Glauck

Bjr, Pour IE7, le souci est que j'ai une version de XP non reconnue...(WGA), j'ai essayé de modifier la base de registre d'après les indications du site MS ms ça passe pas...Bof!!! pas grave. de tte façon j'ai l'impression que les pages s'ouvrent + vite avec firefox. pour les plantages, ce sont des fenêtres internet qui restent parfois affichées après fermeture. J'ai désinstallé et réinstallé VLC et ça va mieux. Je l'avais déjà fait et je pense que le pbl d'UC saturée devait être liée aux trojans . Faudrait peut-être que je controle les MAJ de mes pilotes. Cdt JLuc

Bjr Impossible d'intaller IE7, J'ai donc installé Mozilla comme moteur de recherche. J'ai également supprimé Logitech desktop messenger. Ceci dit, j'ai tjrs des plantages à l'affichage mais apparemment plus d'écrans bleus. Et toujours une saturation (UC 100%) avec VLC.. En tt cas mon ordi fonctionne nettement mieux grâce à toi.. Je fais d'ailleurs pas mal de promo pour le site auprès de mes relations en ce moment (saison des barbecues oblige ...) lol Merci pour ton aide Cdt JLuc

Bsr, Désolé pr le retard, ms j'ai du abandonner l'ordi pr ma femme ... (Je ne m'en plains pas...) Ceci dit, voici le rapport que tu m'as demandé, j'ai pu supprimer ts les fichiers sauf celui qui est dans c:/ recycler, le message me dit qu'il est occupé..?? en tt cas merci de ton aide. J'en profite pour faire de la promo auprès de certains de mes amis qui sont qque peu plus nuls que moi en informatique (molll !!) puisqu'ils font parfois appel à mes compétences... Cdt JLuc JavaRa 1.10 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jul 20 23:11:47 2008 Could not delete: C:\Program Files\Java\jre1.5.0_06 Found and removed: C:\Program Files\Java\jre1.5.0_09 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_09 Found and removed: Software\JavaSoft\Java2D\1.6.0_06 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_06 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaPlugin.150_09 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\JavaPlugin.160_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B06123E6D18D74FA6711404FCAC1B8 ------------------------------------ Finished reporting. JavaRa 1.10 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Jul 21 22:45:13 2008 Found and removed: C:\Program Files\Java\jre1.5.0_06 Could not delete: C:\Program Files\Java\jre1.6.0_06 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B06123E6D18D74FA6711404FCAC1B8 ------------------------------------ Finished reporting.

Bjr, Les écrans bleus étaient antérieurs mais il me semble qu'ils soient plus fréquents (3 à 4 fois par jour). Je sais que la chaleur peut avoir une incidence, j'ai donc dépoussiéré mon UC. par contre, je n'ai pas fait de MAj des pilotes notamment vidéo (intégré à la Carte mère), cependant comme j'ai le cd d'install, je peux tenter une réinstallation. De tte façon, avant de faire quoi que ce soit, j'attends tes conseils ce qui m'évitera le cas échéant de faire des conneries.... Cdt JLuc

Bjr, message d'erreur dernier écran bleu Win32K.sys ça te parle ?? Cdt JLuc

Bjr, petit tour d'horizon.. l'ordi ne s'éteint pas systématiquement quand je l'arrete par démarrer/Arréter. Ecran bleu régulièrement en vidéo avec VLC fenêtres qui ne se ferment pas toujours, obligé de rebooter.. A part ça, l'ordi fonctionne tt de même bcp mieux, j'arrive à bosser..mais je dois sauvegarder mes fichiers Excel à chaque modif car j'ai eu Excel+ 2 pages web = écran bleu.. La prochaine fois que ça arrivera, je noterai le message au cas où ... Cdt JLuc

Kikou !!! J'ai retrouvé le fichier Moveit!!! Le voici!! C:\WINDOWS\system\1065.exe moved successfully. C:\WINDOWS\System32\wxvoep.tmp moved successfully. C:\WINDOWS\System32\wrk123.tmp moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\admdll.dll C:\WINDOWS\System32\admdll.dll NOT unregistered. C:\WINDOWS\System32\admdll.dll moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07142008_181857

Bjr, la version de l'outil Ot moveit2 est la seconde car mon ordi a planté au moment où j'ai fait la manip. ca a peut être eu une incidence?? A part ça, après t'avoie envoyé le rapport hier, j'ai vidé la quarantaine de Housecall et j'ai refait un scan en ligne Kaspersky sur le disque C.. Il semblerait qu'il n'y ait plus d'infection Par contre, j'ai encore eu droit à un écran bleu hier soir. A suivre... En tt cas, merci de ton aide précieuse Jluc

Bjr, Voici les rapports. Ceci dit, ça fait des années que j'utilise le P2P et les keygen et c'est la première fois que j'ai une galère pareille...Comme quoi il y a un début à tout.... sic !!! Encore merci Cdt JLuc File/Folder C:\WINDOWS\system\1065.exe not found. File/Folder C:\WINDOWS\System32\wxvoep.tmp not found. File/Folder C:\WINDOWS\System32\wrk123.tmp not found. File/Folder C:\WINDOWS\System32\admdll.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_132534 KASPERSKY ON-LINE SCANNER REPORT Tuesday, July 15, 2008 1:22:56 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 15/07/2008 Enregistrements dans la base antivirus Kaspersky : 851039 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ E:\ F:\ G:\ H:\ Statistiques de l'analyse Total d'objets analysés 54241 Nombre de virus trouvés 5 Nombre d'objets infectés 6 / 0 Nombre d'objets suspects 0 Durée de l'analyse 04:07:46 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\JEAN-LUC\.housecall6.6\Quarantine\ftpdll.dll.bac_a01792 Infecté : Trojan-Dropper.Win32.Small.bgx ignoré C:\Documents and Settings\JEAN-LUC\.housecall6.6\Quarantine\loads.exe.bac_a01792 Infecté : Trojan-Downloader.Win32.Agent.lab ignoré C:\Documents and Settings\JEAN-LUC\Application Data\SPAMfighter\Logs\Agent.log.txt L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\Local Settings\Historique\History.IE5\MSHist012008071520080716\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\Local Settings\Temp\~DF7CE3.tmp L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\Mes documents\TRAVAIL\FFDSB\FICHIERS\FFDSB1 2008.03.05\FFDSB1 2008.07.15.xls L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\JEAN-LUC\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré C:\RECYCLER\S-1-5-21-2025429265-343818398-682003330-1003\Dc18\backups\backups.zip/backups/ie_updates3r.exe Infecté : Trojan-Downloader.Win32.Winlagons.xe ignoré C:\RECYCLER\S-1-5-21-2025429265-343818398-682003330-1003\Dc18\backups\backups.zip/backups/lsass.exe Infecté : Trojan.Win32.Starter.z ignoré C:\RECYCLER\S-1-5-21-2025429265-343818398-682003330-1003\Dc18\backups\backups.zip/backups/msvcrtd.exe Infecté : Trojan.Win32.Inject.dss ignoré C:\RECYCLER\S-1-5-21-2025429265-343818398-682003330-1003\Dc18\backups\backups.zip ZIP: infecté - 3 ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\RTacDbg.txt L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{760EF7BB-B804-4154-8D04-A5C0DA3E8A99}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.

