Kinarach

Bonjour à tous, Voilà, je vous explique. J aimerais mettre sur DVD plusieurs épisodes de l' émission "C' est pas sorcier". J ai déjà essayé avec Nero Express. Ca marche, je peux mettre plus ou moins 12 épisodes sur le même DVD. Le soucis est que lorsque je mets ce-dit DVD dans mon lecteur de salon, celui ci lit certains épisodes correctement mais ne voit pas certains autres (Apparaît alors dans mon menu lecteur de salon un point d interrogation devant quelques épisodes au lieu du sigle windows). J'ai donc par la suite essayé avec Nero Vision Express mais j' ai découvert que sur mon même DVD ne pouvaient être gravés seulement 4 épisodes (Seulement 4 épisodes d environ 350mb sur 4.7G???). Auriez vous une suggestion à me faire pour que je puisse graver autant d épisodes qu avec Nero Express et qu ils soient tous lisibles par mon lecteur de salon? D'avance merci et bonne aprés midi. A.

Mille et un merci pour ton aide et ton soutien... Je vais m appliquer à suivre tes conseils et ceux des tutos dont tu m as donné les liens... Bonne continuation! Et encore merci... Bisous. Aurélie

J ai déjà l impression que le PC tourne mieux!!! Cool...

Bonjour, bonjour... -->- Recherche: C:\Qoobox: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\Mme legall\Bureau\HijackThis.lnk: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\Mme legall\Bureau\HijackThis.lnk: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Qoobox: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Point de restauration crée ! Corbeille vidée! Fichiers temporaires nettoyés ! Sauvegarde du registre crée !

StartupList report, 21/03/2008, 01:32:33 StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16608) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Mme legall\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime LogitechCommunicationsManager = "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide avgnt = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] * StubPath = C:\WINDOWS\system32\ieudinit.exe [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job Norton Security Scan.job -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll CODEBASE = http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://download.microsoft.com/download/4/d...heckControl.cab [MSN Photo Upload Tool] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll CODEBASE = http://titebullamoi.spaces.live.com//Photo...ad/MsnPUpld.cab [solitaire Showdown Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\SolitaireShowdown.dll CODEBASE = http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://www.update.microsoft.com/microsoftu...b?1192264014062 [image Uploader Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx CODEBASE = http://copainsdavant.linternaute.com/html_...geUploader4.cab [Windows Live Photo Upload Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll CODEBASE = http://titebullamoi.spaces.live.com/PhotoUpload/MsnPUpld.cab [HardwareDetection Control] InProcServer32 = C:\PROGRA~1\HARDWA~1\IE\HARDWA~1.OCX CODEBASE = http://www.touslesdrivers.com/fichiers/har...on.cab?version= [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab [MessengerStatsClient Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab [solitaire Showdown Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll CODEBASE = http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) Ad-Watch Connect Kernel Filter: \??\C:\WINDOWS\system32\drivers\NSDriver.sys (manual start) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Pilote de processeur AMD K7: system32\DRIVERS\amdk7.sys (system) AntiVir PersonalEdition Classic Scheduler: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" (autostart) AntiVir PersonalEdition Classic Guard: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" (autostart) Apple Mobile Device: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) AVG Anti-Rootkit: System32\DRIVERS\avgarkt.sys (system) Avg Anti-Rootkit Clean Driver: System32\DRIVERS\AvgArCln.sys (system) avgio: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (system) avgntflt: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (manual start) avipbb: system32\DRIVERS\avipbb.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start) Bluetooth SCO Audio Service: system32\DRIVERS\BlueletSCOAudio.sys (manual start) BlueSoleil Hid Service: C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe (autostart) Service Bonjour: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart) Pont MAC: system32\DRIVERS\bridge.sys (manual start) Miniport de pont MAC: system32\DRIVERS\bridge.sys (manual start) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start) Bluetooth USB For Bluetooth Service: System32\Drivers\btcusb.sys (manual start) Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start) Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) driverhardwarev2: \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys (manual start) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet: system32\DRIVERS\fetnd5.sys (manual start) Pilote de lecteur de disquettes: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system) GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (disabled) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Service de l'iPod: "C:\Program Files\iPod\bin\iPodService.exe" (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Logitech AEC Driver: system32\DRIVERS\LVcKap.sys (manual start) LVCOMSer: "C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe" (autostart) Logitech Machine Vision Engine Loader: system32\DRIVERS\LVMVDrv.sys (manual start) Logitech LVPr2Mon Driver: system32\DRIVERS\LVPr2Mon.sys (manual start) Process Monitor: "C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe" (autostart) LVSrvLauncher: C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe (autostart) Logitech USB Monitor Filter: system32\drivers\LVUSBSta.sys (manual start) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) Navman In-car Navigator USB Driver Service: system32\DRIVERS\Navcar.sys (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (disabled) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) PCAMPR5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\PCAMPR5.SYS (manual start) PCANDIS5 Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start) Pilote de bus PCI: system32\DRIVERS\pci.sys (system) Logitech QuickCam Express(PID_0928): system32\DRIVERS\LV561AV.SYS (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: system32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) SAGEM 802.11g XG760 1211 Driver: system32\DRIVERS\WlanUZXP.sys (manual start) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) Pilote de filtrage Sony USB (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start) Sunbelt Personal Firewall 4: "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" (autostart) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) ssmdrv: system32\DRIVERS\ssmdrv.sys (system) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{B6BE1FC6-2E0D-4B85-A1A0-2DC094B45BDA} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Filtre AGP version 3.5 Microsoft: system32\DRIVERS\uagp35.sys (system) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start) Service Messenger Sharing Folders USN Journal Reader: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start) Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start) Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) viagfx: system32\DRIVERS\vtmini.sys (manual start) ViaIde: system32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Service Partage réseau du Lecteur Windows Media: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start) Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start) Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) ZDCndis5 Protocol Driver: \??\C:\WINDOWS\system32\ZDCndis5.SYS (manual start) ZDPSp50 NDIS Protocol Driver: System32\Drivers\ZDPSp50.sys (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 39 352 bytes Report generated in 0,156 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

