bonjour
je viens de m inscrire et j ai le meme probleme que vous j ai l ecran bleu et vidage de la memoire physique

Bonjour,

- Télécharge HiJackThis de Merijn sur ton bureau.
- Renomme le fichier HiJackThis.exe en Scanner.exe pour cela, fais un clic droit sur le fichier HiJackThis.exe et choisis renommer dans la liste
- Tape Scanner.exe et Appuye sur la touche Entrée.
- Génère un rapport en suivant ces indications :
- Double-clic sur Scanner.exe
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -

Vas voir ta messagerie privée, je t'ai répondu.

Logfile of HijackThis v1.99.1
Scan saved at 18:03:02, on 28/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\XCSyncML.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Program Files\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\System32\XCSyncML.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

DiagHelp version v1.1.2 - http://www.malekal.com
excute le 29/07/2007 à 8:44:22,42


Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\cdralw2k.sys -->09/07/2007 21:07:48
C:\WINDOWS\System32/drivers\PxHelp20.sys -->09/07/2007 21:07:47
C:\WINDOWS\System32/drivers\cdr4_xp.sys -->09/07/2007 21:07:47
C:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55
C:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42
C:\WINDOWS\System32/drivers\aswRdr.sys -->30/04/2007 17:39:41
C:\WINDOWS\System32/drivers\aswTdi.sys -->30/04/2007 17:38:51

C:\WINDOWS\System32\FNTCACHE.DAT -->25/07/2007 20:11:48
C:\WINDOWS\System32\wpa.dbl -->25/07/2007 18:51:22
C:\WINDOWS\System32\ROXECDC6Inst.log -->12/07/2007 20:40:25
C:\WINDOWS\System32\dsm_fr.qm -->09/07/2007 21:07:53
C:\WINDOWS\System32\divxsm.tlb -->09/07/2007 21:07:53
C:\WINDOWS\System32\DivXsm.exe -->09/07/2007 21:07:53
C:\WINDOWS\System32\qt-dx331.dll -->09/07/2007 21:07:50
C:\WINDOWS\System32\pxwave.dll -->09/07/2007 21:07:48
C:\WINDOWS\System32\pxmas.dll -->09/07/2007 21:07:48
C:\WINDOWS\System32\pxhpinst.exe -->09/07/2007 21:07:48
C:\WINDOWS\System32\vxblock.dll -->09/07/2007 21:07:47
C:\WINDOWS\System32\pxsfs.dll -->09/07/2007 21:07:47
C:\WINDOWS\System32\pxinsi64.exe -->09/07/2007 21:07:47
C:\WINDOWS\System32\pxinsa64.exe -->09/07/2007 21:07:47
C:\WINDOWS\System32\pxdrv.dll -->09/07/2007 21:07:47
C:\WINDOWS\System32\pxcpyi64.exe -->09/07/2007 21:07:47
C:\WINDOWS\System32\pxcpya64.exe -->09/07/2007 21:07:47
C:\WINDOWS\System32\pxafs.dll -->09/07/2007 21:07:47
C:\WINDOWS\System32\px.dll -->09/07/2007 21:07:47
C:\WINDOWS\System32\ssldivx.dll -->09/07/2007 21:07:44
C:\WINDOWS\System32\libdivx.dll -->09/07/2007 21:07:44
C:\WINDOWS\System32\dtu100.dll -->09/07/2007 21:05:58
C:\WINDOWS\System32\dpl100.dll -->09/07/2007 21:05:58
C:\WINDOWS\System32\dpuGUI10.dll -->09/07/2007 21:05:57
C:\WINDOWS\System32\dpv11.dll -->09/07/2007 21:05:56


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1825-635B

Répertoire de C:\WINDOWS\system

23/12/1997 02:23 4 672 wowpost.exe
1 fichier(s) 4 672 octets
0 Rép(s) 5 738 786 816 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1825-635B

Répertoire de C:\WINDOWS\system32

28/08/2001 14:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 5 738 786 816 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1825-635B

