hubert40

Merci quand même c'est sympa d'avoir essayé. Amicalement

Merci de ta sollicitude, mais ce lien m'a été transmis pour que je puisse consulter mon dossier par Internet. C'est donc un lien sûr. Par contre, même en le collant dans la barre d'adresse, j'obtiens "erreur de chargement de la page" systématiquement Sur ma Livebox, dans les paramètres avancés, il y a un onglet DynDNS, mais pour le configurer il faudrait que j'aie des paramètres que je n'ai pas... et je ne sais pas si cela servirait à quelque chose dans mon cas.

Bonjour tous le monde, J'ai reçu un mail avec un lien : http://adresse.dyndns.org/index.php?id=3&pass=xxxxxxxxxx. Lorsque je clique sur ce lien pour accéder au dossier, j'ai la réponse:"La connexion avec le serveur a été réinitialisée pendant le chargement de la page.". Pouvez-vous m'expliquer s'il vous plaît comment faire pour avoir accés à ce lien. Par avance je vous en remercie.

Bonsoir Apollo Tout d'abord merci de ton aide. J'ai enfin fini de faire les opérations que tu m'as dites. J'ai installé la dernière version de Java 6.0 update 13. J'ai fait le scan en ligne chez Kaspersky qui n'a rien trouvé. Donc je pense comme toi que le problème vient soit de l'optimisation soit des limites de ma config. Peut-être que 1Go de RAM sont un peu juste? J'attends ton opinion pour clore le sujet et poster sur le forum optimisation. Merci. Cordialement, Hubert

Bonjour, J'ai fait le pré-nettoyage de mon PC avec AVG MBAM et Spybot, j'ai passé Hijackthis je colle le log ci-dessous. Pouvez-vous m'aider s'il vous plaît? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:28:21, on 09/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Hubert\Bureau\HiJackThis(2).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE06796-A976-4129-B515-73557D15BF9D}: NameServer = 192.168.1.1 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Protection Trend Micro contre les programmes espions (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 6850 bytes Merci d'avance au lanceur de bouée

Bonsoir, J'ai à nouveau fixé la ligne O24. Je vous remercie de votre aide très précieuse. Maintenant que dois-je faire pour marquer le post résolu? Cordialement, Hubert

Bonjour, Voilà le log de hijack. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:43:10, on 16/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://77.74.48.108/r_cmtp?u=http%3A%2F%2F...&rid=147389 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer = 192.168.1.1 O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 4318 bytes Merci.

Voila je viens de fixer les lignes avec hijackthis. Je vais devoir m'absenter jusqu'en fin d'après-midi. merci de votre aide à tout à l'heure.

Voila je viens de terminer smitfraudfix en nettoyage je poste le rapport et je passe hijack. SmitFraudFix v2.403 Rapport fait à 11:07:16,61, 15/03/2009 Executé à partir de C:\Documents and Settings\Boss\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ... »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin merci

Bonjour, Voila le rapport de recherche smitfraudfix. SmitFraudFix v2.403 Rapport fait à 10:57:24,65, 15/03/2009 Executé à partir de C:\Documents and Settings\Boss\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Boss\Bureau\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Boss »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Boss\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Boss\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Boss\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=dword:00000001 "Appinit_Dlls"="c:\\windows\\system32\\yuweveyo.dll c:\\windows\\system32\\debeviva.dll pwrnzo.dll c:\\windows\\system32\\ziluyuda.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Merci de votre aide.

Bonsoir, voilà le dernier Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:35:25, on 14/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://77.74.48.108/r_cmtp?u=http%3A%2F%2F...&rid=147389 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer = 192.168.1.1 O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 4777 bytes Merci

Log OTmoveit ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== c:\windows\system32\pgbtrjtyitue.dll-uninst.exe moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"HonorAutoRunSetting"|dword:00000001 /E : value set successfully! ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Boss\LOCALS~1\Temp\etilqs_QaKUzj460Ps0aLA7B5Z3 scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. File delete failed. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03142009_185451 Files moved on Reboot... File C:\DOCUME~1\Boss\LOCALS~1\Temp\etilqs_QaKUzj460Ps0aLA7B5Z3 not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\urlclassifier3.sqlite moved successfully. File C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\urlclassifier3.sqlite-journal not found! C:\Documents and Settings\Boss\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1ucdw1e.default\XUL.mfl moved successfully. .

