CAPICOM 2.1.0.2 23/03/2006 18:05 <REP> microsoft frontpage 24/03/2006 09:56 <REP> Microsoft Office 24/03/2006 09:55 <REP> Microsoft Works 24/03/2006 09:56 <REP> Microsoft.NET 23/03/2006 18:03 <REP> Movie Maker 20/01/2007 16:01 <REP> MSN 23/03/2006 18:02 <REP> MSN Gaming Zone 14/09/2007 18:18 <REP> MSN Messenger 28/02/2007 22:41 <REP> MSXML 4.0 18/01/2008 15:09 <REP> Navilog1 23/03/2006 18:03 <REP> NetMeeting 04/12/2007 18:42 <REP> Neuf 23/03/2006 18:02 <REP> Online Services 28/08/2007 10:34 <REP> OpenOffice.org 2.2 13/06/2007 19:01 <REP> Outlook Express 23/03/2006 18:15 <REP> Phoenix Technologies Ltd 01/03/2007 13:34 <REP> QuickTime 24/03/2006 09:14 <REP> Realtek AC97 28/02/2007 13:43 <REP> Securitoo 23/03/2006 18:03 <REP> Services en ligne 24/03/2006 08:52 <REP> sisagp 24/03/2006 09:34 <REP> unika 17/04/2007 17:56 <REP> VideoLAN 23/03/2006 18:09 <REP> Windows Journal Viewer 10/12/2007 20:52 <REP> Windows Live Safety Center 04/12/2007 19:11 <REP> Windows Live Toolbar 13/03/2007 22:35 <REP> Windows Media Connect 13/03/2007 22:36 <REP> Windows Media Connect 2 13/03/2007 22:36 <REP> Windows Media Player 23/03/2006 18:02 <REP> Windows NT 06/05/2007 11:19 <REP> WinRAR 23/03/2006 18:05 <REP> xerox 0 fichier(s) 0 octets 52 Rép(s) 177 775 951 872 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6401-FE53 Répertoire de C:\Program Files\fichiers communs 04/01/2008 18:10 <REP> . 04/01/2008 18:10 <REP> .. 05/03/2007 19:38 <REP> Adobe 24/03/2006 09:42 <REP> Ahead 24/03/2006 09:56 <REP> DESIGNER 20/03/2007 19:03 <REP> Hewlett-Packard 20/03/2007 19:06 <REP> HP 24/03/2006 09:18 <REP> InstallShield 16/08/2007 16:02 <REP> Java 13/12/2007 22:10 <REP> Microsoft Shared 23/03/2006 18:03 <REP> MSSoap 24/03/2006 09:50 <REP> Nero 23/03/2006 18:57 <REP> ODBC 23/03/2006 18:03 <REP> Services 20/03/2007 19:06 <REP> Sonic Shared 23/03/2006 18:57 <REP> SpeechEngines 25/07/2007 21:51 <REP> SWF Studio 05/01/2008 19:19 <REP> Symantec Shared 13/06/2007 19:01 <REP> System 0 fichier(s) 0 octets 19 Rép(s) 177 775 951 872 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6401-FE53 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 13/12/2007 22:11 <REP> . 13/12/2007 22:11 <REP> .. 24/03/2006 09:56 <REP> 1033 13/12/2007 22:11 <REP> 1036 20/09/2005 12:33 1 293 008 MSONSEXT.DLL 22/03/2007 19:29 39 256 MSOSV.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 5 fichier(s) 1 662 682 octets 4 Rép(s) 177 775 951 872 octets libres c:\Documents and Settings\katia\Bureau\ComboFix.exe c:\Documents and Settings\katia\Bureau\HijackThis.exe c:\Documents and Settings\katia\Bureau\OOo_2.2.1_Win32Intel_install_wJRE_fr.exe c:\Documents and Settings\katia\Bureau\BTFix\BTFix.exe c:\Documents and Settings\katia\Bureau\BTFix\BTFixBackups\pealizdh.exe c:\Documents and Settings\katia\Bureau\BTFix\BTFixBackups\smcjvpvv.exe c:\Documents and Settings\katia\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\katia\Bureau\DiagHelp\diff.exe c:\Documents and Settings\katia\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\katia\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\katia\Bureau\DiagHelp\find2.exe c:\Documents and Settings\katia\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\katia\Bureau\DiagHelp\grep.exe c:\Documents and Settings\katia\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\katia\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\katia\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\katia\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\katia\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\katia\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\katia\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\katia\Bureau\DiagHelp\streams.exe c:\Documents and Settings\katia\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\katia\Bureau\DiagHelp\tar.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\katia\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_SY6PTD86.tar.gz a l'adresse http://upload.malekal.com pour ce qui concerne le démarrage sans échec de mon pc : il reboote en mode normal lorsque , une fois que le bureau s'affiche complétement en mode sans échec et que je veux ouvrir un dossier quelconque. pour mes fichiers disparus : des fichiers comme des jeux windows, word, photos...tout semble avoir disparu... word , par exemple, apparait dans mon menu démarrer mais je ne peux y accéder: cela fait comme "un fichier protégé" que l'on ne peut ouvrir... par contre, j'ai remarqué dans "dossiers de partage" de mon Emule, apparaissent bcp de fichiers qui devraient etre , d'après moi dans le système.. sur le bureau de mon pc, apparaissent d'autre dossiers semble-t-il du système je n'ose rien y faire de peur de supprimer des choses importantes ... ne faudrait-il pas formater mon pc ??? ou bien créer un point de restauration antérieur à mes infections afin de retrouver tout ça... je ne peux meme pas supprimer emule car j'ai peur de supprimer des fichiers importants... je suis réellement perdue. peux-tu m'aider sur ce coup là ?? merci d'avance

bonjour Gof, voici mon rapport de diag tant attendu : j'ai eu un mal fou mais voila, tout est bien qui finit bien (mon pc n'arrete pas de s'éteindre) DiagHelp version v1.4 - http://www.malekal.com excute le 23/01/2008 à 15:09:54,23 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->23/01/2008 15:09:52 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->23/01/2008 15:08:45 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->23/01/2008 15:07:06 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->23/01/2008 14:46:06 C:\WINDOWS\prefetch\FIND.EXE-0EC32F1E.pf -->23/01/2008 14:45:10 C:\WINDOWS\prefetch\GZIP.EXE-19768360.pf -->23/01/2008 14:42:51 C:\WINDOWS\prefetch\NTVDM.EXE-1A10A423.pf -->23/01/2008 14:42:02 C:\WINDOWS\prefetch\SORT.EXE-194AE83C.pf -->23/01/2008 14:42:01 C:\WINDOWS\prefetch\REG.EXE-0D2A95F7.pf -->23/01/2008 14:41:46 C:\WINDOWS\prefetch\KPROCCHECK.EXE-05BD3957.pf -->23/01/2008 14:41:46 C:\WINDOWS\System32\drivers\avgclean.sys -->21/12/2007 09:27:09 C:\WINDOWS\System32\drivers\avgmfx86.sys -->21/12/2007 09:26:59 C:\WINDOWS\System32\drivers\avg7core.sys -->04/12/2007 19:34:41 C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54 C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 18:20:55 C:\WINDOWS\System32\drivers\update.sys -->23/04/2007 11:32:54 C:\WINDOWS\System32\drivers\avg7rsxp.sys -->28/02/2007 16:30:40 C:\WINDOWS\System32\wpa.dbl -->23/01/2008 09:19:15 C:\WINDOWS\System32\MRT.exe -->02/01/2008 19:21:36 C:\WINDOWS\System32\PerfStringBackup.INI -->17/12/2007 17:54:24 C:\WINDOWS\System32\perfh00C.dat -->17/12/2007 17:54:24 C:\WINDOWS\System32\perfh009.dat -->17/12/2007 17:54:24 C:\WINDOWS\System32\perfc00C.dat -->17/12/2007 17:54:24 C:\WINDOWS\System32\perfc009.dat -->17/12/2007 17:54:24 C:\WINDOWS\System32\FNTCACHE.DAT -->13/12/2007 22:50:22 C:\WINDOWS\System32\TZLog.log -->13/12/2007 03:03:44 C:\WINDOWS\System32\jscript.dll -->14/11/2007 08:28:02 C:%