Répertoire de C:\WINDOWS\Downloaded Program Files

16/07/2007 22:03 <REP> .
16/07/2007 22:03 <REP> ..
14/06/2006 20:47 65 desktop.ini
13/04/2007 15:27 367 LegitCheckControl.inf
31/03/2007 13:19 632 392 OberonGameHost.dll
31/03/2007 13:19 332 OberonGameHost_dbg.inf
11/06/2007 12:21 5 021 swflash.inf
11/08/2004 02:22 3 036 wmv9dmo.inf
30/06/2003 22:41 1 689 WMV9VCM.inf
7 fichier(s) 642 902 octets

Total des fichiers listés :
7 fichier(s) 642 902 octets
2 Rép(s) 5 738 786 816 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe"="C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe:*:Enabled:Communication service"
@=""

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

Rechercher adresses sensibles dans le fichier HOSTS...



catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 08:45:48
Windows 5.1.2600 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(3.zip 121036 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(30.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(53.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(57.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(66.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(75.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(84.zip 121038 bytes hidden from API

scan completed successfully
hidden files: 7


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
128 - ashMaiSv.exe
248 - TaskBarIcon.exe
316 - cmd.exe
320 - GestionnaireInt
412 - ComComp.exe
444 - Toaster.exe
452 - Inactivity.exe
460 - PollingModule.e
536 - ALERTM~1.EXE
620 - ashWebSv.exe
672 - csrss.exe
696 - winlogon.exe
740 - services.exe
752 - lsass.exe
928 - svchost.exe
952 - svchost.exe
1012 - svchost.exe
1052 - devldr32.exe
1160 - ashServ.exe
1344 - spoolsv.exe
1768 - explorer.exe
1988 - ashDisp.exe
1996 - ctfmon.exe
2016 - msnmsgr.exe
2188 - Watch.exe
2404 - emule.exe
3544 - WOOBrowser.exe

Total number of processes = 28
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B5000 - \WINDOWS\system32\hal.dll
F7BA9000 - \WINDOWS\system32\KDCOM.DLL
F7AB9000 - \WINDOWS\system32\BOOTVID.dll
F765C000 - ACPI.sys
F7BAB000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F76A9000 - pci.sys
F76B9000 - isapnp.sys
F7BAD000 - viaide.sys
F7929000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F76C9000 - MountMgr.sys
F763D000 - ftdisk.sys
F7BAF000 - dmload.sys
F7619000 - dmio.sys
F7931000 - PartMgr.sys
F76D9000 - VolSnap.sys
F7603000 - atapi.sys
F76E9000 - disk.sys
F76F9000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F75F1000 - sr.sys
F7709000 - PxHelp20.sys
F75DD000 - KSecDD.sys
F755A000 - Ntfs.sys
F7532000 - NDIS.sys
F7939000 - viaagp.sys
F7518000 - Mup.sys
F77F9000 - \SystemRoot\System32\DRIVERS\processr.sys
F741D000 - \SystemRoot\System32\DRIVERS\nv4.sys
F7809000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F7819000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7989000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7991000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7999000 - \SystemRoot\System32\DRIVERS\fdc.sys
F7829000 - \SystemRoot\System32\DRIVERS\serial.sys
F7B59000 - \SystemRoot\System32\DRIVERS\serenum.sys
F740A000 - \SystemRoot\System32\DRIVERS\parport.sys
F7839000 - \SystemRoot\System32\Drivers\Cdr4_2K.SYS
F7849000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F7859000 - \SystemRoot\System32\DRIVERS\redbook.sys
F73E9000 - \SystemRoot\System32\DRIVERS\ks.sys
F7869000 - \SystemRoot\System32\Drivers\Imapi.SYS
F79A1000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F73CA000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7879000 - \SystemRoot\system32\drivers\ac97via.sys
F73A9000 - \SystemRoot\system32\drivers\portcls.sys
F7889000 - \SystemRoot\system32\drivers\drmk.sys
F79A9000 - \SystemRoot\System32\DRIVERS\RTL8139.SYS
F7363000 - \SystemRoot\system32\drivers\emu10k1m.sys
F7899000 - \SystemRoot\system32\drivers\sfmanm.sys
F7BCB000 - \SystemRoot\system32\drivers\ctlfacem.sys
F7D89000 - \SystemRoot\System32\DRIVERS\ctljystk.sys
F7B71000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F7D8B000 - \SystemRoot\System32\DRIVERS\audstub.sys
F78C9000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7B79000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F726A000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F78D9000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F78E9000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7B7D000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F7259000 - \SystemRoot\System32\DRIVERS\psched.sys
F78F9000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F79B9000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F79C1000 - \SystemRoot\System32\DRIVERS\raspti.sys
F722C000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F7909000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7D91000 - \SystemRoot\System32\DRIVERS\swenum.sys
F71E2000 - \SystemRoot\System32\DRIVERS\update.sys
F7919000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F79E1000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7769000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7BD7000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F616B000 - \SystemRoot\System32\DRIVERS\sis163u.sys
F7BF9000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7D39000 - \SystemRoot\System32\Drivers\Null.SYS
F7BFB000 - \SystemRoot\System32\Drivers\Beep.SYS
F7A19000 - \SystemRoot\System32\drivers\vga.sys
F7BFD000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7BFF000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7A21000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7A29000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7B35000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F77A9000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F60FB000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F77B9000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F60D6000 - \SystemRoot\System32\DRIVERS\netbt.sys
F77C9000 - \SystemRoot\System32\DRIVERS\netbios.sys
F600E000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F5FAE000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F77D9000 - \SystemRoot\System32\Drivers\Fips.SYS
F7A39000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F77E9000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F7353000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F5F70000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7C03000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F7208000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F7D97000 - \SystemRoot\System32\drivers\dxgthk.sys
BFDD0000 - \SystemRoot\System32\nv4.dll
F190A000 - \SystemRoot\System32\drivers\afd.sys
F1804000 - \SystemRoot\System32\Drivers\aswMon2.SYS
F15A9000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F163C000 - \SystemRoot\system32\drivers\sysaudio.sys
F1462000 - \SystemRoot\system32\drivers\wdmaud.sys
F7BF3000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F15E4000 - \SystemRoot\System32\Drivers\Aspi32.SYS
F7CC1000 - \SystemRoot\System32\Drivers\Cdralw2k.SYS
F109B000 - \SystemRoot\System32\DRIVERS\srv.sys
F0FCB000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F0EDB000 - \??\C:\WINDOWS\System32\PCANDIS5.SYS
F0AFC000 - \SystemRoot\system32\drivers\kmixer.sys
F7DF8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 112