Voilà pour toolbar option 2 à la fin malwarebytes. -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : mobile AMD Athlon XP-M 2800+ ) BIOS : Version 1.00 USER : Boss ( Administrator ) BOOT : Fail-safe boot Antivirus : Trend Micro PC-cillin Internet Security 14 14.00.1487 (Activated) Firewall : Trend Micro PC-cillin Internet Security (Firewall) 14 (Activated) C:\ (Local Disk) - NTFS - Total:17 Go (Free:12 Go) D:\ (Local Disk) - NTFS - Total:19 Go (Free:19 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 14/03/2009|17:35 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\VVSN -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 14/03/2009|14:47 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 14/03/2009|14:52 - Option : [1] 3 - "C:\ToolBar SD\TB_3.txt" - 14/03/2009|17:36 - Option : [2] MALWAREBYTES Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1845 Windows 5.1.2600 Service Pack 3 14/03/2009 18:23:58 mbam-log-2009-03-14 (18-23-58).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 89738 Temps écoulé: 27 minute(s), 12 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Voilà les 2 logs sont là. Merci de votre aide.

Bonjour Pear, Voila pour la receherche avec tool bar. Merci. -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : mobile AMD Athlon XP-M 2800+ ) BIOS : Version 1.00 USER : Boss ( Administrator ) BOOT : Fail-safe boot Antivirus : Trend Micro PC-cillin Internet Security 14 14.00.1487 (Activated) Firewall : Trend Micro PC-cillin Internet Security (Firewall) 14 (Activated) C:\ (Local Disk) - NTFS - Total:17 Go (Free:12 Go) D:\ (Local Disk) - NTFS - Total:19 Go (Free:19 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 14/03/2009|14:52 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\VVSN -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 14/03/2009|14:47 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 14/03/2009|14:52 - Option : [1]