Bien bien bien... A la commande services.msc, n apparit pas true vector dans la liste. En ce qui concerne la version de Windows. Ce qui est sur, c est qu elle était valide puisque fournie avec l ordinateur. Par contre suite à un soucis de disque dur (Surchauffe), j ai emmené ma tour à réparer. Tout à du être réinstallé. J'espère donc que ce qui a été remis est conforme. Je vais donc essayer de prendre contact avec le réparateur en question pour savoir ce qu il en est mais habitant maintenant en Espagne, ça ne facilite pas les choses!! ... A.

Une autre chose qui m inquiète, pourquoi est ce que ma version de Windows ne semble pas valide?

Réponse à la commande; Le service spécifié n existe pas en tant que service installé Et toujours le même message à propos de true vector quand je lance l install de Zone Alarm... Et, il me semblait bien l avoir déjà supprimé de toute façon...

Non, toujours pas. Ai déconncté, débranché physiquement mais tjrs ce message à propose de TrueVector.

Pardon, je n avais pas bien suivi tes instructions... Je retente...

Bon, ai lancé le téléchargement de Zone alarm. Je n arrive pas à l installer; Voilà le message: Le programme d install. ne peut pas fermer le service truevector. Fermez le service Truevector pour poursuivre l installation. ...

Je viens de configurer antivir et lancer un scan complet. Nombre de détections; 12. Mis en quarantaine. Je te joins le rapport. AntiVir PersonalEdition Classic Report file date: jeudi 20 mars 2008 17:32 Scanning for 1160082 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: UNICORNI-373E20 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:20:03 ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 16:20:03 ANTIVIR3.VDF : 7.0.3.61 328192 Bytes 20/03/2008 16:20:03 AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 20/03/2008 16:20:04 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 20/03/2008 16:20:04 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: jeudi 20 mars 2008 17:32 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'WgaTray.exe' - '1' Module(s) have been scanned Scan process 'Quickcam.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'BTNtService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 34 processes with 34 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '27' files ). Starting the file scan: Begin scan in 'C:\' C:\catchme2008-03-20_131236,99.zip [0] Archive type: ZIP --> srosa.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen --> wintems.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B --> mdelk.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B --> hldrrr.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.IJ.35 [iNFO] The file was moved to '48569229.qua'! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Mme legall\Bureau\Kinarach.exe [0] Archive type: RAR SFX (self extracting) --> 327882R2FWJFW\psexec.cfexe [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 --> 327882R2FWJFW\pv.cfexe [DETECTION] Contains detection pattern of the SPR/Tool.PV program [iNFO] The file was moved to '48509296.qua'! C:\Program Files\VirtualDJ\vdj.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '484c98e2.qua'! C:\QooBox\Quarantine\C\WINDOWS\svcpool.dll.vir [DETECTION] Is the Trojan horse TR/Spy.Gen [iNFO] The file was moved to '48459927.qua'! C:\System Volume Information\_restore{A51891B6-3DF0-49E6-B006-A26660803DFF}\RP2\A0000125.exe [0] Archive type: RAR SFX (self extracting) --> 327882R2FWJFW\psexec.cfexe [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 --> 327882R2FWJFW\pv.cfexe [DETECTION] Contains detection pattern of the SPR/Tool.PV program [iNFO] The file was moved to '481298ee.qua'! C:\System Volume Information\_restore{A51891B6-3DF0-49E6-B006-A26660803DFF}\RP2\A0000126.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '481298f5.qua'! C:\WINDOWS\system32\qfsjlcrqs.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '48559a8f.qua'! Begin scan in 'E:\' <LACIE> End of the scan: jeudi 20 mars 2008 18:18 Used time: 45:21 min The scan has been done completely. 7549 Scanning directories 202216 Files were scanned 12 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 7 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 202204 Files not concerned 1084 Archives were scanned 1 Warnings 7 Notes

C est cool... Le rapport Kaspersky m inquiétait un peu je dois l avouer... Si tu dis que c est bon, ça me rassure. J aurais quelques autres conseils à te demander... Quels logiciels de sécurité me conseilles tu? Qu en est t il de Hijackthis? Avast Virus cleaner? Windows defender? Zone alarm 6? Regcleaner? Ccleaner? Malwarebytes ' Antimalware? Avg antivirus, Antivir? Avast est t il fiable? Je ne sais que choisir... Et; Qd à la suite d un scan de mon antivirus, il m est proposé de supprimer le fichier infecté, de le réparer ou de le mettre en quarantaine, qu elle est la meilleure des options? Qu en est t il pour la notification Windows Guenuine Advantage? J attends la suite de tes directives. Milles mercis... Aurélie

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, March 20, 2008 2:55:56 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 20/03/2008 Kaspersky Anti-Virus database records: 644561 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 79529 Number of viruses found: 5 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 00:58:23 Infected Object Name / Virus Name / Last Action C:\catchme2008-03-20_131236,99.zip/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.lm skipped C:\catchme2008-03-20_131236,99.zip/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\catchme2008-03-20_131236,99.zip/mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\catchme2008-03-20_131236,99.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped C:\catchme2008-03-20_131236,99.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mme legall\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Mme legall\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Mme legall\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Mme legall\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mme legall\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mme legall\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Mme legall\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\svcpool.dll.vir Infected: Trojan.Win32.Delf.bdc skipped C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped C:\QooBox\Quarantine\Registry_backups\Service_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{A51891B6-3DF0-49E6-B006-A26660803DFF}\RP1\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{D1694E36-F382-4C89-8D71-FC3CEA94960E}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Affichage au démarrage: Windows Guenuine Advantage Vous êtes peut être victime d un logiciel piraté, cette copie de Windows n a pas pu être validée. Je lance Kaspersky...

