bossard

Malheureusement je n'ai même pas accès à l'invite de commande !!! Je ne sais pas comment faire !! Merci de votre aide

Bonsoir à tous, je vous sollicite car j'ai un gros problème avec le pc portable Toshiba satellite L670 de mes beaux parents. Après une réinstall de seven intégral, j'ai eu la mauvaise surprise de constater que les drivers de toshiba avaient tous sauté, donc j'ai tout réinstallé + install de avast et le lendemain en allumant le pc, image d'accueil de toshiba puis écran noir avec curseur blanc qui clignote en haut à gauche. J'ai éteint puis rallumé et depuis plus d'image du logo toshiba, j'arrive direct sur écran noir avec le curseur qui clignote. Suivant les instructions de toshiba, j'ai fait la manip d'allumage sans la batterie en restant appuyé 30 secondes sur le bouton d'allumage ....... mais rien. J'ai testé le branchement VGA sur un autre écran mais rien ne change toujours le curseur qui clignote. J'ai essayé de rebooter avec un vieux cd qu'il me restait de windows xp mais toujours rien. Le pc rest invariablement sur cette écran noir et cursuer qui clignote. Je sollicite votre aide car je ne sais plus quoi faire en sachant que j'ai l'impression de ne pouvoir accèder à rien même pas au bios. Il s'agit d'un toshiba satellite L670 avec un processeur intel core i3 et 4go de ram je crois. Merci d'avance de votre aide, Nico

merci beaucoup, je vais essayer tout ça !! Mais pour le moment pc toujours aussi lent, je trouve ça bizzard vu la ram et le processeur tout le monde me dis qu'il devrait super bien tourner. tchao

Salut Thanos !! J'étais en déplacement et je viens de rentrer. J'ai pu voir tes recommandations sur les derniers posts et je viens de les exécuter, voici le rapport antivir en mode sans échec: Avira AntiVir Personal Report file date: dimanche 14 septembre 2008 15:07 Scanning for 1612438 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Admin Computer name: XPSP2-05E998A8C Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 12:46:46 ANTIVIR3.VDF : 7.0.6.154 2048 Bytes 12/09/2008 12:46:47 Engineversion : 8.1.1.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.70 319866 Bytes 14/09/2008 12:46:55 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.1 397683 Bytes 14/09/2008 12:46:54 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.23 196987 Bytes 14/09/2008 12:46:53 AEHEUR.DLL : 8.1.0.51 1397111 Bytes 14/09/2008 12:46:52 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 14/09/2008 12:46:50 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 14/09/2008 12:46:49 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 14/09/2008 12:46:47 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: dimanche 14 septembre 2008 15:07 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '48' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Admin\Mes documents\Mes images\about.Brontok.A.html [DETECTION] Contains recognition pattern of the WORM/Bro.1 worm [NOTE] The file was moved to '493c0dc3.qua'! C:\WINDOWS\system32\cmdow.exe [DETECTION] Contains recognition pattern of the SPR/HideWindows.I program [NOTE] The file was moved to '49311260.qua'! Begin scan in 'D:\' End of the scan: dimanche 14 septembre 2008 16:02 Used time: 55:50 Minute(s) The scan has been done completely. 6056 Scanning directories 234033 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 234030 Files not concerned 1915 Archives were scanned 1 Warnings 2 Notes Voici le second rapport antivir au redémarrage: Avira AntiVir Personal Report file date: dimanche 14 septembre 2008 20:06 Scanning for 1612438 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: XPSP2-05E998A8C Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 12:46:46 ANTIVIR3.VDF : 7.0.6.154 2048 Bytes 12/09/2008 12:46:47 Engineversion : 8.1.1.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.70 319866 Bytes 14/09/2008 12:46:55 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.1 397683 Bytes 14/09/2008 12:46:54 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.23 196987 Bytes 14/09/2008 12:46:53 AEHEUR.DLL : 8.1.0.51 1397111 Bytes 14/09/2008 12:46:52 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 14/09/2008 12:46:50 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 14/09/2008 12:46:49 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 14/09/2008 12:46:47 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: dimanche 14 septembre 2008 20:06 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 28 processes with 28 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '51' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{DB7F9FFF-A601-4E6A-B6D0-85451A2A6AE2}\RP41\A0011546.exe [DETECTION] Contains recognition pattern of the SPR/HideWindows.I program [NOTE] The file was moved to '48fd56c5.qua'! Begin scan in 'D:\' End of the scan: dimanche 14 septembre 2008 20:36 Used time: 29:23 Minute(s) The scan has been done completely. 6259 Scanning directories 241617 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 241615 Files not concerned 2051 Archives were scanned 1 Warnings 1 Notes et ebfin le rapport hisjackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:19, on 14/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Admin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_3_0_0_29.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6114 bytes qu'en dis tu? et encore merci pour ton aide!!