bonjour Gof, excuse moi de ce retour un peu tardif mais j'ai une famille nombreuse et je ne peux pas toujours aller sur mon pc comme je le voudrais et de plus ma cousine qui m'aide sur la réparation de mon pc a été malade... enfin bref, me voici prête pour t'envoyer les rapports RAPPORT DE BTFIX rapport 1 : BTFix 1.070 (par bibi26) - 18/01/2008 14:49:51 - Analyse Lancé depuis C:\Documents and Settings\katia\Bureau\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés - [Heuristique : Hotbar] C:\WINDOWS\system32\pealizdh.exe - [Heuristique : Hotbar] C:\WINDOWS\system32\smcjvpvv.exe - C:\Documents and Settings\katia\Application Data\Hotbar\ - C:\Documents and Settings\katia\Application Data\WeatherDPA\ - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\ - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\ ---> Analyse terminée rapport 2 BTFix 1.070 (par bibi26) - 18/01/2008 14:50:39 - Nettoyage - Mode normal Lancé depuis C:\Documents and Settings\katia\Bureau\BTFix\BTFix.exe ---> Fichiers/dossiers supprimés (Première passe) - Fichiers temporaires effacés - [Heuristique : Hotbar] C:\WINDOWS\system32\pealizdh.exe - [Heuristique : Hotbar] C:\WINDOWS\system32\smcjvpvv.exe - C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\ - C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\ - C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\ - C:\Documents and Settings\katia\Application Data\Hotbar\ - C:\Documents and Settings\katia\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\ - C:\Documents and Settings\katia\Application Data\WeatherDPA\Weather\WeatherDPA\ - C:\Documents and Settings\katia\Application Data\WeatherDPA\Weather\ - C:\Documents and Settings\katia\Application Data\WeatherDPA\ - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\ - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar\ ---> Nettoyage terminé voici le rapport COMBOFIX ComboFix 08-01-18.4 - katia 2008-01-18 15:03:19.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 1:00] Running from: C:\Documents and Settings\katia\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\katia\Bureau\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\avjimca.exe C:\WINDOWS\system32\awvts.dll C:\WINDOWS\system32\bbeeg.bak1 C:\WINDOWS\system32\bgygnh.exe C:\WINDOWS\system32\bjtgjem.exe C:\WINDOWS\system32\cbxvwvv.dll C:\WINDOWS\system32\dbiumqkizu.exe C:\WINDOWS\system32\dneirk.exe C:\WINDOWS\system32\dowxermh.exe C:\WINDOWS\system32\dzxvyufc.exe C:\WINDOWS\system32\eyrdejsrqa.exe C:\WINDOWS\system32\fcccyvw.dll C:\WINDOWS\system32\geebb.dll C:\WINDOWS\system32\gxqlexh.exe C:\WINDOWS\system32\hzoxysoce.exe C:\WINDOWS\system32\jdprpjuzd.exe C:\WINDOWS\system32\jnuervrt.exe C:\WINDOWS\system32\jypyhir.exe C:\WINDOWS\system32\kpzbinjxya.exe C:\WINDOWS\system32\lttbau.exe C:\WINDOWS\system32\nmbspkm.exe C:\WINDOWS\system32\pdclkudn.dll C:\WINDOWS\system32\qujnbic.exe C:\WINDOWS\system32\rptyiqr.exe C:\WINDOWS\system32\rtstv.bak1 C:\WINDOWS\system32\rujoikfvvp.exe C:\WINDOWS\system32\rvpwovvek.exe C:\WINDOWS\system32\rvxrpckb.exe C:\WINDOWS\system32\sgebfbwoq.exe C:\WINDOWS\system32\shmiyg.exe C:\WINDOWS\system32\stvwa.bak1 C:\WINDOWS\system32\stvwa.bak2 C:\WINDOWS\system32\telsovyuvm.exe C:\WINDOWS\system32\tmhwuxsh.exe C:\WINDOWS\system32\tozfvsrlv.exe C:\WINDOWS\system32\ubknen.exe C:\WINDOWS\system32\udyxbboicv.exe C:\WINDOWS\system32\uldmiby.exe C:\WINDOWS\system32\ulrnzmi.exe C:\WINDOWS\system32\uokvumydc.exe C:\WINDOWS\system32\uqpjdlpgmq.exe C:\WINDOWS\system32\vbhzfi.exe C:\WINDOWS\system32\vitfykxfz.exe C:\WINDOWS\system32\vnrwmy.exe C:\WINDOWS\system32\vtstr.dll C:\WINDOWS\system32\vtutt.dll C:\WINDOWS\system32\wcfumxnmq.exe C:\WINDOWS\system32\wswesdnoj.exe C:\WINDOWS\system32\wybkdjilns.exe C:\WINDOWS\system32\yeycmbz.exe C:\WINDOWS\system32\yhfxkf.exe C:\WINDOWS\system32\yzguruhcoh.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\avjimca.exe C:\WINDOWS\system32\bbeeg.bak1 C:\WINDOWS\system32\bgygnh.exe C:\WINDOWS\system32\bjtgjem.exe C:\WINDOWS\system32\dbiumqkizu.exe C:\WINDOWS\system32\dneirk.exe C:\WINDOWS\system32\dowxermh.exe C:\WINDOWS\system32\dzxvyufc.exe C:\WINDOWS\system32\eyrdejsrqa.exe C:\WINDOWS\system32\gxqlexh.exe C:\WINDOWS\system32\hzoxysoce.exe C:\WINDOWS\system32\jdprpjuzd.exe C:\WINDOWS\system32\jnuervrt.exe C:\WINDOWS\system32\jypyhir.exe C:\WINDOWS\system32\kpzbinjxya.exe C:\WINDOWS\system32\lttbau.exe C:\WINDOWS\system32\nmbspkm.exe C:\WINDOWS\system32\qujnbic.exe C:\WINDOWS\system32\rptyiqr.exe C:\WINDOWS\system32\rtstv.bak1 C:\WINDOWS\system32\rujoikfvvp.exe C:\WINDOWS\system32\rvpwovvek.exe C:\WINDOWS\system32\rvxrpckb.exe C:\WINDOWS\system32\sgebfbwoq.exe C:\WINDOWS\system32\shmiyg.exe C:\WINDOWS\system32\stvwa.bak1 C:\WINDOWS\system32\stvwa.bak2 C:\WINDOWS\system32\telsovyuvm.exe C:\WINDOWS\system32\tmhwuxsh.exe C:\WINDOWS\system32\tozfvsrlv.exe C:\WINDOWS\system32\ubknen.exe C:\WINDOWS\system32\udyxbboicv.exe C:\WINDOWS\system32\uldmiby.exe C:\WINDOWS\system32\ulrnzmi.exe C:\WINDOWS\system32\uokvumydc.exe C:\WINDOWS\system32\uqpjdlpgmq.exe C:\WINDOWS\system32\vbhzfi.exe C:\WINDOWS\system32\vitfykxfz.exe C:\WINDOWS\system32\vnrwmy.exe C:\WINDOWS\system32\wcfumxnmq.exe C:\WINDOWS\system32\wswesdnoj.exe C:\WINDOWS\system32\wybkdjilns.exe C:\WINDOWS\system32\yeycmbz.exe C:\WINDOWS\system32\yhfxkf.exe C:\WINDOWS\system32\yzguruhcoh.