re- Voici le rapport Cdt Jluc DiagHelp version v1.4 - http://www.malekal.com excute le 14/07/2008 à 12:58:20,51 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->14/07/2008 12:58:17 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->14/07/2008 12:58:16 C:\WINDOWS\prefetch\IZARC.EXE-2B73BBEB.pf -->14/07/2008 12:57:45 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->14/07/2008 12:57:35 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->14/07/2008 12:53:27 C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf -->14/07/2008 12:44:14 C:\WINDOWS\prefetch\MSIMN.EXE-38BA891D.pf -->14/07/2008 12:17:52 C:\WINDOWS\prefetch\Layout.ini -->14/07/2008 12:13:30 C:\WINDOWS\prefetch\AVAST.SETUP-032170A8.pf -->14/07/2008 11:57:26 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->14/07/2008 11:57:24 C:\WINDOWS\System32\drivers\AegisP.sys -->12/07/2008 22:31:10 C:\WINDOWS\System32\drivers\mbamcatchme.sys -->07/07/2008 17:35:36 C:\WINDOWS\System32\drivers\mbam.sys -->07/07/2008 17:35:30 C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:33:37 C:\WINDOWS\System32\drivers\aswSP.sys -->16/05/2008 01:20:32 C:\WINDOWS\System32\drivers\aswmon2.sys -->16/05/2008 01:18:33 C:\WINDOWS\System32\drivers\aswFsBlk.sys -->16/05/2008 01:16:06 C:\WINDOWS\System32\TZLog.log -->14/07/2008 11:23:11 C:\WINDOWS\System32\perfh00C.dat -->14/07/2008 11:21:08 C:\WINDOWS\System32\PerfStringBackup.INI -->14/07/2008 11:21:07 C:\WINDOWS\System32\perfh009.dat -->14/07/2008 11:21:07 C:\WINDOWS\System32\perfc00C.dat -->14/07/2008 11:21:07 C:\WINDOWS\System32\perfc009.dat -->14/07/2008 11:21:07 C:\WINDOWS\System32\wpa.dbl -->12/07/2008 18:16:04 C:\WINDOWS\System32\pid.PNF -->12/07/2008 17:48:23 C:\WINDOWS\System32\wxvoep.tmp -->12/07/2008 15:15:16 C:\WINDOWS\System32\wrk123.tmp -->11/07/2008 22:00:32 C:\WINDOWS\System32\admdll.dll -->11/07/2008 21:59:57 C:\WINDOWS\System32\spupdwxp.log -->09/07/2008 12:13:39 C:\WINDOWS\System32\FNTCACHE.DAT -->09/07/2008 12:07:26 C:\WINDOWS\System32\jupdate-1.6.0_06-b02.log -->07/07/2008 21:26:35 C:\WINDOWS\System32\$winnt$.inf -->06/07/2008 22:38:21 C:\WINDOWS\System32\wmpscheme.xml -->06/07/2008 22:30:20 C:\WINDOWS\System32\nscompat.tlb -->06/07/2008 22:30:18 C:\WINDOWS\System32\amcompat.tlb -->06/07/2008 22:30:18 C:\WINDOWS\System32\WindowsLogon.manifest -->06/07/2008 22:28:26 C:\WINDOWS\System32\logonui.exe.manifest -->06/07/2008 22:28:26 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->06/07/2008 22:28:13 C:\WINDOWS\System32\sapi.cpl.manifest -->06/07/2008 22:28:13 C:\WINDOWS\System32\nwc.cpl.manifest -->06/07/2008 22:28:13 C:\WINDOWS\System32\ncpa.cpl.manifest -->06/07/2008 22:28:13 C:\WINDOWS\System32\cdplayer.exe.manifest -->06/07/2008 22:28:13 C:\WINDOWS\RTacDbg.txt -->14/07/2008 11:53:16 C:\WINDOWS\setupapi.log -->14/07/2008 11:53:12 C:\WINDOWS\wiadebug.log -->14/07/2008 11:37:48 C:\WINDOWS\WindowsUpdate.log -->14/07/2008 11:37:47 C:\WINDOWS\wiaservc.log -->14/07/2008 11:37:46 C:\WINDOWS\0.log -->14/07/2008 11:37:36 C:\WINDOWS\bootstat.dat -->14/07/2008 11:37:34 C:\WINDOWS\SchedLgU.Txt -->14/07/2008 11:35:15 C:\WINDOWS\COM+.log -->14/07/2008 11:35:15 C:\WINDOWS\tsoc.log -->14/07/2008 11:23:52 C:\WINDOWS\tabletoc.log -->14/07/2008 11:23:52 C:\WINDOWS\ocmsn.log -->14/07/2008 11:23:52 C:\WINDOWS\ocgen.log -->14/07/2008 11:23:52 C:\WINDOWS\ntdtcsetup.log -->14/07/2008 11:23:52 C:\WINDOWS\netfxocm.log -->14/07/2008 11:23:52 winlogon.exe svchost.exe ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2004 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x10000000 0x11000 5.01.0000.2500 C:\WINDOWS\system32\btncopy.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x02730000 0x74000 4.00.0000.0092 C:\Program Files\SPAMfighter\Clients\Outlook Express\SFOE0001.dll 0x02240000 0x15000 5.01.0000.2500 C:\WINDOWS\system32\btmmhook.dll 0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x03840000 0x4c000 9.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 0x03440000 0x1b9000 2.00.0000.0007 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll 0x03600000 0x5b000 9.00.0000.0332 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x036e0000 0x9b000 C:\PROGRA~1\IZArc\IZArcCM.dll 0x037a0000 0x1e000 2.00.0000.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll 0x03990000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL 0x037c0000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x64f00000 0x12000 4.08.1201.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll 0x03ba0000 0x38000 3.00.0000.0058 C:\Program Files\a-squared Free\a2freecontmenu.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 708 Command line: winlogon.exe Base Size Version Path 0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6C6B-1C75 Répertoire de C:\WINDOWS\system 11/07/2008 20:38 51 200 1065.exe 15/10/2003 10:26 1 454 080 SmWizard.exe 2 fichier(s) 1 505 280 octets 0 Rép(s) 16 473 214 976 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6C6B-1C75 Répertoire de C:\WINDOWS\system32 13/04/2008 19:34 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 16 473 210 880 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6C6B-1C75 Répertoire de C:\WINDOWS\Downloaded Program Files 10/07/2008 09:43 <REP> . 10/07/2008 09:43 <REP> .. 19/12/2003 15:11 692 224 ActiveXWebCam.ocx 06/03/2007 22:06 442 AXWebMonProj1.inf 08/03/2007 02:47 489 472 AXWebMonProj1.ocx 11/05/2004 11:55 1 277 992 Banksht2.dll 06/07/2008 22:28 65 desktop.ini 25/07/2002 17:13 24 576 dwusplay.dll 25/07/2002 17:13 196 608 dwusplay.exe 23/11/2006 00:22 372 736 GAME_UNO1.dll 22/11/2006 21:50 316 GAME_UNO1.INF 26/06/2008 10:25 512 gp.inf 19/05/2008 09:29 1 570 hardwaredetection.inf 21/09/2007 15:15 727 hcImpl.inf 02/05/2008 14:22 385 536 Housecall_ActiveX.dll 11/08/2005 15:30 417 792 isusweb.dll 13/04/2007 15:27 367 LegitCheckControl.inf 29/05/2003 16:00 160 864 messengerstatsclient.dll 06/04/2004 19:03 172 072 MessengerStatsPAClient.dll 30/07/2007 19:24 295 muweb.inf 03/06/2004 10:04 520 349 RdxIE.dll 31/01/2007 00:04 <REP> Skin 09/11/2006 15:36 5 019 swflash.inf 30/07/2007 19:24 293 wuweb.inf 02/11/2005 18:01 1 777 xscan.inf 02/11/2005 18:07 435 712 xscan53.ocx 18/07/2006 14:35 151 080 ZIntro.ocx 24 fichier(s) 5 308 396 octets Répertoire de C:\WINDOWS\Downloaded Program Files\Skin 31/01/2007 00:04 <REP> . 