Liste des programmes installes

802.11 USB Wireless LAN Adapter
Absolute Patience
Adobe Acrobat 4.0
AutoUpdate
avast! Antivirus
Bubble Shooter v3.07
Code de la Route V3
Correctif Windows XP - KB823559
Correctif Windows XP - KB828741
Correctif Windows XP - KB835732
Correctif Windows XP - KB842773
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eMule
Gestionnaire Internet
Google Toolbar for Internet Explorer
HijackThis 1.99.1
InterVideo WinDVD
LaserTank
Lexmark X1100 Series
livebox
Macromedia Flash Player 8
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Office XP Professional avec FrontPage
Microsoft Publisher 2002
Mozilla Firefox (2.0.0.2)
Navigateur Orange
NEC Mobile Suite
NEC Mobile Suite
NEC Synchronization
Nero - Burning Rom (Web installer)
Package du correctif Windows XP [voir Q329115 pour plus de détails]
QuickTime
QuickTime
SAGEM Full USB v3.4.4.0
Shanghai: Great Moments version 2.0
The Workshop of CD Mate 2.0
WebFldrs XP
WellPhone DirectSync
WellPhone XT
WinAce Archiver 2.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q815021
WinZip



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1825-635B

Répertoire de C:\Program Files

28/07/2007 20:26 <REP> .
28/07/2007 20:26 <REP> ..
25/07/2007 20:05 <REP> Absolute Patience
28/06/2006 19:38 <REP> Absolutist.com
14/06/2006 21:28 <REP> ACD Systems
17/03/2007 10:33 <REP> Adaptec
15/06/2006 20:01 <REP> Adobe
20/07/2007 11:10 <REP> ahead
05/07/2007 18:07 <REP> Alwil Software
28/06/2006 19:27 <REP> AngelPotion Video Codec V1
14/06/2006 20:30 <REP> ComPlus Applications
17/03/2007 15:37 <REP> Copystar
25/07/2007 22:15 <REP> DivX
28/06/2006 19:27 <REP> DivXCodec
29/07/2007 08:14 <REP> eMule
24/07/2007 18:23 <REP> Fichiers communs
16/06/2006 17:51 <REP> Fox
28/07/2007 18:03 4 846 hijackthis.log
16/06/2006 18:20 <REP> Infogrames
03/04/2007 19:14 <REP> Internet Explorer
15/06/2006 19:19 <REP> InterVideo
04/07/2007 18:49 <REP> Inventel
07/04/2007 13:05 <REP> LaserTank
24/06/2006 13:30 <REP> Lexmark X1100 Series
16/07/2007 02:58 <REP> MediaTV
03/07/2006 13:11 <REP> Messenger
14/06/2006 20:35 <REP> microsoft frontpage
14/06/2006 21:18 <REP> Microsoft Office
04/05/2007 18:26 <REP> Mindscape
14/06/2006 20:46 <REP> Movie Maker
25/07/2007 22:05 <REP> Mozilla Firefox
14/06/2006 20:29 <REP> MSN Gaming Zone
25/07/2007 20:01 <REP> MSN Messenger
14/03/2007 15:43 <REP> NEC
14/03/2007 15:21 <REP> NEC Synchronization
26/07/2007 17:39 <REP> NetMeeting
14/06/2006 20:46 <REP> Outlook Express
10/07/2007 23:22 <REP> PowerQuest
03/04/2007 19:11 <REP> QuickTime
28/06/2006 19:27 <REP> Real(2)
25/07/2007 21:05 <REP> SAGEM
16/02/2005 11:06 218 112 scanner.exe.exe
04/07/2007 20:02 <REP> Securitoo
14/06/2006 20:32 <REP> Services en ligne
03/04/2007 19:19 <REP> SmartCom
29/07/2007 08:14 <REP> Wanadoo
02/05/2007 20:03 <REP> WellPhone DirectSync
20/07/2007 00:08 <REP> WinAce
03/07/2006 13:11 <REP> Windows Media Player
14/06/2006 20:29 <REP> Windows NT
25/07/2007 20:02 <REP> WinRAR
28/06/2006 19:30 <REP> WinZip
14/06/2006 20:35 <REP> xerox
2 fichier(s) 222 958 octets
51 Rép(s) 5 739 245 568 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1825-635B

Répertoire de C:\Program Files\fichiers communs

24/07/2007 18:23 <REP> .
24/07/2007 18:23 <REP> ..
23/06/2006 19:29 <REP> Adaptec Shared
21/03/2007 20:12 <REP> Adobe
28/06/2006 19:29 <REP> Designer
25/07/2007 20:02 <REP> InstallShield
08/07/2007 23:01 <REP> Microsoft Shared
14/06/2006 20:31 <REP> MSSoap
14/06/2006 21:20 <REP> ODBC
24/06/2006 13:29 <REP> Real
14/06/2006 20:46 <REP> Services
14/06/2006 21:20 <REP> SpeechEngines
14/06/2006 21:10 <REP> System
02/05/2007 16:54 <REP> XCPCSync.OEM
0 fichier(s) 0 octets
14 Rép(s) 5 739 241 472 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1825-635B

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

28/06/2006 19:29 <REP> .
28/06/2006 19:29 <REP> ..
28/06/2006 19:29 <REP> 1033
28/06/2006 19:29 <REP> 1036
15/02/2001 05:45 1 318 912 MSONSEXT.DLL
13/02/2001 08:23 58 784 MSOSV.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
06/08/2000 09:04 401 462 MSVCP60.DLL
22/01/2001 03:25 69 632 PKMAXCTL.DLL
22/01/2001 03:25 872 448 PKMCDO.DLL
22/01/2001 03:25 159 744 PKMCORE.DLL
07/02/2001 09:59 106 496 PKMFORMS.DLL
12/02/2001 04:03 684 032 PKMRES.DLL
22/01/2001 03:25 28 672 PKMSSTLB.DLL
22/01/2001 03:25 40 960 PKMTEMPL.DLL
22/01/2001 03:25 24 576 PKMTRACE.DLL
22/01/2001 03:25 86 016 PKMWS.DLL
22/01/2001 03:25 237 568 PROMDEMO.DLL
22/01/2001 03:25 184 320 SECMGR.DLL
22/01/2001 03:25 323 584 VAIDDMGR.DLL
22/01/2001 03:25 32 768 VAIMEM.DLL
18 fichier(s) 4 879 944 octets
4 Rép(s) 5 739 241 472 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1825-635B