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))))))) . 2008-01-15 22:05 . 2008-01-18 14:55 <REP> d-------- C:\Program Files\Navilog1 2008-01-15 15:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 18:31 . 2008-01-12 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-11 16:44 . 2008-01-11 16:44 <REP> d-------- C:\VundoFix Backups 2008-01-11 16:21 . 2006-03-24 08:54 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-01-11 16:21 . 2006-03-23 18:57 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-01-11 16:21 . 2006-03-23 18:57 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-01-11 16:21 . 2008-01-11 16:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-01-11 16:21 . 2006-03-24 12:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-01-11 16:21 . 2004-11-29 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-01-11 16:21 . 2007-12-12 18:05 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-01-11 16:21 . 2006-03-31 10:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-01-11 16:21 . 2006-03-24 09:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI 2008-01-11 16:21 . 2007-12-12 17:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead 2008-01-04 18:10 . 2008-01-05 19:19 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared 2007-12-30 16:03 . 2007-12-30 16:03 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-30 15:48 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-22 20:53 . 2007-12-22 20:53 <REP> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-18 08:14 --------- d-----w C:\Documents and Settings\katia\Application Data\AVG7 2008-01-15 14:47 --------- d-----w C:\Program Files\Google 2008-01-13 19:40 --------- d-----w C:\Program Files\eMule 2008-01-05 17:58 94,208 ----a-w C:\WINDOWS\DUMP6bba.tmp 2007-12-30 14:48 --------- d-----w C:\Program Files\Ahead 2007-12-22 20:22 --------- d-----w C:\Documents and Settings\katia\Application Data\aMule 2007-12-13 08:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-12-12 20:11 --------- d-----w C:\Documents and Settings\katia\Application Data\dvdcss 2007-12-12 20:09 --------- d-----w C:\Documents and Settings\katia\Application Data\AdobeUM 2007-12-12 19:57 --------- d-----w C:\Documents and Settings\katia\Application Data\MSNInstaller 2007-12-12 19:56 --------- d-----w C:\Documents and Settings\katia\Application Data\Media Player Classic 2007-12-12 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic 2007-12-12 16:59 --------- d-----w C:\Documents and Settings\katia\Application Data\McAfee.com Personal Firewall 2007-12-12 16:58 --------- d-----w C:\Documents and Settings\katia\Application Data\Template 2007-12-12 10:56 --------- d-----w C:\Documents and Settings\katia\Application Data\vlc 2007-12-10 19:52 --------- d-----w C:\Program Files\Windows Live Safety Center 2007-12-07 13:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-04 18:11 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-04 17:42 --------- d-----w C:\Program Files\Neuf 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-15_15.42.34.40 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-15 14:39:07 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-18 14:03:08 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-15 14:39:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-18 14:03:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-15 14:39:07 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-18 14:03:08 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-15 14:39:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-18 14:03:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-15 14:39:08 4,030,464 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-18 14:03:08 3,993,600 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-15 14:39:08 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-18 14:03:08 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "farstone"="" [] "RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-21 16:39 114688] "SoundMan"="SOUNDMAN.EXE" [2006-03-24 09:11 90112 C:\WINDOWS\soundman.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:27 579072] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-04 19:34 219136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] C:\Program Files\Shareaza\Shareaza.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 16:39] R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 16:39] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-17 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-18 15:04:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-18 15:04:54 ComboFix-quarantined-files.txt 2008-01-18 14:04:52 ComboFix2.txt 2008-01-15 14:42:53 . 2008-01-09 20:17:55 --- E O F --- voici enfin le rapport de NAVILOG-1 (il s'agit du rapport du dernier scan fait avec navilog1, après avoir appuyer sur le "2") .... désolée, nous avons oublié lors de la sauvegarde du premier rapport navilog1 de le sauvegarder sous une autre lettre , du coup, le 2ème rapport a écrasé le premier. voici ce rapport Clean Navipromo version 3.4.0 commencé le 18/01/2008 à 15:06:42,29 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Mode suppression automatique *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * hwysuxe.exe trouvé ! Copie hwysuxe.exe réalisée avec succès ! hwysuxe.exe supprimé ! jtvkhco.exe trouvé ! Copie jtvkhco.exe réalisée avec succès ! jtvkhco.exe supprimé ! lfiduuuj.exe trouvé ! Copie lfiduuuj.exe réalisée avec succès ! lfiduuuj.exe supprimé ! qgkowntbdn.exe trouvé ! Copie qgkowntbdn.exe réalisée avec succès ! qgkowntbdn.exe supprimé ! svxjvxrijy.exe trouvé ! Copie svxjvxrijy.exe réalisée avec succès ! svxjvxrijy.exe supprimé ! vkefffbn.exe trouvé ! Copie vkefffbn.exe réalisée avec succès ! vkefffbn.exe supprimé ! * Suppression dans "C:\Documents and Settings\katia\local settings\application data" * *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Suppression dossiers dans "C:\Documents and Settings\katia\application data" *** *** Suppression dossiers dans "C:\Documents and Settings\katia\MENUDM~1\PROGRA~1" *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\katia\local settings\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans C:\WINDOWS\system32 * * Dans "C:\Documents and Settings\katia\local settings\application data" * *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! *** Nettoyage terminé le 18/01/2008 à 15:09:01,07 *** je te souhaite de nouveau bonne lecture... Pour ce qui est du mode sans échec, nous y sommes parvenues mais au chargement final de ce mode, le Pc s'éteint puis reboote en mode normal que se passe-t-il , à ton avis ??? une question nous tourlupine : comment se fait-il que beaucoup de dossier soient vides ??? alors qu'ils étaient à l'origine et que rien n'a été fait de ma part pour les supprimer ???? Cordialement