31/01/2007 00:04 <REP> .. 31/01/2007 00:04 7 288 ASKUSER.wav 31/01/2007 00:04 25 326 BGIMG_ASKFORM.bmp 31/01/2007 00:04 25 326 BGIMG_CHATFORM.bmp 31/01/2007 00:04 25 326 BGIMG_IMFORM.bmp 31/01/2007 00:04 2 374 BTN_ACCEPT.bmp 31/01/2007 00:04 2 374 BTN_CANCEL.bmp 31/01/2007 00:04 43 974 BTN_CANCEL_ASK.bmp 31/01/2007 00:04 2 374 BTN_CLOSE.bmp 31/01/2007 00:04 2 374 BTN_CREATE.bmp 31/01/2007 00:04 2 518 BTN_DECLINE.bmp 31/01/2007 00:04 2 374 BTN_MEMBER.bmp 31/01/2007 00:04 2 374 BTN_SEND.bmp 31/01/2007 00:04 43 974 BTN_SEND_ASK.bmp 31/01/2007 00:04 43 974 BTN_SEND_IM.bmp 31/01/2007 00:04 2 374 BTN_UPDATE.bmp 31/01/2007 00:04 9 270 Buddy_1.bmp 31/01/2007 00:04 9 270 Buddy_2.bmp 31/01/2007 00:04 9 270 Buddy_3.bmp 31/01/2007 00:04 9 270 Buddy_4.bmp 31/01/2007 00:04 9 270 Buddy_5.bmp 31/01/2007 00:04 9 270 Buddy_6.bmp 31/01/2007 00:04 9 270 Buddy_7.bmp 31/01/2007 00:04 9 270 Buddy_8.bmp 31/01/2007 00:04 9 270 Buddy_9.bmp 31/01/2007 00:04 4 252 CHANGE_USER_STATUS.wav 31/01/2007 00:04 2 252 colors.ini 31/01/2007 00:04 24 198 ENTER_ROOM.wav 31/01/2007 00:04 4 638 EXIT_ROOM.wav 31/01/2007 00:04 370 IMG_ADMINROOM_SMALL.bmp 31/01/2007 00:04 370 IMG_ADMINUSER_SMALL1.bmp 31/01/2007 00:04 370 IMG_ADMINUSER_SMALL2.bmp 31/01/2007 00:04 370 IMG_ADMINUSER_SMALL3.bmp 31/01/2007 00:04 822 IMG_GREP.bmp 31/01/2007 00:04 370 IMG_HANDUP.bmp 31/01/2007 00:04 1 582 IMG_IGNORE.bmp 31/01/2007 00:04 2 102 IMG_IM_TOPMIDDLE.bmp 31/01/2007 00:04 78 694 IMG_ONLYONE.bmp 31/01/2007 00:04 1 582 IMG_SILENTMODE.bmp 31/01/2007 00:04 1 582 IMG_STATUSAWAY.bmp 31/01/2007 00:04 1 582 IMG_STATUSBUSY.bmp 31/01/2007 00:04 1 582 IMG_STATUSLUNCH.bmp 31/01/2007 00:04 78 694 IMG_USERBANNED.bmp 31/01/2007 00:04 1 582 IMG_VOICEON.bmp 31/01/2007 00:04 1 582 IMG_WAITFORMIC.bmp 31/01/2007 00:04 1 782 IMG_WEBCAM.bmp 31/01/2007 00:04 9 996 IM_MESSAGE.wav 31/01/2007 00:04 7 288 INVITE.wav 31/01/2007 00:04 2 086 LBL_CHOOSEICON.bmp 31/01/2007 00:04 1 974 LBL_ROOMNAME.bmp 31/01/2007 00:04 2 254 LBL_USERNAME.bmp 31/01/2007 00:04 2 254 LBL_YOURPASSWORD.bmp 31/01/2007 00:04 31 030 LOGO_ASKFORM_TOP.bmp 31/01/2007 00:04 10 618 LOGO_LEFTTOP.bmp 31/01/2007 00:04 12 958 LOGO_RIGHTTOP.bmp 31/01/2007 00:04 12 545 messages.ini 31/01/2007 00:04 1 582 ROOM_CLASS_PRIV.bmp 31/01/2007 00:04 1 582 ROOM_CLASS_PUB.bmp 31/01/2007 00:04 1 582 ROOM_NORMAL_PRIV.bmp 31/01/2007 00:04 370 ROOM_NORMAL_PUB.bmp 31/01/2007 00:04 334 SMILEY_1.bmp 31/01/2007 00:04 334 SMILEY_10.bmp 31/01/2007 00:04 334 SMILEY_11.bmp 31/01/2007 00:04 334 SMILEY_12.bmp 31/01/2007 00:04 334 SMILEY_13.bmp 31/01/2007 00:04 334 SMILEY_14.bmp 31/01/2007 00:04 334 SMILEY_15.bmp 31/01/2007 00:04 334 SMILEY_16.bmp 31/01/2007 00:04 334 SMILEY_17.bmp 31/01/2007 00:04 334 SMILEY_18.bmp 31/01/2007 00:04 334 SMILEY_19.bmp 31/01/2007 00:04 334 SMILEY_2.bmp 31/01/2007 00:04 334 SMILEY_20.bmp 31/01/2007 00:04 334 SMILEY_21.bmp 31/01/2007 00:04 334 SMILEY_22.bmp 31/01/2007 00:04 334 SMILEY_23.bmp 31/01/2007 00:04 334 SMILEY_24.bmp 31/01/2007 00:04 334 SMILEY_3.bmp 31/01/2007 00:04 334 SMILEY_4.bmp 31/01/2007 00:04 334 SMILEY_5.bmp 31/01/2007 00:04 334 SMILEY_6.bmp 31/01/2007 00:04 334 SMILEY_7.bmp 31/01/2007 00:04 334 SMILEY_8.bmp 31/01/2007 00:04 334 SMILEY_9.bmp 31/01/2007 00:04 10 958 TAB_ASK.bmp 31/01/2007 00:04 10 958 TAB_IM.bmp 31/01/2007 00:04 17 570 TAB_PROFILE.bmp 31/01/2007 00:04 1 438 TBTN_CLEAR.bmp 31/01/2007 00:04 1 334 TBTN_CREATEROOM.bmp 31/01/2007 00:04 1 350 TBTN_FONTBKCOLOR.bmp 31/01/2007 00:04 1 350 TBTN_FONTBOLD.bmp 31/01/2007 00:04 1 350 TBTN_FONTCOLOR.bmp 31/01/2007 00:04 1 350 TBTN_FONTDEFSIZE.bmp 31/01/2007 00:04 1 350 TBTN_FONTITALIC.bmp 31/01/2007 00:04 1 350 TBTN_FONTLARGER.bmp 31/01/2007 00:04 1 350 TBTN_FONTSMALLER.bmp 31/01/2007 00:04 1 350 TBTN_FONTTYPE.bmp 31/01/2007 00:04 1 350 TBTN_FONTUNDERLINE.bmp 31/01/2007 00:04 1 438 TBTN_IGNORE.bmp 31/01/2007 00:04 246 TBTN_MICROPHONE.bmp 31/01/2007 00:04 334 TBTN_SMILEY.bmp 31/01/2007 00:04 1 438 TBTN_UNIGNORE.bmp 31/01/2007 00:04 246 TBTN_USERPROP.bmp 31/01/2007 00:04 246 TBTN_VOLUME.bmp 31/01/2007 00:04 370 USER_1.bmp 31/01/2007 00:04 370 USER_10.bmp 31/01/2007 00:04 370 USER_11.bmp 31/01/2007 00:04 370 USER_12.bmp 31/01/2007 00:04 370 USER_13.bmp 31/01/2007 00:04 370 USER_14.bmp 31/01/2007 00:04 370 USER_15.bmp 31/01/2007 00:04 370 USER_16.bmp 31/01/2007 00:04 370 USER_17.bmp 31/01/2007 00:04 370 USER_18.bmp 31/01/2007 00:04 370 USER_19.bmp 31/01/2007 00:04 370 USER_2.bmp 31/01/2007 00:04 370 USER_20.bmp 31/01/2007 00:04 370 USER_21.bmp 31/01/2007 00:04 370 USER_22.bmp 31/01/2007 00:04 370 USER_23.bmp 31/01/2007 00:04 370 USER_24.bmp 31/01/2007 00:04 370 USER_25.bmp 31/01/2007 00:04 370 USER_26.bmp 31/01/2007 00:04 370 USER_27.bmp 31/01/2007 00:04 370 USER_28.bmp 31/01/2007 00:04 370 USER_29.bmp 31/01/2007 00:04 370 USER_3.bmp 31/01/2007 00:04 370 USER_30.bmp 31/01/2007 00:04 370 USER_31.bmp 31/01/2007 00:04 370 USER_32.bmp 31/01/2007 00:04 370 USER_33.bmp 31/01/2007 00:04 370 USER_34.bmp 31/01/2007 00:04 370 USER_35.bmp 31/01/2007 00:04 370 USER_36.bmp 31/01/2007 00:04 370 USER_37.bmp 31/01/2007 00:04 370 USER_38.bmp 31/01/2007 00:04 370 USER_39.bmp 31/01/2007 00:04 370 USER_4.bmp 31/01/2007 00:04 370 USER_40.bmp 31/01/2007 00:04 370 USER_41.bmp 31/01/2007 00:04 370 USER_42.bmp 31/01/2007 00:04 370 USER_43.bmp 31/01/2007 00:04 370 USER_44.bmp 31/01/2007 00:04 370 USER_45.bmp 31/01/2007 00:04 370 USER_46.bmp 31/01/2007 00:04 370 USER_47.bmp 31/01/2007 00:04 370 USER_48.bmp 31/01/2007 00:04 370 USER_49.bmp 31/01/2007 00:04 370 USER_5.bmp 31/01/2007 00:04 370 USER_50.bmp 31/01/2007 00:04 370 USER_51.bmp 31/01/2007 00:04 370 USER_52.bmp 31/01/2007 00:04 370 USER_53.bmp 31/01/2007 00:04 370 USER_54.bmp 31/01/2007 00:04 370 USER_55.bmp 31/01/2007 00:04 