Répertoire de C:\

12/05/2007 18:22 68 096 diff.exe
12/05/2007 18:22 103 424 grep.exe
2 fichier(s) 171 520 octets
0 Rép(s) 5 739 241 472 octets libres
c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
c:\Documents and Settings\christian\Bureau\install_messenger.exe
c:\Documents and Settings\christian\Bureau\WGAPluginInstall.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\christian\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\christian\Local Settings\Temp\winlogon.exe
c:\Documents and Settings\christian\Mes documents\install_messenger.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\casino770 installation.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\divxinstaller.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\emule0.48a-installer.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\setupfre.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\wrar370fr.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\Setup.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\CHKDSK.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\EMM386.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\FLOPPY.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\FLOPPY9x.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\FLOPPYME.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\NWCDEX.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\PQBOOT.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\PTEDIT32.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\restrmbr.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Rescueme\DOSYSTEM\WRPROG.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Setup\instmsia.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Setup\instmsiw.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\BTMagic\Setup\setup.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\DKeeper\instmsia.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\DKeeper\instmsiw.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\DKeeper\setup.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Rescueme\Setup.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Rescueme\DOSYSTEM\CHKDSK.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Rescueme\DOSYSTEM\EMM386.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Rescueme\DOSYSTEM\FLOPPY.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Rescueme\DOSYSTEM\FLOPPY9x.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Rescueme\DOSYSTEM\FLOPPYME.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Rescueme\DOSYSTEM\NWCDEX.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Rescueme\DOSYSTEM\PTEDIT32.EXE
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Setup\instmsia.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Setup\instmsiw.exe
c:\Documents and Settings\christian\Mes documents\Christian GROLEAU\Partition magique 8.0 fr avec n° de série\Setup\setup.exe
c:\Documents and Settings\christian\Mes documents\sagem\DriversUSB\FullUSB\20060407_Sagem_USB_Drivers_setup.exe
c:\Documents and Settings\christian\Mes documents\sagem\Menu\animation.exe
c:\Documents and Settings\christian\Mes documents\sagem\QuickTime\QuickTimeInstaller.exe
c:\Documents and Settings\christian\Mes documents\sagem\SAGEM (E)\SAGEM\DriversUSB\FullUSB\20060407_Sagem_USB_Drivers_setup.exe
c:\Documents and Settings\christian\Mes documents\sagem\SAGEM (E)\SAGEM\Menu\animation.exe
c:\Documents and Settings\christian\Mes documents\sagem\SAGEM (E)\SAGEM\QuickTime\QuickTimeInstaller.exe
c:\Documents and Settings\christian\Mes documents\sagem\SAGEM (E)\WellPhoneXT\dotnetfx.exe
c:\Documents and Settings\christian\Mes documents\sagem\SAGEM (E)\WellPhoneXT\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\Sfx factory 2.4\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\Sfx factory 2.4\Crack\Crack.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinAce 2.03\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinRar 2.80\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinZip 8.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinZip 8.0\Crack\Crack.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinZip 8.0\Disk 1\ARC.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinZip 8.0\Disk 1\ARJ.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinZip 8.0\Disk 1\LHA.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinZip 8.0\Disk 1\PKUNZIP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinZip 8.0\Disk 1\PKZIP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Compacteurs\WinZip 8.0\Disk 1\ZIP2EXE.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\CoverDesigner\CoverDes.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\InCD\InCD.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\InCD\InCDL.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\InCD\incdsrv.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\Nero\nero.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\Nero\NeroCmd.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\Nero\NRESTORE.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\Nero\WaveEditor\WaveEdit.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\Nero ToolKit\CDSpeed.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\Nero ToolKit\DriveSpeed.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\Nero ToolKit\InfoTool.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\Shared\AudioPlugins\wmfdist.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Ahead\WMPBurn\WMPBurn.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Aspi 4.60\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Blind Write 0.99.2.1\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Blind Write 0.99.2.1\Crack\CR-BW913.