ComboFix 08-03-18.1 - Mme legall 2008-03-20 13:12:43.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.228 [GMT 1:00] Endroit: C:\Documents and Settings\Mme legall\Bureau\Kinarach.exe Command switches used :: C:\Documents and Settings\Mme legall\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\gbiehbsb.dll C:\WINDOWS\svchost C:\WINDOWS\svcpool.dll C:\WINDOWS\system\lkjsoiq C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\wintems.exe . TimedOut: Windir.dat TimedOut: progfile.dat (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\_tmp C:\WINDOWS\svchost C:\WINDOWS\svcpool.dll C:\WINDOWS\system\lkjsoiq . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA -------\Service_srosa ((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))))))) . 2008-03-20 00:08 . 2008-03-20 00:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-20 00:08 . 2008-03-20 00:08 <REP> d-------- C:\Documents and Settings\Mme legall\Application Data\Malwarebytes 2008-03-20 00:08 . 2008-03-20 00:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-19 17:10 . 2008-03-19 17:10 782,412 --a------ C:\catchme2008-03-20_131236,99.zip 2008-03-19 01:09 . 2008-03-19 01:09 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-19 01:09 . 2008-03-19 01:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-17 23:49 . 2008-03-17 23:50 <REP> d-------- C:\WINDOWS\system32\NtmsData 2008-03-17 23:23 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-17 23:23 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-17 23:23 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-03-17 23:23 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-17 23:23 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-17 23:23 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-17 23:23 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-17 23:23 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-17 22:22 . 2008-03-17 22:22 <REP> d-------- C:\Program Files\pebuilder3110a 2008-03-17 21:36 . 2008-03-17 21:36 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-03-17 21:36 . 2008-03-17 21:36 <REP> d-------- C:\Program Files\Zone Labs 2008-03-17 21:36 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-03-17 21:36 . 2008-03-17 21:36 353,072 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-03-17 21:35 . 2008-03-17 21:36 <REP> d-------- C:\WINDOWS\Internet Logs 2008-03-17 21:27 . 2008-03-17 21:27 <REP> d-------- C:\Program Files\Windows Defender 2008-03-17 21:26 . 2008-03-17 21:26 <REP> d-------- C:\Program Files\Trend Micro 2008-03-17 11:13 . 2008-03-17 11:13 <REP> d-------- C:\Program Files\Alwil Software 2008-03-16 13:56 . 2007-01-23 21:00 <REP> d--h----- C:\Documents and Settings\Mme Legall_2\Voisinage r‚seau 2008-03-16 13:56 . 2007-01-23 21:00 <REP> d--h----- C:\Documents and Settings\Mme Legall_2\Voisinage d'impression 2008-03-16 13:56 . 2007-01-23 20:05 <REP> d--h----- C:\Documents and Settings\Mme Legall_2\ModŠles 2008-03-16 13:56 . 2008-03-16 13:58 <REP> dr------- C:\Documents and Settings\Mme Legall_2\Mes documents 2008-03-16 13:56 . 2007-01-23 21:00 <REP> dr------- C:\Documents and Settings\Mme Legall_2\Menu D‚marrer 2008-03-16 13:56 . 2008-03-16 13:57 <REP> dr------- C:\Documents and Settings\Mme Legall_2\Favoris 2008-03-16 13:56 . 2008-03-18 09:26 <REP> d-------- C:\Documents and Settings\Mme Legall_2\Bureau 2008-03-16 09:57 . 2008-03-16 20:47 <REP> d-------- C:\temp 2008-03-14 22:57 . 2008-03-14 23:02 <REP> d-------- C:\Program Files\Opera 2008-03-13 03:02 . 2008-03-13 03:02 1,276 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-09 18:36 . 2008-03-16 13:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-09 18:36 . 2008-03-09 18:36 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-09 18:35 . 2008-03-09 18:35 <REP> d-------- C:\Documents and Settings\Mme legall\Application Data\Apple Computer 2008-03-09 18:34 . 2008-03-09 18:35 <REP> d-------- C:\Program Files\iTunes 2008-03-09 18:34 . 2008-03-09 18:34 <REP> d-------- C:\Program Files\iPod 2008-03-09 18:33 . 