370 USER_56.bmp 31/01/2007 00:04 370 USER_57.bmp 31/01/2007 00:04 370 USER_58.bmp 31/01/2007 00:04 370 USER_59.bmp 31/01/2007 00:04 370 USER_6.bmp 31/01/2007 00:04 370 USER_60.bmp 31/01/2007 00:04 370 USER_7.bmp 31/01/2007 00:04 370 USER_8.bmp 31/01/2007 00:04 370 USER_9.bmp 31/01/2007 00:04 370 USER_ADMIN.bmp 31/01/2007 00:04 1 462 USER_FRAME.bmp 31/01/2007 00:04 1 582 USER_SUBADMIN.bmp 166 fichier(s) 718 217 octets Total des fichiers listés : 190 fichier(s) 6 026 613 octets 5 Rép(s) 16 473 161 728 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "F:\\eChanblard\\emule.exe"="F:\\eChanblard\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 12:59:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 132 - sfus.exe 180 - svchost.exe 388 - ashDisp.exe 484 - ashMaiSv.exe 508 - ashWebSv.exe 608 - alg.exe 660 - LVCOMSX.EXE 684 - csrss.exe 708 - winlogon.exe 736 - svchost.exe 752 - services.exe 764 - lsass.exe 868 - Keyhook.exe 912 - svchost.exe 960 - svchost.exe 1000 - svchost.exe 1108 - Rambooster.exe 1244 - svchost.exe 1492 - ashServ.exe 1572 - SFAgent.exe 2004 - explorer.exe 2124 - iPodService.exe 2176 - BTTray.exe 2320 - WlanCU.exe 2648 - iexplore.exe 3820 - cmd.exe Total number of processes = 27 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EE000 - \WINDOWS\system32\hal.dll F79FC000 - \WINDOWS\system32\KDCOM.DLL F790C000 - \WINDOWS\system32\BOOTVID.dll F74AC000 - ACPI.sys F79FE000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F749B000 - pci.sys F74FC000 - isapnp.sys F7AC4000 - pciide.sys F777C000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F750C000 - MountMgr.sys F747C000 - ftdisk.sys F7A00000 - dmload.sys F7456000 - dmio.sys F7784000 - PartMgr.sys F751C000 - VolSnap.sys F743E000 - atapi.sys F752C000 - disk.sys F753C000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F741E000 - fltmgr.sys F7407000 - KSecDD.sys F737A000 - Ntfs.sys F734D000 - NDIS.sys F754C000 - SISAGPX.sys F7333000 - Mup.sys F76CC000 - \SystemRoot\System32\DRIVERS\amdk7.sys F6D7E000 - \SystemRoot\system32\DRIVERS\sisgrp.sys F6D6A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F76DC000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F77E4000 - \SystemRoot\System32\DRIVERS\mouclass.sys F77EC000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F76EC000 - \SystemRoot\System32\DRIVERS\imapi.sys F76FC000 - \SystemRoot\System32\DRIVERS\cdrom.sys F770C000 - \SystemRoot\System32\DRIVERS\redbook.sys F6D47000 - \SystemRoot\System32\DRIVERS\ks.sys F77F4000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F6C8E000 - \SystemRoot\system32\drivers\cmuda.sys F6C6A000 - \SystemRoot\system32\drivers\portcls.sys F772C000 - \SystemRoot\system32\drivers\drmk.sys F77FC000 - \SystemRoot\System32\DRIVERS\usbohci.sys F6C46000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F7804000 - \SystemRoot\System32\DRIVERS\usbehci.sys F780C000 - \SystemRoot\System32\DRIVERS\sisnic.sys F7814000 - \SystemRoot\System32\DRIVERS\fdc.sys F6C35000 - \SystemRoot\System32\DRIVERS\serial.sys F79E8000 - \SystemRoot\System32\DRIVERS\serenum.sys F6C21000 - \SystemRoot\System32\DRIVERS\parport.sys F79EC000 - \SystemRoot\System32\DRIVERS\gameenum.sys F6B52000 - \SystemRoot\system32\DRIVERS\btkrnl.sys F7B68000 - \SystemRoot\System32\DRIVERS\audstub.sys F44DB000 - \SystemRoot\System32\DRIVERS\rasirda.sys F44D3000 - \SystemRoot\System32\DRIVERS\TDI.SYS F345C000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F79C0000 - \SystemRoot\System32\DRIVERS\ndistapi.sys EFD54000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F344C000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F343C000 - \SystemRoot\System32\DRIVERS\raspptp.sys EFD43000 - \SystemRoot\System32\DRIVERS\psched.sys F342C000 - \SystemRoot\System32\DRIVERS\msgpc.sys F78D4000 - \SystemRoot\System32\DRIVERS\ptilink.sys F78E4000 - \SystemRoot\System32\DRIVERS\raspti.sys EE7BD000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F554B000 - \SystemRoot\System32\DRIVERS\termdd.sys F7A4E000 - \SystemRoot\System32\DRIVERS\swenum.sys EE75F000 - \SystemRoot\System32\DRIVERS\update.sys EE811000 - \SystemRoot\System32\DRIVERS\mssmbios.sys B5FB1000 - \SystemRoot\system32\drivers\btaudio.sys F277B000 - \SystemRoot\System32\Drivers\NDProxy.SYS F340C000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7A76000 - \SystemRoot\System32\DRIVERS\USBD.SYS F7A52000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7BF4000 - \SystemRoot\System32\Drivers\Null.SYS F7A54000 - \SystemRoot\System32\Drivers\Beep.SYS F77C4000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F78FC000 - \SystemRoot\System32\drivers\vga.sys F7A56000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7A88000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F77CC000 - \SystemRoot\System32\Drivers\Msfs.SYS F77BC000 - \SystemRoot\System32\Drivers\Npfs.SYS F605E000 - \SystemRoot\System32\DRIVERS\rasacd.sys B5F7E000 - \SystemRoot\System32\DRIVERS\ipsec.sys B5F25000 - \SystemRoot\System32\DRIVERS\tcpip.sys F278B000 - \SystemRoot\System32\Drivers\aswTdi.SYS B5EFD000 - \SystemRoot\System32\DRIVERS\netbt.sys B5EDB000 - \SystemRoot\System32\drivers\afd.sys F279B000 - \SystemRoot\System32\DRIVERS\netbios.sys F79A0000 - \SystemRoot\system32\DRIVERS\srvkp.sys B5EB0000 - \SystemRoot\System32\DRIVERS\rdbss.sys B5E40000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F271B000 - \SystemRoot\System32\Drivers\Fips.SYS B5E1A000 - \SystemRoot\System32\DRIVERS\ipnat.sys F270B000 - \SystemRoot\System32\DRIVERS\wanarp.sys B5E03000 - \SystemRoot\System32\Drivers\aswSP.SYS F5447000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F5437000 - \SystemRoot\System32\DRIVERS\usbccgp.sys EFE9A000 - \SystemRoot\System32\Drivers\Cdfs.SYS F3C7F000 - \SystemRoot\system32\drivers\lvusbsta.sys B5C8C000 - \SystemRoot\System32\DRIVERS\LVCM.sys B5A71000 - \SystemRoot\System32\DRIVERS\lvsvf2.sys EFE8A000 - \SystemRoot\System32\DRIVERS\STREAM.SYS F273B000 - \SystemRoot\system32\drivers\usbaudio.sys