bonjour Gof, voici les rapports quez tu m'as demandé. en aparte, je n'ai pas pu faire le nettoyage car btfix me demande de le faire en mode sans échec et je ne peux accéder à mon menu de redémarrage en mode sans échec : lorsque que je le fais, mon pc reboote sur un redemarrage normal : impossible de passer en mode sans échec. je ne peux pas non plus faire de nettoyage par btfix en normal. rapport btfix BTFix 1.068 (par bibi26) - 15/01/2008 15:34:13 - Analyse Lancé depuis C:\Documents and Settings\katia\Bureau\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés - [Heuristique : Hotbar] C:\WINDOWS\system32\pealizdh.exe - [Heuristique : Hotbar] C:\WINDOWS\system32\smcjvpvv.exe - C:\Program Files\Seekmo - C:\Program Files\ShoppingReport - C:\Program Files\Hotbar - C:\Documents and Settings\katia\Application Data\ShoppingReport - C:\Documents and Settings\katia\Application Data\Hotbar - C:\Documents and Settings\katia\Application Data\Hotbar_Icons - C:\Documents and Settings\katia\Application Data\WeatherDPA - C:\Documents and Settings\All Users\Application Data\HotbarSA - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hotbar - C:\Documents and Settings\katia\Bureau\Free PC Wallpapers.lnk ---> Analyse terminée rapport cumbo ComboFix 08-01-15.4 - katia 2008-01-15 15:39:22.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.465 [GMT 1:00] Running from: C:\Documents and Settings\katia\Local Settings\Temporary Internet Files\Content.IE5\FRTQS9CM\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\HotbarSA C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht C:\Documents and Settings\katia\Application Data\Hotbar C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383771.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386779.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\1416761.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\2258213.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\251320.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\315066.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\3748274.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\3781325.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\3786197.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\387979.sdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023840 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025284 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026073 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027034 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000044868 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052118 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000053560 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000064073 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000065154 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12457 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130921 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15032 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17040 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19475 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20570 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\241998 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\247895 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\278243 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\279564 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31537 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32242 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33912 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\361427 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\374830 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44320 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4899 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51988 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\526389 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\531510 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53310 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\546899 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\578150 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\600613 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\602763 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\622240 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\639057 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\650283 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\652325 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\658110 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66345 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68019 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68021 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68386 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68949 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\697059 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70449 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704965 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704983 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705248 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705251 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705252 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705253 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705265 