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Cd Mate 2.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Cdr Win 3.8e\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\ConverterUninstall.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivXBundleUninstall.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivXCodecUninstall.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivXContentUploaderUninstall.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivXPlayerUninstall.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivXWebPlayerUninstall.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivX Codec\config.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivX Codec\DivX EKG.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivX Converter\Converter.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\DivX Player\DivX Player.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\Google\Firefox\downldr.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\DivX\Google\Firefox\ffinstaller.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Feurio Cd Manager 1.62\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Isobuster 0.99.74\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Padus Discjuggler 3.50.800\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\Padus Discjuggler 3.50.800\Crack\DJ3KeyGen.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\WinImage 5.00.500\WinImage.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\WinOnCd Power Edition 3.70.527\Drivers\aspiinst.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\WinOnCd Power Edition 3.70.527\winoncd\_ISDEL.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\WinOnCd Power Edition 3.70.527\winoncd\SETUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\WinOnCd Power Edition 3.70.527\winoncd\UNINST.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Gravage\WinOnCd Power Edition 3.70.527\XXX --- Màj 3.70.572.2 --- XXX\3.70.527.2 up.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Images\ACDSee 3.10\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Images\Paint Shop Pro 7.02\instmsia.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Images\Paint Shop Pro 7.02\instmsiw.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Images\Paint Shop Pro 7.02\setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Images\Paint Shop Pro 7.02\Crack\Crack.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Images\PicaView 1.31\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Images\PicaView 1.31\Crack\Crack.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Blizzard_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Casino_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Cyborg_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Espanol_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Forest_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\GreenRain_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Jurassic_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Limpbizkit_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Linkin_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Liquid_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\NiteLED_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\RIAA_Raider_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Slate_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Aimster 3.23\Skins\Xaos_Skin.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Copernic Pro 2001\Copernic2001 Pro fr.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Cute Ftp 4.0.32\cuteFR4032.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Direct Connect 1.0\Setup Upgrade.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Direct Connect 1.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Edonkey 2000\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Enternet 300 v1.60\_ISDel.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Enternet 300 v1.60\setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\EnterNet 500 v1.5rc1\_ISDel.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\EnterNet 500 v1.5rc1\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\FlashGet 0.96a\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Icq 2000 b2\Icq.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Morpheus 1.33\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Rapigator 3.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Reget 1.9\rgl18.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Song Spy Beta 1.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\Win Mx 2.6\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Directx 8.0a\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Directx désinstallation\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Internet Explorer 5.50\DCOM95.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Internet Explorer 5.50\IE501DOM.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Internet Explorer 5.50\IE5COMP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Internet Explorer 5.50\ie5setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Internet Explorer 5.50\OAINST.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Internet Explorer 6.0\ie6setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Media Player 7.1\Media Player.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Media Player 7.1\wmencoder.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Real Player 8.0\Real Player.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Adv\Adv.