B5A59000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7A5A000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F605A000 - \SystemRoot\System32\drivers\Dxapi.sys F541F000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7BD1000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\SiSGRV.dll F44F3000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys F5417000 - \SystemRoot\system32\DRIVERS\AegisP.sys B5933000 - \SystemRoot\System32\DRIVERS\irda.sys B59D5000 - \SystemRoot\System32\DRIVERS\ndisuio.sys B58A5000 - \SystemRoot\System32\Drivers\aswMon2.SYS B5788000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F7A26000 - \SystemRoot\System32\Drivers\ParVdm.SYS B56BE000 - \SystemRoot\System32\DRIVERS\srv.sys B568A000 - \SystemRoot\System32\Drivers\aswRdr.SYS B5479000 - \SystemRoot\system32\drivers\wdmaud.sys B5506000 - \SystemRoot\system32\drivers\sysaudio.sys B527A000 - \SystemRoot\System32\Drivers\HTTP.sys B4949000 - \SystemRoot\system32\DRIVERS\RTL8187B.sys B4A72000 - \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys B4856000 - \SystemRoot\system32\drivers\kmixer.sys F7B7A000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 125 Liste des programmes installes a-squared Free 3.5 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 9 - Français Assistant de connexion Windows Live avast! Antivirus C-Media WDM Audio Driver CameraWare Camtasia Studio 4 CCleaner (remove only) Cimaware OfficeFIX 6 Code de la Route - 5 Examens Blancs Darkstone FileZilla (remove only) GammonEmpire Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer HijackThis 2.0.2 iTunes IZArc 3.81 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 6 Update 6 L&H TTS3000 Français Lexmark X1100 Series LimeWire 4.12.6 Logiciel QuickCam de Logitech Macromedia Shockwave Player Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Professional Edition 2003 Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Windows XP (KB950759) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB951978) MSXML 4.0 SP2 (KB936181) Nero 7 Premium OpenOffice.org Installer 1.0 Programme de gestion Camera de Logitech® Ricoh Caplio RR730 Digital Camera Driver Réussir son Code de la Route 2005 SiS 661FX_760_741_M661FX_M760_M741 SiS 900 PCI Fast Ethernet Adapter Driver SPAMfighter SPAMfighter TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility Ulead Photo Express 5 SE VideoLAN VLC media player 0.8.6h WebcamNow Broadcaster 5 WebFldrs XP WIDCOMM Bluetooth Software Windows Clean-Up Pro Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Live installer Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Registry Repair Pro Windows XP Service Pack 3 Yahoo! Messenger Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6C6B-1C75 Répertoire de C:\Program Files 14/07/2008 11:17 <REP> . 14/07/2008 11:17 <REP> .. 21/12/2007 18:11 <REP> 3B Software 17/08/2006 16:37 <REP> ACE Mega CoDecS Pack 07/07/2008 20:58 <REP> Adobe 29/10/2007 22:21 <REP> Alwil Software 27/09/2007 11:38 <REP> Apple Software Update 07/07/2008 22:34 <REP> a-squared Free 23/11/2007 15:00 <REP> Babylon 27/06/2008 12:52 <REP> CCleaner 21/11/2007 10:54 <REP> Cimaware 19/03/2007 03:45 <REP> C-Media 3D Audio 06/07/2008 22:25 <REP> ComPlus Applications 18/06/2008 23:06 <REP> Customer 04/08/2006 21:29 <REP> Delphine Software 09/06/2007 17:48 <REP> eChanblard 19/04/2007 15:44 <REP> ffdshow 25/06/2008 16:16 <REP> Fichiers communs 12/01/2007 12:08 <REP> FileZilla 04/07/2008 16:13 <REP> GammonEmpire 04/08/2007 11:47 <REP> Google 24/08/2006 02:19 <REP> HookUpFinder 12/07/2008 15:47 <REP> Internet Explorer 05/04/2007 11:56 <REP> iPod 05/04/2007 11:56 <REP> iTunes 09/11/2007 10:54 <REP> IZArc 07/07/2008 21:26 <REP> Java 03/01/2008 19:49 <REP> Lexmark X1100 Series 15/09/2006 10:20 <REP> LimeWire 09/03/2007 10:44 <REP> Logitech 07/07/2008 20:19 <REP> ma-config.com 13/07/2008 14:36 <REP> Malwarebytes' Anti-Malware 19/04/2007 15:44 <REP> Media Player Classic(2) 09/07/2008 11:53 <REP> Messenger 03/09/2006 16:14 <REP> Micro Application 04/08/2006 18:32 <REP> microsoft frontpage 13/11/2007 10:30 <REP> Microsoft Office 13/11/2007 10:38 <REP> Microsoft.NET 09/07/2008 11:51 <REP> Movie Maker 19/04/2007 15:44 <REP> MSN 04/08/2006 18:27 <REP> MSN Gaming Zone 14/07/2008 11:17 <REP> MSXML 4.0 19/03/2007 03:59 <REP> Multimedia V3.54 04/08/2006 21:51 <REP> Nero 09/07/2008 11:43 <REP> NetMeeting 07/07/2008 21:08 <REP> NOS 21/06/2008 23:32 <REP> OLITEC 09/07/2008 11:43 <REP> Outlook Express 12/07/2008 17:21 <REP> QuickTime 20/08/2006 19:09 <REP> Real 10/01/2007 01:35 <REP> RegCleaner 19/12/2007 14:59 <REP> RegistryFix 03/01/2008 16:56 <REP> Ricoh Caplio RR730 Digital Camera 25/09/2006 17:11 <REP> Securitoo 04/08/2006 18:27 <REP> Services en ligne 19/03/2007 03:46 <REP> SiSLan 14/07/2008 12:52 <REP> SPAMfighter 09/07/2008 22:30 <REP> Spybot - Search & Destroy 07/07/2008 21:26 <REP> Sun 04/08/2007 18:13 <REP> TechSmith 11/07/2008 10:48 <REP> Trend Micro 12/07/2008 22:30 <REP> TRENDnet 25/06/2008 00:10 <REP> Uniblue 17/08/2006 18:41 <REP> VideoLAN 07/06/2007 00:04 <REP> Wanadoo 19/04/2007 19:16 <REP> WebcamNow 03/07/2007 09:25 <REP> WebcamNow Broadcaster 5 12/04/2008 15:28 <REP> WIDCOMM 25/06/2008 16:18 <REP> Windows Live 26/06/2007 20:03 <REP> Windows Media Connect 2 09/07/2008 11:52 <REP> Windows Media Player 02/09/2006 13:13 <REP> Windows Messaging 09/07/2008 11:43 <REP> Windows NT 04/08/2006 18:32 <REP> xerox 11/01/2007 14:25 <REP> Yahoo! 0 fichier(s) 0 octets 75 Rép(s) 16 472 616 960 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6C6B-1C75 Répertoire de C:\Program Files\fichiers communs 25/06/2008 16:16 <REP> . 25/06/2008 16:16 <REP> .. 07/07/2008 21:00 <REP> Adobe 04/08/2006 21:51 <REP> Ahead 21/06/2008 23:15 <REP> Ankiro 21/06/2008 23:14 <REP> Application 02/09/2006 13:15 <REP> DESIGNER 26/06/2008 10:17 <REP> InstallShield 17/08/2006 13:26 <REP> Java 30/10/2007 00:09 <REP> KAV Shared Files 14/08/2006 15:56 <REP> Logitech 25/06/2008 16:17 <REP> Microsoft Shared 04/08/2006 18:29 <REP> MSSoap 04/08/2006 19:00 <REP> ODBC 20/08/2006 19:22 <REP> Real 04/08/2006 18:29 <REP> Services 04/08/2006 19:00 <REP> SpeechEngines 09/07/2008 11:43 <REP> System 0 fichier(s) 0 octets 18 Rép(s) 16 472 616 960 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6C6B-1C75 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 12/11/2007 15:15 <REP> . 