Et maintenant voici le rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:21:25, on 09/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\ATKKBService.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Admin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe" O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> O1 - Hosts: <html><head> O1 - Hosts: <title>404 Not Found</title> O1 - Hosts: </head><body> O1 - Hosts: <h1>Not Found</h1> O1 - Hosts: <p>The requested URL /News/cmbrotlu3/Host16.css was not found on this server.</p> O1 - Hosts: <hr> O1 - Hosts: <address>Apache/2.0.54 (Unix) DAV/2 PHP/4.3.11 Server at www.20mbweb.com Port 80</address> O1 - Hosts: </body></html> O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_3_0_0_29.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9176 bytes ça me désespère un peu ce virus.

Voici le rapport pour diaghelp, et ça me rassure pas vraiment car mon pc tourne de plus en plus lentement, bref voici le rapport: DiagHelp version v1.4 - http://www.malekal.com excute le 09/09/2008 à 17:07:14,48 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->09/09/2008 17:06:42 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->09/09/2008 17:06:35 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->09/09/2008 17:06:14 C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf -->09/09/2008 17:00:19 C:\WINDOWS\prefetch\LULNCHR.EXE-1D2DBDC8.pf -->09/09/2008 16:57:41 C:\WINDOWS\prefetch\LOGITECHUPDATE.EXE-2FAF519E.pf -->09/09/2008 16:57:41 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->09/09/2008 16:57:00 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->09/09/2008 16:56:57 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->09/09/2008 16:56:33 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->09/09/2008 16:56:32 C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->08/09/2008 00:11:08 C:\WINDOWS\System32\drivers\mbam.sys -->08/09/2008 00:11:02 C:\WINDOWS\System32\drivers\RtkHDAud.sys -->06/08/2008 17:12:10 C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42 C:\WINDOWS\System32\drivers\aswmon2.sys -->19/07/2008 16:37:21 C:\WINDOWS\System32\drivers\aswSP.sys -->19/07/2008 16:35:18 C:\WINDOWS\System32\drivers\aswRdr.sys -->19/07/2008 16:33:42 C:\WINDOWS\System32\nvapps.xml -->09/09/2008 16:55:25 C:\WINDOWS\System32\PerfStringBackup.INI -->08/09/2008 23:00:55 C:\WINDOWS\System32\perfh00C.dat -->08/09/2008 23:00:55 C:\WINDOWS\System32\perfh009.dat -->08/09/2008 23:00:55 C:\WINDOWS\System32\perfc00C.dat -->08/09/2008 23:00:55 C:\WINDOWS\System32\perfc009.dat -->08/09/2008 23:00:55 C:\WINDOWS\System32\wpa.dbl -->08/09/2008 18:55:41 C:\WINDOWS\System32\CONFIG.NT -->18/08/2008 02:38:14 C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->12/08/2008 11:48:21 C:\WINDOWS\System32\dsm_fr.qm -->06/08/2008 00:02:16 C:\WINDOWS\System32\divxsm.tlb -->06/08/2008 00:02:16 C:\WINDOWS\System32\DivXsm.exe -->06/08/2008 00:02:16 C:\WINDOWS\System32\qt-dx331.dll -->06/08/2008 00:02:12 C:\WINDOWS\System32\pxwave.dll -->06/08/2008 00:02:08 C:\WINDOWS\System32\pxsfs.dll -->06/08/2008 00:02:08 C:\WINDOWS\System32\pxmas.dll -->06/08/2008 00:02:08 C:\WINDOWS\System32\pxhpinst.exe -->06/08/2008 00:02:08 C:\WINDOWS\System32\pxdrv.dll -->06/08/2008 00:02:08 C:\WINDOWS\System32\vxblock.dll -->06/08/2008 00:02:06 C:\WINDOWS\System32\pxinsi64.exe -->06/08/2008 00:02:06 C:\WINDOWS\System32\pxinsa64.exe -->06/08/2008 00:02:06 C:\WINDOWS\System32\pxcpyi64.exe -->06/08/2008 00:02:06 C:\WINDOWS\System32\pxcpya64.exe -->06/08/2008 00:02:06 C:\WINDOWS\System32\pxafs.dll -->06/08/2008 00:02:06 C:\WINDOWS\System32\px.dll -->06/08/2008 00:02:06 C:\WINDOWS\WindowsUpdate.log -->09/09/2008 16:55:37 C:\WINDOWS\wiadebug.log -->09/09/2008 16:55:37 C:\WINDOWS\0.log -->09/09/2008 16:55:37 C:\WINDOWS\wiaservc.log -->09/09/2008 16:55:36 C:\WINDOWS\bootstat.dat -->09/09/2008 16:55:18 C:\WINDOWS\SchedLgU.Txt -->09/09/2008 01:01:06 C:\WINDOWS\NeroDigital.ini -->08/09/2008 23:12:03 C:\WINDOWS\AS_Debug.txt -->27/08/2008 23:56:05 C:\WINDOWS\nsreg.dat -->27/08/2008 23:30:41 C:\WINDOWS\HideWin.exe -->25/08/2008 22:43:24 C:\WINDOWS\RTHDCPL.exe -->31/07/2008 15:05:30 C:\WINDOWS\RtlExUpd.dll -->29/07/2008 15:42:04 C:\WINDOWS\RtlUpd.exe -->15/07/2008 13:47:22 C:\WINDOWS\alcwzrd.exe -->19/06/2008 16:42:44 C:\WINDOWS\RTLCPL.exe -->19/06/2008 16:27:46 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Unsigned tcpip.sys Verified: Unsigned ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 488 Command line: Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe" Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2649 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll 0x10100000 0xe000 4.60.0122.0000 C:\Program Files\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x10000000 0x6000 6.01.0004.0068 C:\DOCUME~1\Admin\LOCALS~1\Temp\IadHide4.dll 0x01920000 0x1b000 11.05.0000.1158 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll 0x014b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x021e0000 0x12000 1.01.0000.0000 C:\Documents and Settings\Admin\Bureau\secours\Malwarebytes' Anti-Malware\mbamext.dll 0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll 0x5a500000 0x50000 8.05.1302.1018 C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll 0x02330000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x024b0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x096c0000 0x7b000 5.02.3802.3802 C:\WINDOWS\system32\Audiodev.dll 0x086d0000 0x246000 10.00.0000.3802 C:\WINDOWS\system32\WMVCore.DLL 0x070d0000 0x3a000 10.00.0000.3802 C:\WINDOWS\system32\WMASF.DLL 0x02650000 0x187000 1.06.0000.0012 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x02d00000 0x29000 C:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll 0x02d90000 0xb000 C:\Program Files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll 0x02dc0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02e20000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x01120000 0xe000 C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll 0x01140000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x02b20000 0x54000 1.00.0000.0000 C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll 0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 1092 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2649 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x12000 4.60.0122.0000 c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 0x01200000 0x24000 4.60.0122.0000 c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4C4E-D171 Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 36 402 143 232 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4C4E-D171 Répertoire de C:\WINDOWS\Downloaded Program Files 23/08/2008 01:01 <REP> . 23/08/2008 01:01 <REP> .. 16/05/2008 21:14 65 desktop.ini 14/05/2008 14:58 1 570 hardwaredetection.inf 2 fichier(s) 1 635 octets Total des fichiers listés : 2 fichier(s) 1 635 octets 2 Rép(s) 36 402 135 040 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 activexupdate.com 127.0.0.1 www.activexupdate.com 127.0.0.1 www.antispywareupdates.net 127.0.0.1 antispywareupdates.net 127.0.0.1 avpcheckupdate.com 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.flwupdate.com 127.0.0.1 flwupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.movupdate.com 127.0.0.1 movupdate.com 127.0.0.1 www.mpegupdate.com 127.0.0.1 mpegupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 necessaryupdates.com 127.0.0.1 www.necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 www.registryupdate.org 127.0.0.1 registryupdate.org 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 securityupdatesite.