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dictionnaires Spécialisés Word\_ISDEL.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dictionnaires Spécialisés Word\SETUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\Vb1\SPEU.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\Vb2\ste50.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\Vb3\SETUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\VB4\16bits\SETUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\VB4\32bits\SETUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\VB5\vb5rtsp3.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\Vb6\vbrun60.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\VB6.2\vbrun60sp5.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Dlls\Vb7\mfc42.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Gel Internet\243199FRN8.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Html\hhupd.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\indeo\intel indeo codecs.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Internet Explorer\DHTMLED.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Mpeg\Active Movie\AMOV4IE.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Mpeg\Active Stream\AMOVIE.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Police Euro\OffTTUpd.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Speech\msttsL.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Speech\Spchapi.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Virtual Machine\VMSecurity3167.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Win G\LOADWING.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Win G\wsetup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Windows 98 2nd arret\4756FR8.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Microsoft\Windows Update\Windows 98 2nd usb\240075fr.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\Audio Catalyst 2.10\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\Easy Cdda Extractor 4.52\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\MixVibes Pro 2.24\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\MixVibes Pro 2.24\Crack\Crack.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\Shuffler Music Converter 4r2\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\Streambox Ripper 2.0.11\_ISDEL.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\Streambox Ripper 2.0.11\Ripper.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\Streambox Ripper 2.0.11\SETUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\Streambox Ripper 2.0.11\wmaudioredist.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\Tbx PLayer 1.0\Install.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\WinAmp 2.76\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\WinAmp 2.76\Français\Francais.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Audio\WinAmp 2.76\Plugin\Streaming Real Audio Player.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Codecs\Angel Potion 1.702\_ISDel.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Codecs\Angel Potion 1.702\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Codecs\Divx 4.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Codecs\Lame 2001\lame.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Codecs\Wma 4.1\wmaudioredist.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Vidéo\Clad Dvd 2.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Vidéo\Power Dvd 3.0\_ISDel.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Vidéo\Power Dvd 3.0\aspiinst.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Vidéo\Power Dvd 3.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Multimédia\Vidéo\Power Dvd 3.0\maj 3.0.525\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Alpha1 Serials 2000\Alpha Serials.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Easy Cleaner 1.7f\Setup.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\HPFonts\FONTSMRT.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\More Properties 2.03\More Properties.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Quick Time 4.12\Quick Time.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Quick Time 4.12\Crack\Crack.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Spy Killer 1.50\SETUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Where Is It 2.16a\401COMUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Where Is It 2.16a\SETUP.EXE
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Where Is It 2.16a\Crack\WhereKey.exe
c:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Utilitaires\Winboost 2001 2.0\Setup.exe
c:\Documents and Settings\christian\Mes documents\WellPhoneXT\dotnetfx.exe
c:\Documents and Settings\christian\Mes documents\WellPhoneXT\Setup.exe
c:\Documents and Settings\ferrou.PRIVE-LHBFBK9VU\Local Settings\Temp\rtdrvmon.exe
c:\Documents and Settings\pierre\Local Settings\Temp\rtdrvmon.exe
c:\Documents and Settings\thomas\Local Settings\Temp\rtdrvmon.exe
c:\Documents and Settings\thomas.PRIVE-LHBFBK9VU\Local Settings\Temp\{336C06E7-0219-44AF-8593-E2009E24FCCD}\QuickTimeInstaller.exe
c:\Documents and Settings\thomas.PRIVE-LHBFBK9VU\Mes documents\Mes images\utilitaires\codinstl.exe
c:\Documents and Settings\thomas.PRIVE-LHBFBK9VU\Mes documents\Mes images\utilitaires\DivX412Bundle+Player.exe
c:\Documents and Settings\thomas.PRIVE-LHBFBK9VU\Mes documents\Mes images\utilitaires\iv5setup.exe
c:\Documents and Settings\thomas.PRIVE-LHBFBK9VU\Mes documents\Mes images\utilitaires\nimo433.exe
c:\Documents and Settings\thomas.PRIVE-LHBFBK9VU\Mes documents\Mes images\utilitaires\vivo-player.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