2008-03-09 18:33 <REP> d-------- C:\Program Files\Bonjour 2008-03-09 18:30 . 2008-03-09 18:33 <REP> d-------- C:\Program Files\QuickTime 2008-03-09 18:30 . 2008-03-09 18:30 <REP> d-------- C:\Program Files\Apple Software Update 2008-03-09 18:30 . 2008-03-09 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-09 18:29 . 2008-03-09 18:29 <REP> d-------- C:\Program Files\Fichiers communs\Apple 2008-03-09 18:29 . 2008-03-09 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-06 18:44 . 2008-03-06 18:44 <REP> d-------- C:\Program Files\Tumblebugs 2008-03-06 15:37 . 2008-03-06 15:37 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-03-06 15:36 . 2008-03-13 21:33 <REP> d-------- C:\Documents and Settings\Mme legall\Application Data\Wildfire 2008-03-06 15:35 . 2008-03-06 15:35 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-03-06 13:15 . 2008-03-06 13:15 <REP> d-------- C:\Documents and Settings\Mme legall\Application Data\Absolutist.com 2008-03-06 13:06 . 2008-03-06 13:06 <REP> d-------- C:\idex 2008-03-06 12:48 . 2008-03-06 12:48 121 --a------ C:\WINDOWS\projRecent.lst 2008-03-06 12:47 . 2008-03-06 12:47 <REP> d-------- C:\WINDOWS\prefTransLM20 2008-03-06 12:47 . 2008-03-06 12:47 <REP> d-------- C:\WINDOWS\PrefsLM01 2008-03-05 22:22 . 2008-03-05 22:22 <REP> d-------- C:\Program Files\Windows Resource Kits 2008-03-05 10:27 . 2008-03-05 10:27 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-02-29 16:12 . 2008-03-17 20:59 <REP> d-------- C:\WINDOWS\Downloaded Installations . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-17 20:06 --------- d-----w C:\Program Files\VirtualDJ 2008-03-17 19:55 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-17 09:22 --------- d-----w C:\Program Files\Norton Security Scan 2008-03-16 12:50 --------- d-----w C:\Documents and Settings\Mme legall\Application Data\MSN Pictures Displayer 2008-02-29 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 17:08 --------- d-----w C:\Program Files\Winamp 2008-02-04 13:32 --------- d-----w C:\Program Files\Navman 2008-02-04 13:32 --------- d-----w C:\Documents and Settings\Mme legall\Application Data\InstallShield 2008-01-29 18:34 --------- d-----w C:\Program Files\PFConfig 2008-01-29 10:48 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-01-29 10:48 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-01-28 21:01 --------- d-----w C:\Program Files\Fichiers communs\logishrd 2008-01-23 12:05 --------- d-----w C:\Program Files\Logitech 2008-01-23 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2008-01-23 10:31 --------- d-----w C:\Program Files\MSN Pictures Displayer 2008-01-21 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-01-21 11:58 --------- d-----w C:\Program Files\Sitecom 2007-11-24 17:59 16,368 ----a-w C:\Documents and Settings\Mme legall\Application Data\GDIPFONTCACHEV1.DAT . ------- Sigcheck ------- 2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2007-10-04 08:56 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-01-29 11:48 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-01-29 11:48 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-19 17:09 79224] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk] backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mme legall^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk] backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Vertrix 2\\Vertrix2.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"= "E:\\eMule\\EMULE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 13:48] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-05-12 15:24] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-17 11:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-14 18:47:34 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-20 13:17:23 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-20 13:19:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-20 12:19:35 . 2008-03-14 22:19:51 --- E O F --- Et je continue...