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 update.shareaza.com 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.updatesantivirus.com 127.0.0.1 updatesantivirus.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-09 17:07:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 264 - ashServ.exe 376 - ATKKBService.ex 488 - explorer.exe 776 - rundll32.exe 824 - ashDisp.exe 984 - csrss.exe 988 - backWeb-8876480 1016 - Communications_ 1024 - Quickcam.exe 1056 - RTHDCPL.exe 1072 - ctfmon.exe 1092 - winlogon.exe 1136 - services.exe 1148 - lsass.exe 1276 - TeaTimer.exe 1316 - svchost.exe 1364 - svchost.exe 1476 - SetPoint.exe 1508 - svchost.exe 1536 - LVPrcSrv.exe 1576 - spoolsv.exe 1664 - svchost.exe 1968 - KHALMNPR.exe 2040 - aawservice.exe 2092 - LVComSer.exe 2164 - nvsvc32.exe 2616 - ashMaiSv.exe 2740 - ashWebSv.exe 2852 - alg.exe 3180 - LVComSer.exe 3480 - COCIManager.exe 3780 - cmd.exe 4048 - IEXPLORE.EXE Total number of processes = 34 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806FD000 - \WINDOWS\system32\hal.dll F7987000 - \WINDOWS\system32\KDCOM.DLL F7897000 - \WINDOWS\system32\BOOTVID.dll F7437000 - ACPI.sys F7989000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F7426000 - pci.sys F7487000 - isapnp.sys F7497000 - ohci1394.sys F74A7000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7A4F000 - pciide.sys F7707000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F74B7000 - MountMgr.sys F7407000 - ftdisk.sys F798B000 - dmload.sys F73E1000 - dmio.sys F770F000 - PartMgr.sys F74C7000 - VolSnap.sys F73C9000 - atapi.sys F74D7000 - jraid.sys F73B1000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F74E7000 - disk.sys F74F7000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7392000 - fltMgr.sys F7380000 - sr.sys F7507000 - PxHelp20.sys F7369000 - KSecDD.sys F72DC000 - Ntfs.sys F72AF000 - NDIS.sys F7294000 - Mup.sys F798D000 - JGOGO.sys F76E7000 - \SystemRoot\system32\DRIVERS\intelppm.sys F68DB000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F68C7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F68A2000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F685B000 - \SystemRoot\system32\DRIVERS\yk51x86.sys F77B7000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F6838000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F77BF000 - \SystemRoot\system32\DRIVERS\usbehci.sys F76F7000 - \SystemRoot\system32\DRIVERS\nic1394.sys F79A1000 - \SystemRoot\system32\DRIVERS\ASACPI.sys F7577000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F795F000 - \SystemRoot\system32\DRIVERS\L8042Kbd.sys F77C7000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F6CE7000 - \SystemRoot\system32\DRIVERS\L8042mou.Sys F6826000 - \SystemRoot\system32\DRIVERS\LMouKE.Sys F77CF000 - \SystemRoot\system32\DRIVERS\mouclass.sys F6815000 - \SystemRoot\system32\DRIVERS\serial.sys F7963000 - \SystemRoot\system32\DRIVERS\serenum.sys F6CD7000 - \SystemRoot\system32\DRIVERS\imapi.sys F6CC7000 - \SystemRoot\system32\DRIVERS\cdrom.sys F6CB7000 - \SystemRoot\system32\DRIVERS\redbook.sys F67F2000 - \SystemRoot\system32\DRIVERS\ks.sys F796B000 - \SystemRoot\system32\drivers\atkkbnt.sys F7A7B000 - \SystemRoot\system32\DRIVERS\audstub.sys F6CA7000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F796F000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F67B3000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F6C97000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F6C87000 - \SystemRoot\system32\DRIVERS\raspptp.sys F77D7000 - \SystemRoot\system32\DRIVERS\TDI.SYS F67A2000 - \SystemRoot\system32\DRIVERS\psched.sys F6C77000 - \SystemRoot\system32\DRIVERS\msgpc.sys F77DF000 - \SystemRoot\system32\DRIVERS\ptilink.sys F77E7000 - \SystemRoot\system32\DRIVERS\raspti.sys F6771000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F6C67000 - \SystemRoot\system32\DRIVERS\termdd.sys F79A3000 - \SystemRoot\system32\DRIVERS\swenum.sys F673D000 - \SystemRoot\system32\DRIVERS\update.sys F726C000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F6C57000 - \SystemRoot\System32\Drivers\NDProxy.SYS F411E000 - \SystemRoot\system32\drivers\RtkHDAud.sys F40FC000 - \SystemRoot\system32\drivers\portcls.sys F7587000 - \SystemRoot\system32\drivers\drmk.sys F7597000 - \SystemRoot\system32\DRIVERS\usbhub.sys F79AF000 - \SystemRoot\system32\DRIVERS\USBD.SYS F79B1000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7A72000 - \SystemRoot\System32\Drivers\Null.SYS F79B3000 - \SystemRoot\System32\Drivers\Beep.SYS F7817000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F781F000 - \SystemRoot\System32\drivers\vga.sys F79B5000 - \SystemRoot\System32\Drivers\mnmdd.SYS F79B7000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7827000 - \SystemRoot\System32\Drivers\Msfs.SYS F782F000 - \SystemRoot\System32\Drivers\Npfs.SYS F67DA000 - \SystemRoot\system32\DRIVERS\rasacd.sys F4079000 - \SystemRoot\system32\DRIVERS\ipsec.sys F4021000 - \SystemRoot\system32\DRIVERS\tcpip.sys F75A7000 - \SystemRoot\System32\Drivers\aswTdi.SYS F3F60000 - \SystemRoot\system32\DRIVERS\ipnat.sys F3F38000 - \SystemRoot\system32\DRIVERS\netbt.sys F75B7000 - \SystemRoot\system32\DRIVERS\wanarp.sys F3F16000 - \SystemRoot\System32\drivers\afd.sys F75C7000 - \SystemRoot\system32\DRIVERS\arp1394.sys F75D7000 - \SystemRoot\system32\DRIVERS\netbios.sys F3EEB000 - \SystemRoot\system32\DRIVERS\rdbss.sys F3E7C000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F75E7000 - \SystemRoot\System32\Drivers\Fips.SYS F3E65000 - \SystemRoot\System32\Drivers\aswSP.SYS F783F000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F7607000 - \SystemRoot\System32\Drivers\Cdfs.SYS F3E12000 - \SystemRoot\system32\DRIVERS\RTL8187.sys F3DFA000 - \SystemRoot\System32\Drivers\dump_atapi.sys F79B9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F40F4000 - \SystemRoot\System32\drivers\Dxapi.sys F784F000 - \SystemRoot\System32\watchdog.sys BF9C2000 - \SystemRoot\System32\drivers\dxg.sys F7AF5000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D4000 - \SystemRoot\System32\atkdisp.dll BFA0F000 - \SystemRoot\System32\nv4_disp.dll F785F000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys BAD04000 - \SystemRoot\system32\DRIVERS\ndisuio.sys BA2A2000 - \SystemRoot\System32\Drivers\aswMon2.SYS B96A5000 - \SystemRoot\system32\drivers\wdmaud.sys B975A000 - \SystemRoot\system32\drivers\sysaudio.sys B947A000 - \??\C:\WINDOWS\system32\drivers\EIO.sys B91AA000 - \SystemRoot\system32\DRIVERS\srv.sys F7857000 - \SystemRoot\system32\DRIVERS\LVPr2Mon.sys B8FD6000 - \SystemRoot\System32\Drivers\aswRdr.SYS B8110000 - \SystemRoot\system32\drivers\kmixer.sys F7BA9000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 122 Liste des programmes installes Ad-Aware Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player ActiveX Adobe Reader 8.1.2 - Français Adobe Reader 8.1.2 Security Update 1 (KB403742) Apple Software Update Archiveur WinRAR Assistant de connexion Windows Live ASUS Enhanced Display Driver ASUS nVIDIA Driver AutoUpdate avast! Antivirus CCleaner (remove only) CDDRV_Installer Coffret de