****** Fin du rapport DiagHelp

-- Ouvre le poste de travail
-- Clic sur le menu outils en haut à droite puis options des dossiers
-- Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut
-- Coche dans la liste "Afficher les fichiers cachés"
-- Décoche "masquer les fichier proteger du systeme d exploitation (recommandée)"
-- Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.

Supprime : C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapist


Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php

Clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://www.malekal.com/tutorial_antivir.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.

0 Scanning directories
0 Files were scanned

T'as rien scanné..

AntiVir PersonalEdition Classic
Report file date: lundi 30 juillet 2007 10:56

Scanning for 991574 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: christian
Computer name: PRIVE-LHBFBK9VU

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 14:52:52
ANTIVIR2.VDF : 6.39.0.194 975360 Bytes 28/07/2007 14:52:52
ANTIVIR3.VDF : 6.39.0.195 2048 Bytes 28/07/2007 14:52:52
AVEWIN32.DLL : 7.4.0.50 2650624 Bytes 29/07/2007 14:52:53
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.13 360488 Bytes 29/07/2007 14:52:54
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922

Start of the scan: lundi 30 juillet 2007 10:56

Starting search for hidden objects.
'214693' objects were checked, '0' hidden objects were found.


End of the scan: lundi 30 juillet 2007 11:00
Used time: 03:34 min

The scan has been done completely.