Voili Voilou, un peu de lecture... Deckard's System Scanner v20071014.68 Run by Mme legall on 2008-03-20 12:09:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 8: 2008-03-20 11:09:47 UTC - RP8 - Deckard's System Scanner Restore Point 7: 2008-03-19 11:53:27 UTC - RP7 - ComboFix created restore point 6: 2008-03-19 11:15:40 UTC - RP6 - Point de vérification système 5: 2008-03-18 08:27:34 UTC - RP5 - Installed AVG 7.5 4: 2008-03-17 20:27:38 UTC - RP4 - Installed Windows Defender -- First Restore Point -- 1: 2008-03-16 11:55:33 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. Total Physical Memory: 448 MiB (512 MiB recommended). -- HijackThis (run as Mme legall.exe) ------------------------------------------ Unable to run HijackThis; Path: C:\PROGRA~1\TRENDM~1\HIJACK~1\Mme legall.exe -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-03-20 12:11:18 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\logishrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\Mme legall\Bureau\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titebullamoi.spaces.live.com//Photo...ad/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192264014062 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader4.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://titebullamoi.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\logishrd\SrvLnch\SrvLnch.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 8226 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©> R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver> R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver> R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> S0 AVG Anti-Rootkit - c:\windows\system32\drivers\avgarkt.sys (file missing) S1 AvgArCln (Avg Anti-Rootkit Clean Driver) - c:\windows\system32\drivers\avgarcln.sys (file missing) S1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys (file missing) S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing) S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> S3 driverhardwarev2 - c:\program files\hardwaredetection\driverhardwarev2.sys S3 Navcar (Navman In-car Navigator USB Driver Service) - c:\windows\system32\drivers\navcar.sys <Not Verified; NAVMAN; In-car Navigator USB Driver> S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing) S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing) S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 BlueSoleil Hid Service - c:\program files\sitecom\ivt bluesoleil\btntservice.exe R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318} Description: Contrôleur de lecteur de disquettes standard Device ID: ACPI\PNP0700\3&61AAA01&0 Manufacturer: (Contrôleurs de lecteur de disquettes standard) Name: Contrôleur de lecteur de disquettes standard PNP Device ID: ACPI\PNP0700\3&61AAA01&0 Service: fdc Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Bluetooth PAN Network Adapter Device ID: ROOT\NET\0000 Manufacturer: IVT Corporation Name: Bluetooth PAN Network Adapter PNP Device ID: ROOT\NET\0000 Service: BT -- Scheduled Tasks ------------------------------------------------------------- 2008-03-17 12:54:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-03-14 19:47:34 418 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job -- Files created between 2008-02-20 and 2008-03-20 ----------------------------- 2008-03-20 00:08:33 