Bonjour Pear , merci de bien vouloir reprendre ton aide. ci-dessous le log puis l'info. LOG Logfile of random's system information tool 1.05 (written by random/random) Run by Boss at 2009-03-13 19:00:37 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 13 GB (73%) free of 18 GB Total RAM: 191 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:01:38, on 13/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Boss\Bureau\RSIT.exe C:\Program Files\Hijackthis\Boss.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://77.74.48.108/r_cmtp?u=http%3A%2F%2F...&rid=147389 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8dbc2f2c-ac54-4999-afc5-bb0dfdd53084} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {E94E33AA-3BBF-8393-B117-6EBAA1EB6563} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F921C58-D7BF-490F-9F15-ABB968402ACC}: NameServer = 192.168.1.1 O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 5528 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbc2f2c-ac54-4999-afc5-bb0dfdd53084}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E94E33AA-3BBF-8393-B117-6EBAA1EB6563}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {D0943516-5076-4020-A3B5-AEFAF26AB263} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-24 2652056] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [2005-08-26 36975] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "G:\OUTILS\Incredimail\incredimail_install.exe"="G:\OUTILS\Incredimail\incredimail_install.exe:*:Enabled:IncrediMail Installer" "C:\Documents and Settings\Enfants\Bureau\MusicS\eMule\emule.exe"="C:\Documents and Settings\Enfants\Bureau\MusicS\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\WINDOWS\system32\drwtsn32.exe"="C:\WINDOWS\system32\drwtsn32.exe:*:Enabled:drwtsn32" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32" "C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe:*:Enabled:HelpSvc" "C:\WINDOWS\system32\2n454N7a.exe"="C:\WINDOWS\system32\2n454N7a.exe:*:Enabled:2n454N7a" "D:\Program Files\Logitech\Video\AlbumDB2.exe"="D:\Program Files\Logitech\Video\AlbumDB2.exe:*:Enabled:AlbumDB2" "D:\Program Files\Logitech\Video\FxSvr2.exe"="D:\Program Files\Logitech\Video\FxSvr2.exe:*:Enabled:FxSvr2" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore" "C:\Program Files\Trend Micro\Internet Security 14\PCClient.exe"="C:\Program Files\Trend Micro\Internet Security 14\PCClient.exe:*:Enabled:pcclient" "C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe"="C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe:*:Enabled:NclUSBSrv" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\Windows Live Toolbar\msn_sl.exe"="C:\Program Files\Windows Live Toolbar\msn_sl.exe:*:Enabled:msn_sl" "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe:*:Enabled:WLLoginProxy" "C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:mshta" "C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt" "C:\Program Files\Trend Micro\Internet Security 14\pccmain.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccmain.exe:*:Enabled:PCCMAIN" "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:thunderbird" "C:\Program Files\Trend Micro\Internet Security 14\TMOAgent.exe"="C:\Program Files\Trend Micro\Internet Security 14\TMOAgent.exe:*:Enabled:TmoAgent" "C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-03-13 19:00:37 ----D---- C:\rsit 2009-03-13 18:53:55 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-13 16:47:59 ----A---- C:\WINDOWS\ntbtlog.txt 2009-03-05 19:13:43 ----D---- C:\Program Files\Reflex English 2009-03-05 19:13:08 ----D---- C:\Program Files\ViaVoice 2009-03-05 19:13:08 ----A---- C:\WINDOWS\system32\VVRtkReg.dll 2009-03-05 19:13:08 ----A---- C:\WINDOWS\system32\vvrtkclients.dll 2009-03-05 19:13:08 ----A---- C:\WINDOWS\system32\setresuk.dll 2009-03-05 19:13:08 ----A---- C:\WINDOWS\system32\roboex32.dll 2009-03-05 19:12:48 ----A---- C:\WINDOWS\system32\MSRD2X32.DLL 2009-03-05 19:12:48 ----A---- C:\WINDOWS\system32\msjet35.dll 2009-03-05 19:12:47 ----N---- C:\WINDOWS\system32\ddao35.dll 2009-03-05 19:12:47 ----A---- C:\WINDOWS\system32\vbar332.dll 2009-03-05 19:12:47 ----A---- C:\WINDOWS\system32\msjter35.dll 2009-03-05 19:12:47 ----A---- C:\WINDOWS\system32\msjt3032.dll 2009-03-05 19:12:47 ----A---- C:\WINDOWS\system32\msjint35.dll 2009-03-05 19:12:27 ----D---- C:\Program Files\XviD 2009-03-05 19:12:04 ----A---- C:\WINDOWS\system32\LMRTREND.dll 2009-03-05 19:12:00 ----A---- C:\WINDOWS\system32\dxtmsft3.dll 2009-03-05 19:11:54 ----A---- C:\WINDOWS\system32\unam4ie.exe 2009-03-05 19:11:47 ----A---- C:\WINDOWS\system32\vidx16.dll 2009-03-05 19:11:46 ----A---- C:\WINDOWS\system32\qcut.dll 2009-03-05 19:11:44 ----A---- C:\WINDOWS\system32\w95inf32.dll 2009-03-05 19:11:44 ----A---- C:\WINDOWS\system32\w95inf16.dll 2009-02-24 22:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-16 21:28:15 ----D---- C:\Program Files\VideoLAN 2009-02-15 16:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ ======List of files/folders modified in the last 1 months====== 2009-03-13 19:01:16 ----D---- C:\Program Files\Hijackthis 2009-03-13 19:01:06 ----D---- C:\WINDOWS\Prefetch 2009-03-13 19:00:40 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-13 18:56:38 ----D---- C:\Program Files\Mozilla Firefox 2009-03-13 18:56:03 ----D---- C:\WINDOWS\Temp 2009-03-13 18:55:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-03-13 18:54:34 ----D---- C:\WINDOWS 2009-03-13 16:48:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-13 15:48:31 ----D---- C:\WINDOWS\system32 2009-03-13 15:17:04 ----D---- C:\WINDOWS\Debug 2009-03-13 15:13:51 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-13 14:07:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-13 14:07:42 ----D---- C:\WINDOWS\system32\drivers 2009-03-13 14:05:15 ----HD---- C:\WINDOWS\inf 2009-03-13 14:05:03 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-13 14:02:52 ----D---- C:\Program Files\Windows Media Player 2009-03-13 14:02:51 ----RD---- C:\Program Files 2009-03-06 18:15:24 ----HD---- C:\Program Files\InstallShield Installation Information 2009-03-05 20:41:33 ----RSD---- C:\WINDOWS\Fonts 2009-03-05 20:41:33 ----D---- C:\Program Files\Fichiers communs 2009-03-05 19:11:54 ----D---- C:\WINDOWS\Help 2009-02-27 18:52:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-25 13:24:35 ----D---- C:\Program