pilotes Logitech QuickCam Combined Community Codec Pack 2008-01-24 DivX Codec EPSON CardMonitor EPSON Copy Utility 3 EPSON Logiciel imprimante EPSON PhotoQuicker3.5 EPSON PhotoStarter3.1 EPSON PRINT Image Framer Tool2.1 EPSON Scan EPSON Smart Panel EPSON Web-To-Page ESPRX420 Guide de réf. ESPRX420 Guide des logiciels freeBrowser 0.9.0 Freeplayer Galerie de photos Windows Live Google Desktop High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Java 6 Update 4 Java 6 Update 5 Java 6 Update 7 JRAID KhalInstallWrapper Lecteur Windows Media 10 LimeWire 4.18.3 Logitech Desktop Messenger Logitech QuickCam Logitech SetPoint Malwarebytes' Anti-Malware Marvell Miniport Driver MediaLife Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Mise à jour pour Windows XP (KB898461) Mozilla Firefox (3.0.1) Nero Suite NVIDIA Drivers PhotoImpression 5 PIF DESIGNER2.1 QuickTime REALTEK GbE & FE Ethernet PCI NIC Driver Realtek High Definition Audio Driver ScanToWeb Skype™ 3.8 Spybot - Search & Destroy WavePad Sound Editor WebFldrs XP Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Live installer Windows Live Mail Windows Live Messenger Windows Media Format Runtime XviD 1.1 final uninstall Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4C4E-D171 Répertoire de C:\Program Files 09/09/2008 00:01 <REP> . 09/09/2008 00:01 <REP> .. 02/07/2008 21:50 <REP> Adobe 17/05/2008 09:17 <REP> Ahead 16/05/2008 21:43 <REP> Alwil Software 15/06/2008 00:47 <REP> Apple Software Update 18/05/2008 12:17 <REP> ArcSoft 16/05/2008 21:31 <REP> ASUSTeK 09/07/2004 09:13 703 080 BDA.cab 19/07/2004 22:58 1 156 363 BDANT.cab 19/07/2004 22:53 976 020 BDAXP.cab 08/09/2008 23:16 <REP> CCleaner 09/06/2008 01:09 <REP> Combined Community Codec Pack 16/05/2008 21:12 <REP> ComPlus Applications 18/05/2008 12:30 <REP> CyberLink 09/07/2004 09:13 15 493 481 DirectX.cab 29/08/2008 19:39 <REP> DivX 09/07/2004 03:03 62 976 DSETUP.dll 09/07/2004 04:08 2 242 560 dsetup32.dll 09/07/2004 14:17 13 265 040 dxnt.cab 09/07/2004 04:08 472 576 dxsetup.exe 29/08/2008 19:38 <REP> eMule 18/05/2008 12:21 <REP> EPSON 29/08/2008 08:24 <REP> Fichiers communs 18/05/2008 12:06 <REP> freeBrowser 29/08/2008 19:38 <REP> Freeplayer 29/08/2008 19:38 <REP> Google 16/05/2008 21:23 <REP> Intel 18/05/2008 12:05 <REP> Internet Explorer 12/08/2008 11:48 <REP> Java 29/08/2008 08:24 <REP> Lavasoft 14/08/2008 21:42 <REP> LimeWire 25/08/2008 22:25 <REP> Logitech 17/05/2008 09:17 <REP> ma-config.com 22/07/2004 10:51 3 432 656 ManagedDX.CAB 17/05/2008 09:07 <REP> Marvell 16/05/2008 21:15 <REP> microsoft frontpage 17/05/2008 21:55 <REP> Microsoft Office 27/08/2008 18:23 <REP> Microsoft SQL Server Compact Edition 17/05/2008 21:55 <REP> Microsoft Visual Studio 17/05/2008 21:55 <REP> Microsoft Works 16/05/2008 21:15 <REP> movie maker 31/08/2008 20:55 <REP> Mozilla Firefox 17/05/2008 21:55 <REP> MSBuild 16/05/2008 21:15 <REP> msn gaming zone 29/08/2008 19:39 <REP> NCH Software 05/09/2008 23:19 <REP> NCH Swift Sound 16/05/2008 21:13 <REP> NetMeeting 27/08/2008 07:51 <REP> OpenOffice.org 2.4 16/05/2008 21:16 <REP> Outlook Express 15/06/2008 00:48 <REP> QuickTime 29/08/2008 19:38 <REP> Realtek 16/05/2008 21:13 <REP> Services en ligne 10/06/2008 20:20 <REP> Skype 18/05/2008 12:15 <REP> Smart Panel 29/08/2008 19:38 <REP> Spybot - Search & Destroy 09/09/2008 00:05 <REP> trend micro 24/08/2008 19:47 <REP> VideoLAN 27/08/2008 18:23 <REP> Windows Live 29/05/2008 01:05 <REP> Windows Media Player 16/05/2008 21:15 <REP> Windows NT 16/05/2008 21:46 <REP> WinRAR 16/05/2008 21:15 <REP> xerox 09/06/2008 23:08 <REP> XviD 9 fichier(s) 37 804 752 octets 55 Rép(s) 36 388 225 024 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4C4E-D171 Répertoire de C:\Program Files\fichiers communs 29/08/2008 08:24 <REP> . 