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Malwarebytes 2008-03-20 00:08:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-20 00:08:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-19 17:35:45 0 d-------- C:\Kinarach 2008-03-19 17:10:50 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec> 2008-03-19 12:57:59 6736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS <Not Verified; Sysinternals - www.sysinternals.com; Process Explorer> 2008-03-19 12:54:16 0 d-------- C:\cmdcons 2008-03-19 12:53:05 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-19 12:53:05 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-19 12:53:05 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-19 12:53:05 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-19 01:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-19 01:09:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-17 23:49:26 0 d-------- C:\WINDOWS\system32\NtmsData 2008-03-17 22:22:30 0 d-------- C:\Program Files\pebuilder3110a 2008-03-17 21:36:25 0 d-------- C:\WINDOWS\system32\ZoneLabs 2008-03-17 21:35:42 0 d-------- C:\WINDOWS\Internet Logs 2008-03-17 21:27:41 0 d-------- C:\Program Files\Windows Defender 2008-03-17 21:26:16 0 d-------- C:\Program Files\Trend Micro 2008-03-17 11:13:47 0 d-------- C:\Program Files\Alwil Software 2008-03-16 13:58:49 0 d-------- C:\Documents and Settings\Mme Legall_2\Application Data\Adobe 2008-03-16 13:56:25 0 d-------- C:\Documents and Settings\Mme Legall_2\Application Data\Identities 2008-03-16 13:56:08 0 d--h----- C:\Documents and Settings\Mme Legall_2\Voisinage réseau 2008-03-16 13:56:08 0 d--h----- C:\Documents and Settings\Mme Legall_2\Voisinage d'impression 2008-03-16 13:56:08 0 dr-h----- C:\Documents and Settings\Mme Legall_2\SendTo 2008-03-16 13:56:08 0 dr-h----- C:\Documents and Settings\Mme Legall_2\Recent 2008-03-16 13:56:08 1048576 --ah----- C:\Documents and Settings\Mme Legall_2\NTUSER.DAT 2008-03-16 13:56:08 0 d--h----- C:\Documents and Settings\Mme Legall_2\Modèles 2008-03-16 13:56:08 0 dr------- C:\Documents and Settings\Mme Legall_2\Mes documents 2008-03-16 13:56:08 0 dr------- C:\Documents and Settings\Mme Legall_2\Menu Démarrer 2008-03-16 13:56:08 0 d--h----- C:\Documents and Settings\Mme Legall_2\Local Settings 2008-03-16 13:56:08 0 dr------- C:\Documents and Settings\Mme Legall_2\Favoris 2008-03-16 13:56:08 0 d--hs---- C:\Documents and Settings\Mme Legall_2\Cookies 2008-03-16 13:56:08 0 d-------- C:\Documents and Settings\Mme Legall_2\Bureau 2008-03-16 13:56:08 0 dr-h----- C:\Documents and Settings\Mme Legall_2\Application Data 2008-03-16 13:56:08 0 d---s---- C:\Documents and Settings\Mme Legall_2\Application Data\Microsoft 2008-03-16 09:57:50 0 d-------- C:\temp 2008-03-14 22:58:08 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Opera 2008-03-14 22:57:58 0 d-------- C:\Program Files\Opera 2008-03-14 19:58:49 0 dr-h----- C:\Documents and Settings\Mme legall\Recent 2008-03-09 18:35:42 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Apple Computer 2008-03-09 18:34:53 0 d-------- C:\Program Files\iPod 2008-03-09 18:34:27 0 d-------- C:\Program Files\iTunes 2008-03-09 18:33:33 0 d-------- C:\Program Files\Bonjour 2008-03-09 18:30:53 0 d-------- C:\Program Files\QuickTime 2008-03-09 18:30:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-09 18:30:07 0 d-------- C:\Program Files\Apple Software Update 