Files\PC Tools Firewall Plus 2009-02-24 22:19:23 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-15 16:06:18 ----D---- C:\Program Files\Internet Explorer 2009-02-15 16:05:08 ----D---- C:\WINDOWS\ie7updates 2009-02-15 16:02:58 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-14 18:39:47 ----D---- C:\Program Files\Mozilla Thunderbird ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-09-12 68608] R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys [] R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-09-12 1939328] R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-11-26 205328] R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-11-26 36368] R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\VsapiNT.sys [2008-11-26 1195384] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-04-24 41984] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-08-04 126686] R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys [] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 215040] R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408] R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-08-04 404990] R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-08-04 13240] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2003-11-17 118144] R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2003-10-03 411008] S3 catchme;catchme; \??\C:\DOCUME~1\Boss\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-08-04 1309184] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-08-04 180360] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-08-04 95424] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800] R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe [] S4 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe [] S4 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe [] S4 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe [] -----------------EOF----------------- INFO.TXT info.txt logfile of random's system information tool 1.05 2009-03-13 19:01:43 ======Uninstall list====== -->"C:\Program Files\ViaVoice\Bin\vunUK.exe" ProdRunControl Dc En_UK 'IBM ViaVoice™ Command and Control Runtime' C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ViaVoice\RtCmnd_UK.isu" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Data Access Objects (DAO) 3.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Microsoft Shared\DAO\Uninst.isu" Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D} HijackThis 2.0.2-->"C:\Program Files\Hijackthis\HijackThis.exe" /uninstall IBM ViaVoice Command and Control Runtime 7.0 - UK English-->"C:\Program Files\ViaVoice\Bin\vunUK.exe" ProdRunControl Dc En_UK 'IBM ViaVoice™ Command and Control Runtime' C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ViaVoice\RtCmnd_UK.isu" J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929} Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585} PC Tools Firewall Plus 5.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG Search Assistant Mysidesearch-->C:\WINDOWS\system32\pgbtrjtyitue.dll-uninst.exe Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Trend Micro PC-cillin Internet Security 14-->MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6} UniChrome Graphics Driver and Utilities-->C:\PROGRA~1\S3Inc\S3\s3setvga.exe -s -fC:\PROGRA~1\S3Inc\S3\S3.uns VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu" VLC media player 0.9.8a-->c:\Program Files\VideoLAN\VLC\uninstall.exe Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe" ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com ======Security center information====== AV: Avira AntiVir PersonalEdition Classic AV: Trend Micro PC-cillin Internet Security 14 FW: PC Tools Firewall Plus FW: Trend Micro PC-cillin Internet Security (Firewall) System event log Computer Name: ANNESO Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 37331 Source Name: EventLog Time Written: 20090120181453.000000+060 Event Type: Informations User: Computer Name: ANNESO Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 37330 Source Name: EventLog Time Written: 20090120181327.000000+060 Event Type: Informations User: Computer Name: ANNESO Event Code: 4201 Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{7F921C58-D7BF-490F-9F15-ABB968402ACC} était connectée au réseau, et a lancé une opération normale sur la carte réseau. Record Number: 37329 Source Name: Tcpip Time Written: 20090120180525.000000+060 Event Type: Informations User: Computer Name: ANNESO Event Code: 7036 Message: Le service Avira AntiVir Personal - Free Antivirus Guard est entré dans l'état : en cours d'exécution. Record Number: 37328 Source Name: Service Control Manager Time Written: 20090120180431.000000+060 Event Type: Informations User: Computer Name: ANNESO Event Code: 17 Message: AVGNTFLT successfully loaded Record Number: 37327 Source Name: avgntflt Time Written: 20090120180424.000000+060 Event Type: Informations User: Application event log Computer Name: ANNESO Event Code: 101 Message: MSNMSGR (4076) Le moteur de base de données est arrêté. Record Number: 4833 Source Name: ESENT Time Written: 20080927183437.000000+120 Event Type: Informations User: Computer Name: ANNESO Event Code: 103 Message: MSNMSGR (4076) \\.\C:\Documents and Settings\Enfants\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_BA74_CA2C_74C9_EB69\dfsr.db: Le moteur de base de données a arrêté une instance (0). Record Number: 4832 Source Name: ESENT Time Written: 20080927183437.000000+120 Event Type: Informations User: Computer Name: ANNESO Event Code: 102 Message: MSNMSGR (4076) \\.\C:\Documents and Settings\Enfants\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_BA74_CA2C_74C9_EB69\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0). Record Number: 4831 Source Name: ESENT Time Written: 20080927183242.000000+120 Event Type: Informations User: Computer Name: ANNESO Event Code: 100 Message: MSNMSGR (4076) Le moteur de base de données 5.01.2600.2780 est démarré. Record Number: 4830 Source Name: ESENT Time Written: 20080927183242.000000+120 Event Type: Informations User: Computer Name: ANNESO Event Code: 101 Message: MSNMSGR (4076) Le moteur de base de données est arrêté. Record Number: 4829 Source Name: ESENT Time Written: 20080927183148.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- Merci pour ton interprétation.