12/11/2007 15:15 <REP> .. 12/11/2007 15:15 <REP> 1033 13/11/2007 10:39 <REP> 1036 25/04/2006 22:33 967 952 MSONSEXT.DLL 02/05/2006 20:37 40 208 MSOSV.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 06/08/2000 10:04 401 462 MSVCP60.DLL 22/01/2001 04:25 69 632 PKMAXCTL.DLL 22/01/2001 04:25 872 448 PKMCDO.DLL 22/01/2001 04:25 159 744 PKMCORE.DLL 07/02/2001 10:59 106 496 PKMFORMS.DLL 22/01/2001 04:25 671 744 PKMRES.DLL 22/01/2001 04:25 28 672 PKMSSTLB.DLL 22/01/2001 04:25 40 960 PKMTEMPL.DLL 22/01/2001 04:25 24 576 PKMTRACE.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 22/01/2001 04:25 237 568 PROMDEMO.DLL 22/01/2001 04:25 184 320 SECMGR.DLL 22/01/2001 04:25 323 584 VAIDDMGR.DLL 22/01/2001 04:25 32 768 VAIMEM.DLL 18 fichier(s) 4 492 552 octets 4 Rép(s) 16 472 612 864 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6C6B-1C75 Répertoire de C:\ 31/10/2005 17:56 700 416 StubInstaller.exe 1 fichier(s) 700 416 octets 0 Rép(s) 16 472 612 864 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe c:\Documents and Settings\JEAN-LUC\.housecall6.6\getMac.exe c:\Documents and Settings\JEAN-LUC\.housecall6.6\patch.exe c:\Documents and Settings\JEAN-LUC\.housecall6.6\TSC.exe c:\Documents and Settings\JEAN-LUC\.limewire\.NetworkShare\LimeWireWin4.14.10.exe c:\Documents and Settings\JEAN-LUC\Application Data\Microsoft\Installer\{259A3E6B-570E-47F0-A3C5-5E5BF958F148}\_16496df1.exe c:\Documents and Settings\JEAN-LUC\Application Data\Microsoft\Installer\{259A3E6B-570E-47F0-A3C5-5E5BF958F148}\_18be6784.exe c:\Documents and Settings\JEAN-LUC\Application Data\Microsoft\Installer\{259A3E6B-570E-47F0-A3C5-5E5BF958F148}\_294823.exe c:\Documents and Settings\JEAN-LUC\Application Data\Microsoft\Installer\{259A3E6B-570E-47F0-A3C5-5E5BF958F148}\_2cd672ae.exe c:\Documents and Settings\JEAN-LUC\Application Data\Microsoft\Installer\{259A3E6B-570E-47F0-A3C5-5E5BF958F148}\_4ae13d6c.exe c:\Documents and Settings\JEAN-LUC\Application Data\Microsoft\Installer\{259A3E6B-570E-47F0-A3C5-5E5BF958F148}\_69525f90.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\catchme.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\download.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\ERUNT.EXE c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\FixPath.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\grep.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\isadmin.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\Process.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\procs.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\psservice.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\sed.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\shutdown.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\vfind.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\WINMSG.EXE c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\Replace\regedit.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\JEAN-LUC\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\catchme.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\diff.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\dumphive.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\find2.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\Fport.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\grep.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\gzip.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\KProcCheck.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\LFiles.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\LISTDLLS.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\md5sums.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\pslist.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\sigcheck.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\streams.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\swreg.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\PP2Z4T6J\DiagHelp[1]\DiagHelp\tar.exe c:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\Content.IE5\WS2R5G7P\mbam-setup[1].exe c:\Documents and Settings\JEAN-LUC\Mes documents\vlc-0.8.6a-win32.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\catchme.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\diff.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\dumphive.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\find2.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\Fport.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\grep.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\gzip.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\KProcCheck.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\LFiles.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\LISTDLLS.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\md5sums.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\pslist.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\sigcheck.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\streams.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\swreg.exe c:\Documents and Settings\JEAN-LUC\Mes documents\DiagHelp\tar.exe c:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\ChickenInvadersROTYdemoInstaller341.exe c:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\HiJackThis.exe c:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\keygen.exe c:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\memtest.exe c:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\repareoe.exe c:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\excellent!\Biere.exe c:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\MemTest\memtest.exe c:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\Rambooster\Rambooster.exe c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HKS4L5WA\iTunesSetupAdmin[1].exe c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HKS4L5WA\iTunesSetupAdmin[2].exe c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HKS4L5WA\iTunesSetupAdmin[3].exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_BAZIN-LTPYRQXNJ.tar.gz a l'adresse http://upload.malekal.com