29/08/2008 08:24 <REP> .. 27/05/2008 23:52 <REP> Adobe 17/05/2008 09:16 <REP> Ahead 17/05/2008 21:55 <REP> DESIGNER 16/05/2008 21:29 <REP> InstallShield 17/05/2008 16:46 <REP> Java 25/08/2008 22:30 <REP> LogiShrd 25/08/2008 22:29 <REP> Logitech 25/08/2008 22:30 <REP> Microsoft Shared 16/05/2008 21:13 <REP> MSSoap 17/05/2008 09:18 <REP> Nero 16/05/2008 23:08 <REP> ODBC 16/05/2008 21:13 <REP> Services 10/06/2008 20:20 <REP> Skype 16/05/2008 23:08 <REP> SpeechEngines 17/05/2008 21:53 <REP> System 29/08/2008 19:39 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 18 Rép(s) 36 388 225 024 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4C4E-D171 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 17/05/2008 21:53 <REP> . 17/05/2008 21:53 <REP> .. 17/05/2008 21:52 <REP> 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 4 fichier(s) 1 260 754 octets 3 Rép(s) 36 388 225 024 octets libres c:\Documents and Settings\Admin\Bureau\wpsetup.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Admin\Bureau\DiagHelp\tar.exe c:\Documents and Settings\Admin\Bureau\secours\Malwarebytes' Anti-Malware\mbam.exe c:\Documents and Settings\Admin\Bureau\secours\Malwarebytes' Anti-Malware\mbam-dor.exe c:\Documents and Settings\Admin\Bureau\secours\Malwarebytes' Anti-Malware\mbamservice.exe c:\Documents and Settings\Admin\Bureau\secours\Malwarebytes' Anti-Malware\mbamtrayctrl.exe c:\Documents and Settings\Admin\Bureau\secours\Malwarebytes' Anti-Malware\unins000.exe c:\Documents and Settings\Admin\Bureau\Site internet\GrabIt162b.exe c:\Documents and Settings\Admin\Bureau\Site internet\QuickPar-0.9.1.0-FRA.exe c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Z86ICPG4\RSIT[1].exe c:\Documents and Settings\Admin\Mes documents\id Software\Enemy Territory - QUAKE Wars Demo\ETQW-demo-client-2.0-full-setup.exe c:\Documents and Settings\Admin\Mes documents\Nico\CAPEPS (F)\Oral 2\Activités d'opposition et de coopération\Hand ball\hand.exe c:\Documents and Settings\Admin\Mes documents\Nico\CAPEPS (F)\Oral 2\APPN\escalade.exe c:\Documents and Settings\Admin\Mes documents\Nico\CAPEPS (F)\Oral 2\Fiches APS\Activités d'opposition et de coopération (sports collectifs)\Hand ball\hand.exe c:\Documents and Settings\Admin\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\VMSEF.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_XPSP2-05E998A8C.tar.gz a l'adresse http://upload.malekal.com

par contre random systeme, impossible à executer, il plante à chaque fois durant le téléchargement.

Voici le 1 er rapport de malware: Malwarebytes' Anti-Malware 1.27 Version de la base de données: 1130 Windows 5.1.2600 Service Pack 2 09/09/2008 00:02:30 mbam-log-2008-09-09 (00-02-30).txt Type de recherche: Examen rapide Eléments examinés: 42556 Temps écoulé: 1 minute(s), 54 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Merci, c'est cool !! je fais tout ça et je te dis ce que ça donne après. Je dis peut être une bêtise mais formater ça serait exagéré? Merci

merci pour ces recommandation mais le problème est que je ne peux lire cette page que durant une demi seconde puis elle se ferme toute seule!! quelles solutions dans ce sas de figure?

Bonjour, Bon bah voilà je reviens de l'étranger et je trouve mon pc avec cette affichage au démarrage, apparemment manquant, je ne sais pas trop ce que c'est. Je sais juste que j'ai déjà dégagé la dose de virus mais il y en a un "brontok" je crois qui revient souvent. On m'a dit que ça venait peut être d'msn mais ça m'avance pas vraiment, mon pc rame et ça me gave? Sinon j'ai avast comme antivirus. Merci pour votre aide.