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705266 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705290 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705395 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\709557 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\712427 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\751230 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\751231 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753017 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753276 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81785 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87555 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90009 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93921 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94407 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97734 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99739 C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans.idx C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans1.dat C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\cursors.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz1.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz10.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz11.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz12.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz13.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz14.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz15.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz16.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz17.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz18.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz19.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz2.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz20.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz3.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz4.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz5.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz6.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz7.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz8.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz9.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemster.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsterie.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsteruk.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jobsearch.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_reun.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtones.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-548964.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesmenu.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesMenu.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\hb_ie_menu.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_games_icon.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_video.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\more.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\new_games.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\sales_buttons.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\1\weathericon.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans.idx C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans1.dat C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\cursors.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz1.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz10.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz11.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz12.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz13.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz14.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz15.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz16.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz17.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz18.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz19.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz2.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz20.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz3.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz4.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz5.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz6.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz7.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz8.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz9.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemster.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsterie.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsteruk.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jobsearch.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_reun.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtones.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesmenu.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesMenu.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\hb_ie_menu.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_games_icon.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_video.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\more.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\new_games.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\sales_buttons.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\2\weathericon.res C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip C:\Documents and Settings\katia\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip C:\Documents and Settings\katia\Application Data\Hotbar_Icons C:\Documents and Settings\katia\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico C:\Documents and Settings\katia\Application Data\Hotbar_Icons\Registryrepair.ico C:\Documents and Settings\katia\Application Data\Hotbar_Icons\wallpapere1.ico C:\Documents and Settings\katia\Application Data\MessengerSkinner C:\Documents and Settings\katia\Application Data\MessengerSkinner\Userdata\languages_v2.xml C:\Documents and Settings\katia\Application Data\MessengerSkinner\Userdata\pack1.cab C:\Documents and Settings\katia\Application Data\ShoppingReport C:\Documents and Settings\katia\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\katia\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\katia\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\katia\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\katia\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\katia\Application Data\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\katia\Application Data\ShoppingReport\cs\res1\WhiteList.dbs C:\Documents and Settings\katia\Bureau\Free PC Wallpapers.lnk C:\Documents and Settings\katia\Bureau\internetgamebox.lnk C:\Documents and Settings\katia\Menu Démarrer\Programmes\InternetGameBox C:\Documents and Settings\katia\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk C:\Documents and Settings\katia\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk C:\Documents and Settings\katia\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk C:\Documents and Settings\katia\Menu Démarrer\Programmes\InternetGameBox\Privacy Policy.lnk C:\Documents and Settings\katia\Menu Démarrer\Programmes\InternetGameBox\Terms and conditions.lnk C:\Documents and Settings\katia\Menu Démarrer\Programmes\InternetGameBox\Website.lnk C:\Documents and Settings\katia\Menu Démarrer\Programmes\MessengerSkinner C:\Program Files\Hotbar C:\Program Files\Hotbar\bin\10.0.412.0\arrow.ico C:\Program Files\Hotbar\bin\10.0.412.0\Cml.exe C:\Program Files\Hotbar\bin\10.0.412.0\copyright.txt C:\Program Files\Hotbar\bin\10.0.412.0\CoreSrv.dll C:\Program Files\Hotbar\bin\10.0.412.0\firefox\extensions\components\npclntax.xpt C:\Program Files\Hotbar\bin\10.0.412.0\firefox\extensions\install.rdf C:\Program Files\Hotbar\bin\10.0.412.0\firefox\extensions\plugins\npclntax_HotbarSA.dll C:\Program Files\Hotbar\bin\10.0.412.0\HostIE.dll C:\Program Files\Hotbar\bin\10.0.412.0\HostOE.dll C:\Program Files\Hotbar\bin\10.0.412.0\HostOL.dll C:\Program Files\Hotbar\bin\10.0.412.0\HotbarSA.exe C:\Program Files\Hotbar\bin\10.0.412.0\HotbarSAAX.dll C:\Program Files\Hotbar\bin\10.0.412.0\HotbarSADF.exe C:\Program Files\Hotbar\bin\10.0.412.0\HotbarSAHook.dll C:\Program Files\Hotbar\bin\10.0.412.0\HotbarUnInstaller.exe C:\Program Files\Hotbar\bin\10.0.412.0\InstIE.dll C:\Program Files\Hotbar\bin\10.0.412.0\link.ico C:\Program Files\Hotbar\bin\10.0.412.0\OEAddOn.exe C:\Program Files\Hotbar\bin\10.0.412.0\Srv.exe C:\Program Files\Hotbar\bin\10.0.412.0\Toolbar.dll C:\Program Files\Hotbar\bin\10.0.412.0\Wallpaper.dll C:\Program Files\Hotbar\bin\10.0.412.0\Weather.exe C:\Program Files\Hotbar\bin\10.0.412.0\WeSkin.dll C:\Program Files\internetgamebox C:\Program Files\internetgamebox\Conditions générales.url C:\Program Files\internetgamebox\Confidentialité.url C:\Program Files\internetgamebox\InternetGameBox.exe C:\Program Files\internetgamebox\InternetGameBox.url C:\Program Files\internetgamebox\language C:\Program Files\internetgamebox\Privacy Policy.url C:\Program Files\internetgamebox\ressources\AttenteOff.html C:\Program Files\internetgamebox\ressources\AttenteOn.html C:\Program Files\internetgamebox\ressources\configv2_en.xml C:\Program Files\internetgamebox\ressources\configv2_es.xml C:\Program Files\internetgamebox\ressources\configv2_fr.xml C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf C:\Program Files\internetgamebox\skins\skinv2.skn C:\Program Files\internetgamebox\Terms and conditions.url C:\Program Files\internetgamebox\uninst.exe C:\Program Files\internetgamebox\Website.url C:\Program Files\messengerskinner C:\Program Files\messengerskinner\Conditions générales.url C:\Program Files\messengerskinner\Confidentialité.url C:\Program Files\messengerskinner\download\defaultPack.cab C:\Program Files\messengerskinner\MessengerSkinner.exe C:\Program Files\messengerskinner\MessengerSkinnerDll.dll C:\Program Files\messengerskinner\resources\appconfig.xml C:\Program Files\messengerskinner\resources\btn.rgn C:\Program Files\messengerskinner\resources\btnBnr.rgn C:\Program Files\messengerskinner\resources\btnIn.rgn C:\Program Files\messengerskinner\resources\btnInNormal.bmp C:\Program Files\messengerskinner\resources\btnInOver.bmp C:\Program Files\messengerskinner\resources\btnNormal.bmp C:\Program Files\messengerskinner\resources\btnNormal.gif C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp C:\Program Files\messengerskinner\resources\btnNormalBnr.gif C:\Program Files\messengerskinner\resources\btnOver.bmp C:\Program Files\messengerskinner\resources\btnOver.gif C:\Program Files\messengerskinner\resources\btnOverBnr.bmp C:\Program Files\messengerskinner\resources\btnOverBnr.gif C:\Program Files\messengerskinner\resources\languages_v2.xml C:\Program Files\messengerskinner\uninst.exe C:\Program Files\messengerskinner\Website.url C:\Program Files\montorgueil C:\Program Files\montorgueil\14.06268 C:\Program Files\montorgueil\N05DFRH6Z-FA0fJl4ABZ-EA.AM7IAMZ\n05dfrh6z-fa0fjl4abz-ea.am7iamz.ico C:\Program Files\seekmo C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll C:\Program Files\ShoppingReport\Uninst.exe C:\WINDOWS\cookies.ini C:\WINDOWS\pack.epk c:\WINDOWS\system32\nleagiwus.dat C:\WINDOWS\system32\nleagiwus.exe C:\WINDOWS\system32\nleagiwus_nav.dat c:\WINDOWS\system32\nleagiwus_navps.dat C:\WINDOWS\system32\nvs2.inf . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))))))) . 2008-01-15 15:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-14 14:41 . 2008-01-14 14:41 <REP> d-------- C:\Documents and Settings\katia\Application Data\WeatherDPA 2008-01-14 14:41 . 2008-01-14 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 2008-01-12 18:31 . 2008-01-12 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-11 16:44 . 2008-01-11 16:44 <REP> d-------- C:\VundoFix Backups 2008-01-11 16:21 . 2006-03-24 08:54 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-01-11 16:21 . 2006-03-23 18:57 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-01-11 16:21 . 2006-03-23 18:57 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-01-11 16:21 . 2008-01-11 16:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-01-11 16:21 . 