2008-03-09 18:29:23 0 d-------- C:\Program Files\Fichiers communs\Apple 2008-03-09 18:29:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-06 18:44:18 0 d-------- C:\Program Files\Tumblebugs 2008-03-06 15:37:00 4096 --a------ C:\WINDOWS\d3dx.dat 2008-03-06 15:36:41 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Wildfire 2008-03-06 15:35:47 0 d-------- C:\Program Files\ReflexiveArcade 2008-03-06 13:15:15 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Absolutist.com 2008-03-06 13:06:37 0 d-------- C:\idex 2008-03-06 12:47:50 0 d-------- C:\WINDOWS\prefTransLM20 2008-03-06 12:47:50 0 d-------- C:\WINDOWS\PrefsLM01 2008-03-05 22:22:24 0 d-------- C:\Program Files\Windows Resource Kits 2008-03-05 10:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-03-05 10:27:52 0 d-------- C:\Program Files\Fichiers communs\Adobe 2008-02-29 22:34:21 0 --a------ C:\WINDOWS\system\lkjsoiq 2008-02-29 16:12:28 0 d-------- C:\WINDOWS\Downloaded Installations 2008-02-26 13:36:16 0 d-------- C:\WINDOWS\_tmp 2008-02-26 13:35:40 121344 -----n--- C:\WINDOWS\svcpool.dll 2008-02-26 13:35:30 3392 --a------ C:\WINDOWS\svchost -- Find3M Report --------------------------------------------------------------- 2008-03-17 21:06:19 0 d-------- C:\Program Files\VirtualDJ 2008-03-17 20:55:22 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-03-17 10:22:56 0 d-------- C:\Program Files\Norton Security Scan 2008-03-16 13:50:29 0 d-------- C:\Documents and Settings\Mme legall\Application Data\MSN Pictures Displayer 2008-03-14 23:15:48 474316 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-14 23:15:48 77038 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-03-09 18:29:23 0 d-------- C:\Program Files\Fichiers communs 2008-03-05 10:37:40 0 d-------- C:\Documents and Settings\Mme legall\Application Data\Adobe 2008-02-29 16:14:34 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-02-21 18:08:04 0 d-------- C:\Program Files\Winamp 2008-02-04 14:32:50 0 d-------- C:\Program Files\Navman 2008-02-04 14:32:24 0 d-------- C:\Documents and Settings\Mme legall\Application Data\InstallShield 2008-01-29 19:34:34 0 d-------- C:\Program Files\PFConfig 2008-01-28 22:01:52 0 d-------- C:\Program Files\Fichiers communs\logishrd 2008-01-23 13:05:20 0 d-------- C:\Program Files\Logitech 2008-01-23 11:31:21 446976 --a------ C:\WINDOWS\system32\ShellMPD.dll 2008-01-23 11:31:21 0 d-------- C:\Program Files\MSN Pictures Displayer 2008-01-23 10:34:23 3652 --a------ C:\WINDOWS\desctemp.dat 2008-01-21 12:58:58 0 d-------- C:\Program Files\Sitecom -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "RegistryMechanic"="" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-19 17:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54] "drvsyskit"="C:\WINDOWS\system32\drivers\hldrrr.exe" [] "german.exe"="C:\WINDOWS\system32\wintems.exe" [] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "gbieh.1"=rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk] backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mme legall^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk] backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Program Files\Winamp\winampa.exe" -- Hosts ----------------------------------------------------------------------- 127.0.0.1 mpa.one.microsoft.com -- End of Deckard's System Scanner: finished at 2008-03-20 12:12:15 ------------