Bjr, Un peu étheré ce matin ... lol Voici le rapport en espèrant que je ne me soies pas planté Cdt JLuc Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 6C6B-1C75 R‚pertoire de c:\windows\tasks 25/06/2008 02:26 270 Uniblue SpyEraser Nag.job 25/06/2008 02:26 344 Uniblue SpyEraser.job 2 fichier(s) 614 octets 0 R‚p(s) 16ÿ476ÿ127ÿ232 octets libres

bonjour, Retour de fiesta ...pendant que le scan s'effectuait. (he oui, il faut bien s'occuper pendant que la bécane mouline plutôt que de rester passif.. SURPRISE !!! pendant que MBAM moulinait, AVASt (que j'avais omis de neutraliser), m'a affiché un trojan.gen...??? A part ça, mon ordi semble fonctionner normalement a part qu'il rame un peu M'enfin ??? Cdt JLuc Malwarebytes' Anti-Malware 1.20 Version de la base de données: 944 Windows 5.1.2600 Service Pack 3 00:48:55 14/07/2008 mbam-log-7-14-2008 (00-48-55).txt Type de recherche: Examen complet (C:\|E:\|F:\|) Eléments examinés: 83979 Temps écoulé: 10 hour(s), 10 minute(s), 28 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 14 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows registry repair pro (Backdoor.Bot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\sk43ox.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\szwg63.exe (Trojan.Peed) -> Quarantined and deleted successfully. E:\JEAN-LUC\ie_updates3r.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Log\log_2007_02_20_14_56_03.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Log\log_2007_02_20_14_56_05.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Log\log_2007_02_20_20_12_32.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Log\log_2007_02_21_08_53_40.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\JEAN-LUC\Application Data\RegistrySmart\Registry Backups\2007-02-20_15-03-41.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\winload.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thvu789.exe (Heuristics.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thvu794.exe (Heuristics.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\lsass.ini (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Bonjour Gof, Franchement, tu m'impressionnes... Voici les rappors. Cependant je n'i pas retrouvé le fichier Glauck.reg dans mon ordi pour l'effacer...de tte façon, je pense que je le retrouverai à l'occase.. Ceci dit, quand je vois l'heure à laquelle tu as répondu à mon message, je pense que tu n'es pas un adepte des 35h00...lol Cdt Jluc Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:28:44, on 13/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe C:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\Rambooster\Rambooster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O4 - HKCU\..\Run: [RamBooster] C:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\Rambooster\Rambooster.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5...WebMonProj1.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20ba8a7d20b099...ip/RdxIE601.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214402286015 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214599837765 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 9982 bytes Username "JEAN-LUC" - 13/07/2008 13:20:41 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.116.110 85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{32D5F29A-D37B-469C-A31A-7E9A5D55AB38} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{330FFB87-4285-4E62-81FF-3A01F4B41E74} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3F96B31F-D341-46EB-905C-F2EC807B9091} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{482FEA43-9B14-4196-B118-0D854566ED50} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8F581676-0A20-418D-B2DE-086395DEA7F7} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{91611D76-77E1-418B-ACEB-8DA7153781A1} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B7DCB220-E626-4DFD-9716-835A56B3902E} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CBCEAFA1-2968-4CE9-96DF-B975ADC4496C} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DC3B69EF-0A2C-4FFC-877F-D7C52BF051B6} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F50BA4C4-E459-4755-8E33-33E72A16C65B} "nameserver"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{32D5F29A-D37B-469C-A31A-7E9A5D55AB38} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{330FFB87-4285-4E62-81FF-3A01F4B41E74} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3F96B31F-D341-46EB-905C-F2EC807B9091} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{482FEA43-9B14-4196-B118-0D854566ED50} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8F581676-0A20-418D-B2DE-086395DEA7F7} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{90BCE144-EF31-486D-ACED-CBE37F11A193} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{91611D76-77E1-418B-ACEB-8DA7153781A1} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93E8D910-26FF-4E17-8A53-F322570E4872} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B7DCB220-E626-4DFD-9716-835A56B3902E} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CBCEAFA1-2968-4CE9-96DF-B975ADC4496C} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DC3B69EF-0A2C-4FFC-877F-D7C52BF051B6} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F50BA4C4-E459-4755-8E33-33E72A16C65B} "DhcpNameServer"="85.255.116.110,85.255.112.108" <Value cleared. Cache de résolution DNS vidé. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. C:\WINDOWS\System32\3.dat Deleted .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe" "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start" "SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Windows Registry Repair Pro"="C:\\Program Files\\3B Software\\Windows Registry Repair Pro\\RegistryRepairPro.exe 4" "RamBooster"="C:\\Documents and Settings\\JEAN-LUC\\Mes documents\\Jean Luc BAZIN\\Rambooster\\Rambooster.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~