2006-03-24 12:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-01-11 16:21 . 2004-11-29 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-01-11 16:21 . 2007-12-12 18:05 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-01-11 16:21 . 2006-03-31 10:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-01-11 16:21 . 2006-03-24 09:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI 2008-01-11 16:21 . 2007-12-12 17:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead 2008-01-05 12:51 . 2008-01-05 12:51 291,328 --a------ C:\WINDOWS\system32\rvxrpckb.exe 2008-01-05 12:14 . 2008-01-05 12:47 309,248 --a------ C:\WINDOWS\system32\rvpwovvek.exe 2008-01-05 09:13 . 2008-01-05 09:13 301,056 --a------ C:\WINDOWS\system32\vbhzfi.exe 2008-01-04 18:10 . 2008-01-05 19:19 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-01-04 17:44 . 2008-01-04 17:44 312,320 --a------ C:\WINDOWS\system32\dowxermh.exe 2008-01-01 17:28 . 2008-01-01 17:28 279,552 --a------ C:\WINDOWS\system32\uldmiby.exe 2007-12-30 19:05 . 2007-12-30 21:02 298,496 --a------ C:\WINDOWS\system32\telsovyuvm.exe 2007-12-30 16:03 . 2007-12-30 16:03 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-30 15:48 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-28 16:12 . 2007-12-28 16:12 302,592 --a------ C:\WINDOWS\system32\bjtgjem.exe 2007-12-28 09:28 . 2007-12-28 09:28 300,544 --a------ C:\WINDOWS\system32\dneirk.exe 2007-12-24 18:23 . 2007-12-25 17:41 312,832 --a------ C:\WINDOWS\system32\yzguruhcoh.exe 2007-12-23 09:49 . 2007-12-23 22:19 310,272 --a------ C:\WINDOWS\system32\bgygnh.exe 2007-12-22 20:53 . 2007-12-22 20:53 <REP> d--h----- C:\WINDOWS\PIF 2007-12-21 13:33 . 2007-12-21 13:33 282,112 --a------ C:\WINDOWS\system32\kpzbinjxya.exe 2007-12-19 09:52 . 2007-12-19 09:52 300,032 --a------ C:\WINDOWS\system32\gxqlexh.exe 2007-12-18 17:27 . 2007-12-18 17:27 290,304 --a------ C:\WINDOWS\system32\dzxvyufc.exe 2007-12-18 14:02 . 2007-12-18 14:02 305,152 --a------ C:\WINDOWS\system32\yeycmbz.exe 2007-12-18 13:47 . 2007-12-18 13:47 295,424 --a------ C:\WINDOWS\system32\jdprpjuzd.exe 2007-12-15 18:27 . 2007-12-15 18:27 304,128 --a------ C:\WINDOWS\system32\wcfumxnmq.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-15 08:23 --------- d-----w C:\Documents and Settings\katia\Application Data\AVG7 2008-01-14 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-13 19:40 --------- d-----w C:\Program Files\eMule 2008-01-05 17:58 94,208 ----a-w C:\WINDOWS\DUMP6bba.tmp 2007-12-30 14:48 --------- d-----w C:\Program Files\Ahead 2007-12-22 20:22 --------- d-----w C:\Documents and Settings\katia\Application Data\aMule 2007-12-13 21:50 300,544 ----a-w C:\WINDOWS\system32\uqpjdlpgmq.exe 2007-12-13 08:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-12-13 05:11 295,936 ----a-w C:\WINDOWS\system32\qujnbic.exe 2007-12-13 02:13 297,472 ----a-w C:\WINDOWS\system32\shmiyg.exe 2007-12-12 20:11 --------- d-----w C:\Documents and Settings\katia\Application Data\dvdcss 2007-12-12 20:09 --------- d-----w C:\Documents and Settings\katia\Application Data\AdobeUM 2007-12-12 19:57 --------- d-----w C:\Documents and Settings\katia\Application Data\MSNInstaller 2007-12-12 19:56 --------- d-----w C:\Documents and Settings\katia\Application Data\Media Player Classic 2007-12-12 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic 2007-12-12 16:59 --------- d-----w C:\Documents and Settings\katia\Application Data\McAfee.com Personal Firewall 2007-12-12 16:58 --------- d-----w C:\Documents and Settings\katia\Application Data\Template 2007-12-12 10:56 --------- d-----w C:\Documents and Settings\katia\Application Data\vlc 2007-12-12 08:21 297,984 ----a-w C:\WINDOWS\system32\eyrdejsrqa.exe 2007-12-11 09:31 295,424 ----a-w C:\WINDOWS\system32\yhfxkf.exe 2007-12-10 19:52 --------- d-----w C:\Program Files\Windows Live Safety Center 2007-12-10 12:44 301,568 ----a-w C:\WINDOWS\system32\vitfykxfz.exe 2007-12-09 09:38 295,424 ----a-w C:\WINDOWS\system32\lttbau.exe 2007-12-08 14:13 281,088 ----a-w C:\WINDOWS\system32\tmhwuxsh.exe 2007-12-08 14:05 280,064 ----a-w C:\WINDOWS\system32\rujoikfvvp.exe 2007-12-08 13:46 305,664 ----a-w C:\WINDOWS\system32\wybkdjilns.exe 2007-12-08 13:21 313,856 ----a-w C:\WINDOWS\system32\jnuervrt.exe 2007-12-08 13:11 310,272 ----a-w C:\WINDOWS\system32\jypyhir.exe 2007-12-08 12:49 287,744 ----a-w C:\WINDOWS\system32\nmbspkm.exe 2007-12-08 12:36 310,784 ----a-w C:\WINDOWS\system32\ubknen.exe 2007-12-08 12:30 294,912 ----a-w C:\WINDOWS\system32\ulrnzmi.exe 2007-12-08 10:22 297,984 ----a-w C:\WINDOWS\system32\wswesdnoj.exe 2007-12-08 08:39 297,472 ----a-w C:\WINDOWS\system32\rptyiqr.exe 2007-12-07 13:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-07 12:52 296,960 ----a-w C:\WINDOWS\system32\uokvumydc.exe 2007-12-07 08:52 285,184 ----a-w C:\WINDOWS\system32\dbiumqkizu.exe 2007-12-06 07:54 292,352 ----a-w C:\WINDOWS\system32\sgebfbwoq.exe 2007-12-06 05:08 289,280 ----a-w C:\WINDOWS\system32\udyxbboicv.exe 2007-12-05 20:17 305,152 ----a-w C:\WINDOWS\system32\tozfvsrlv.exe 2007-12-05 04:09 275,456 ----a-w C:\WINDOWS\system32\vnrwmy.exe 2007-12-04 19:41 291,328 ----a-w C:\WINDOWS\system32\hzoxysoce.exe 2007-12-04 18:11 294,400 ----a-w C:\WINDOWS\system32\avjimca.exe 2007-12-04 18:11 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-04 17:42 --------- d-----w C:\Program Files\Neuf 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2007-09-10 17:37 6,440 --sh--w C:\WINDOWS\system32\bbeeg.bak1 2007-09-13 19:51 6,440 --sh--w C:\WINDOWS\system32\rtstv.bak1 2007-09-24 08:32 6,711 --sh--w C:\WINDOWS\system32\stvwa.bak1 2007-09-25 08:32 6,587 --sh--w C:\WINDOWS\system32\stvwa.bak2 . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{273953C9-2E4A-42A0-9857-D8B5F8CBAB08}] C:\WINDOWS\system32\vtutt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b5ff85d-b6c4-4bd2-8223-f23756ccd317}] C:\WINDOWS\system32\kshptdcv.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "farstone"="" [] "RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-21 16:39 114688] "SoundMan"="SOUNDMAN.EXE" [2006-03-24 09:11 90112 C:\WINDOWS\soundman.