Reg export of SafeBoot key after repair: ======================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot] "AlternateShell"="cmd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] @="Net" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] @="NetClient" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] @="NetService" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] @="NetTrans" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" ======================== HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC

Affichage au redémarrage; Rundll32.exe Image incorrecte L applic. ou la dll C:\Windows\gbiehbsb.dll n est pas une image windows valide. Vérifier à l aide de votre disquette d install. ET; Erreur de chargement de C:\Windows\gbiehbsb.dll %1 n 'est pas une application Win32 valide ... Je continue avec la suite de la procédure...

Malwarebytes' Anti-Malware 1.08 Version de la base de données: 506 Type de recherche: Examen complet (C:\|E:\|F:\|G:\|H:\|I:\|) Eléments examinés: 119434 Temps écoulé: 45 minute(s), 16 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\gbiehbsb.dll (Spyware.Banker) -> Unloaded module successfully. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{fcaaac14-bc46-40ca-9cb2-cbb12c6739eb} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaaac14-bc46-40ca-9cb2-cbb12c6739eb} (Spyware.Banker) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\gbiehbsb.dll (Spyware.Banker) -> Delete on reboot.

Ok cool, merci!!!

Bonsoir Thanos, Désolée, il est tard... As tu reçu le dernier rapport que je t ai envoyé? Est ce encore possible de remettre mon PC sur pied? Parce que je n ai celui là (Un portable) comme remplacement et secours que très peu de temps. J attends de tes nouvelles. Aurélie

J avais lancé combifix, suis allée faire quelques courses et suis revenue il n en était qu à l étape 2...bloqué je crois. Voilà le rapport que tu me demandes; ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSEXESVC <SANS NOM> REG_SZ Service

Je n ai pas ce fichier!

Combofix 08-03-18.1 - Mme legall 2008-03-19 12:57:53.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.174 [GMT 1:00] Endroit: C:\Documents and Settings\Mme legall\Bureau\Kinarach.exe . The following files were disabled during the run: C:\WINDOWS\svcpool.dll A tout à l heure! Merci... A.