Re- Excuse si j'ai mal fait la manip..; je suis qque peu néophite en la matière .. Ceci dit, je te remercie encore pour tout car j'ai refait un scan en ligne par housecall et il semblerait que ma bécane soie nettoyée... En tt cas elle tourne mieux. J"ai un autre petit pbl d'UC saturée quand je lance VLC.. Y a-t'il une explication ??? Merci encore Cdt JLuc Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:08:21, on 12/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O4 - HKCU\..\Run: [RamBooster] C:\Documents and Settings\JEAN-LUC\Mes documents\Jean Luc BAZIN\Rambooster\Rambooster.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5...WebMonProj1.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20ba8a7d20b099...ip/RdxIE601.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214402286015 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214599837765 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{32D5F29A-D37B-469C-A31A-7E9A5D55AB38}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{330FFB87-4285-4E62-81FF-3A01F4B41E74}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{3F96B31F-D341-46EB-905C-F2EC807B9091}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{482FEA43-9B14-4196-B118-0D854566ED50}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{8F581676-0A20-418D-B2DE-086395DEA7F7}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{91611D76-77E1-418B-ACEB-8DA7153781A1}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{B7DCB220-E626-4DFD-9716-835A56B3902E}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{CBCEAFA1-2968-4CE9-96DF-B975ADC4496C}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC3B69EF-0A2C-4FFC-877F-D7C52BF051B6}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{F50BA4C4-E459-4755-8E33-33E72A16C65B}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.110 85.255.112.108 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 11151 bytes

Bonjour Gof, Merci de tes explications simples et claires grâce auxquelles les sciences de l'informatique semblent évidentes. Voici les rapports, il y en avait un 3° que je me suis permis de te joindre Cdt JLuc Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:18:46, on 12/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5...WebMonProj1.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20ba8a7d20b099...ip/RdxIE601.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214402286015 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214599837765 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{32D5F29A-D37B-469C-A31A-7E9A5D55AB38}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{330FFB87-4285-4E62-81FF-3A01F4B41E74}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{3F96B31F-D341-46EB-905C-F2EC807B9091}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{482FEA43-9B14-4196-B118-0D854566ED50}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{8F581676-0A20-418D-B2DE-086395DEA7F7}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{91611D76-77E1-418B-ACEB-8DA7153781A1}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{B7DCB220-E626-4DFD-9716-835A56B3902E}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{CBCEAFA1-2968-4CE9-96DF-B975ADC4496C}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC3B69EF-0A2C-4FFC-877F-D7C52BF051B6}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\..\{F50BA4C4-E459-4755-8E33-33E72A16C65B}: NameServer = 85.255.116.110,85.255.112.108 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.110 85.255.112.108 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 11262 bytes SDFix: Version 1.204 Run by JEAN-LUC on 12/07/2008 at 15:44 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\JEAN-LUC\Bureau\SDFix Checking Services : Name : Google Online Services ICF msupdate winlogin Path : C:\Documents and Settings\JEAN-LUC\ie_updates3r.exe -A C:\WINDOWS\system32\svchost.exe:exe.exe c:\windows\system32\msvcrtd.exe C:\WINDOWS\lsass.exe Google Online Services - Deleted ICF - Deleted msupdate - Deleted winlogin - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\PHC98E~1.BMP - Deleted C:\WINDOWS\SYSTEM32\BLPHC9~1.SCR - Deleted C:\Documents and Settings\JEAN-LUC\ie_updates3r.exe - Deleted C:\Program Files\Internet Explorer\setupapi.dll - Deleted C:\WINDOWS\lsass.exe - Deleted C:\WINDOWS\msserv.config - Deleted C:\WINDOWS\msvbs32.dll - Deleted C:\WINDOWS\system32\kr_done1 - Deleted C:\WINDOWS\system32\msvcrtd.exe - Deleted C:\WINDOWS\system32\svchost.t__ - Deleted C:\WINDOWS\system32\svcp.csv - Deleted C:\WINDOWS\system32\systems.exe - Deleted C:\WINDOWS\system32\winsub.xml - Deleted C:\WINDOWS\wpcjmd.log - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-12 16:07:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "F:\\eChanblard\\emule.exe"="F:\\eChanblard\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\systems.exe"="C:\\WINDOWS\\system32\\systems.exe:*:Enabled:system" "C:\\WINDOWS\\lsass.exe"="C:\\WINDOWS\\lsass.exe:*:Enabled:system" "C:\\WINDOWS\\regadd.exe"="C:\\WINDOWS\\regadd.exe:*:Enabled:system" "C:\\WINDOWS\\tk.exe"="C:\\WINDOWS\\tk.exe:*:Enabled:system" "C:\\WINDOWS\\tl.exe"="C:\\WINDOWS\\tl.exe:*:Enabled:system" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\DOCUME~1\JEAN-LUC\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 12 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 26 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Wed 25 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7333946973f87a4fdf879a85eeae256b\BIT7D.tmp" Finished! catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-12 16:07:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0