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:27 579072] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "6401fefc"="C:\WINDOWS\system32\pdclkudn.dll" [ ] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-04 19:34 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvts] C:\WINDOWS\system32\awvts.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvwvv] cbxvwvv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccyvw] fcccyvw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebb] C:\WINDOWS\system32\geebb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstr] C:\WINDOWS\system32\vtstr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutt] C:\WINDOWS\system32\vtutt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] C:\Program Files\Shareaza\Shareaza.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 16:39] R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 16:39] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-15 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-15 15:42:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-15 15:42:52 ComboFix-quarantined-files.txt 2008-01-15 14:42:50 . 2008-01-09 20:17:55 --- E O F --- je te souhaite bon courage pour toute cette lecture. encore merci de ton aide... cordialement

Re Gof, voici le rapport de Vundo : VundoFix V6.7.7 Checking Java version... Scan started at 16:44:01 11/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\fcccyvw.dll C:\WINDOWS\system32\ttutv.bak1 C:\WINDOWS\system32\ttutv.bak2 C:\WINDOWS\system32\ttutv.ini C:\WINDOWS\system32\vtutt.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ttutv.bak1 C:\WINDOWS\system32\ttutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttutv.bak2 C:\WINDOWS\system32\ttutv.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttutv.ini C:\WINDOWS\system32\ttutv.ini Has been deleted! Performing Repairs to the registry. Done! maintenant, celui de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:14:52, on 11/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\livecall.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\katia\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Seekmo /fleok=1D8A83A5C5E4127C9AAB6A2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.341.0\HostIE.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: (no name) - {273953C9-2E4A-42A0-9857-D8B5F8CBAB08} - C:\WINDOWS\system32\vtutt.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: {713dcc65-732f-3228-2db4-4c6bd58ff5b7} - {7b5ff85d-b6c4-4bd2-8223-f23756ccd317} - C:\WINDOWS\system32\kshptdcv.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe" O4 - HKLM\..\Run: [6401fefc] rundll32.exe "C:\WINDOWS\system32\pdclkudn.dll",sitypnow O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{20319A15-5058-43A6-83ED-18E81FD958EA}: NameServer = 192.168.1.1,192.168.1.10 O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: cbxvwvv - cbxvwvv.dll (file missing) O20 - Winlogon Notify: fcccyvw - fcccyvw.dll (file missing) O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll (file missing) O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll (file missing) O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7708 bytes bon courage pour la lecture... j'attends de tes nouvelles. merci beaucoup Cordialement

bonjour Gof, j'ai qq soucis pour faire le nettoyage car mon pc refuse de se mettre en mode sans échec ! A chaque fois que j'essaie, j'arrive à la configuration pour mettre en mode sans échec, je valide 2 fois entrée puis le pc charge mais reboote sur un redémarrage de l'ordi en mode normal. que doisje faire ??? voici le 1er rapport : BTFix 1.068 (par bibi26) - 11/01/2008 16:17:22 - Analyse Lancé depuis C:\Documents and Settings\katia\Bureau\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés - [Heuristique : Hotbar] C:\WINDOWS\system32\pealizdh.exe - [Heuristique : Hotbar] C:\WINDOWS\system32\smcjvpvv.exe - C:\Program Files\Seekmo - C:\Program Files\ShoppingReport - C:\Documents and Settings\katia\Application Data\ShoppingReport - C:\Documents and Settings\katia\Application Data\Seekmo - C:\Documents and Settings\All Users\Application Data\SeekmoSA - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 ---> Analyse terminée je ne peux t'en donner d'autre.. du moins celui du nettoyage. je fais le scan de vundo et je te postes les rapports

bonjour, je suis désespérée car mon pc s'éteint tout seul sans arret ...il rame ...parfois, les actions se gèlent sur mon bureau... voici un rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:43:25, on 05/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\katia\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Seekmo /fleok=1D8A83A5C5E4127C9AAB6A2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.341.0\HostIE.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: (no name) - {273953C9-2E4A-42A0-9857-D8B5F8CBAB08} - C:\WINDOWS\system32\vtutt.dll (file missing) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fcccyvw.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: {713dcc65-732f-3228-2db4-4c6bd58ff5b7} - {7b5ff85d-b6c4-4bd2-8223-f23756ccd317} - C:\WINDOWS\system32\kshptdcv.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [seekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe" O4 - HKLM\..\Run: [6401fefc] rundll32.exe "C:\WINDOWS\system32\pdclkudn.dll",sitypnow O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{20319A15-5058-43A6-83ED-18E81FD958EA}: NameServer = 192.168.1.1,192.168.1.10 O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing) O20 - Winlogon Notify: cbxvwvv - cbxvwvv.dll (file missing) O20 - Winlogon Notify: fcccyvw - fcccyvw.dll (file missing) O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll (file missing) O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll (file missing) O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7670 bytes quelqu'un pourrait m'aider.. par ailleurs, mon pc s'éteint tout seul: la centrale s'éteint tte seule(électriquement) lorsque je veux rallumer mon pc, il tourne en boucle puis s'éteint.dès fois, j'arrive à l'allumer comme en ce moment puisque j'arrive à vous écrire. please, je compte sur vous merci d'avance