0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
0 Hidden objects were found

3min de scan..
Je pense qu'une fois Antivir ouvert tu ne fais pas cela sur l'onglet scanner :
- Sélectionne Manual Selection
- Sélectionne le disque C

AntiVir PersonalEdition Classic
Report file date: mardi 31 juillet 2007 16:58

Scanning for 994159 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: Administrateur
Computer name: PRIVE-LHBFBK9VU

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 14:52:52
ANTIVIR2.VDF : 6.39.0.194 975360 Bytes 28/07/2007 14:52:52
ANTIVIR3.VDF : 6.39.0.199 38912 Bytes 30/07/2007 15:15:14
AVEWIN32.DLL : 7.4.0.50 2650624 Bytes 29/07/2007 14:52:53
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.13 360488 Bytes 29/07/2007 14:52:54
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 31 juillet 2007 16:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '14' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\christian\Local Settings\Application Data\Mozilla\Firefox\Profiles\uwziob3m.default\Cache(2)\7591B709d01
[0] Archive type: ZIP
--> summer2008.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '46e84ed7.qua'!
C:\Documents and Settings\christian\Mes documents\utilitaire xp\xp\Internet\FlashGet 0.96a\Setup.exe
[DETECTION] Contains signature of the dropper DR/Aureate.A.18
[INFO] The file was moved to '4723501a.qua'!
C:\WINDOWS\album12.zip
[0] Archive type: ZIP
--> album12.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471153cc.qua'!
C:\WINDOWS\album35.zip
[0] Archive type: ZIP
--> album35.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471153d1.qua'!
C:\WINDOWS\album45.zip
[0] Archive type: ZIP
--> album45.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471153d3.qua'!
C:\WINDOWS\album49.zip
[0] Archive type: ZIP
--> album49.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471153d6.qua'!
C:\WINDOWS\album54.zip
[0] Archive type: ZIP
--> album54.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471153d8.qua'!
C:\WINDOWS\album61.zip
[0] Archive type: ZIP
--> album61.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471153da.qua'!
C:\WINDOWS\album87.zip
[0] Archive type: ZIP
--> album87.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471153dc.qua'!
C:\WINDOWS\album92.zip
[0] Archive type: ZIP
--> album92.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471153df.qua'!
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(84.zip
[0] Archive type: ZIP
--> bak sana Paris Hilton ne hale gelmis hapiste :(84.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471a53d6.qua'!
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(75.zip
[0] Archive type: ZIP
--> bak sana Paris Hilton ne hale gelmis hapiste :(75.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471a53d8.qua'!
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(66.zip
[0] Archive type: ZIP
--> bak sana Paris Hilton ne hale gelmis hapiste :(66.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471a53da.qua'!
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(57.zip
[0] Archive type: ZIP
--> bak sana Paris Hilton ne hale gelmis hapiste :(57.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471a53dc.qua'!
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(53.zip
[0] Archive type: ZIP
--> bak sana Paris Hilton ne hale gelmis hapiste :(53.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471a53de.qua'!
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(30.zip
[0] Archive type: ZIP
--> bak sana Paris Hilton ne hale gelmis hapiste :(30.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471a53e1.qua'!
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(3.zip
[0] Archive type: ZIP
--> bak sana Paris Hilton ne hale gelmis hapiste :(3.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471a53e3.qua'!
C:\WINDOWS\images018.zip
[0] Archive type: ZIP
--> images018.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471053f2.qua'!
C:\WINDOWS\images02.zip
[0] Archive type: ZIP
--> images02.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471053f4.qua'!
C:\WINDOWS\images032.zip
[0] Archive type: ZIP
--> images032.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471053f6.qua'!
C:\WINDOWS\images058.zip
[0] Archive type: ZIP
--> images058.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471053f8.qua'!
C:\WINDOWS\images064.zip
[0] Archive type: ZIP
--> images064.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471053fa.qua'!
C:\WINDOWS\images076.zip
[0] Archive type: ZIP
--> images076.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471053fc.qua'!
C:\WINDOWS\images088.zip
[0] Archive type: ZIP
--> images088.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471053fe.qua'!
C:\WINDOWS\photo12.zip
[0] Archive type: ZIP
--> photo12.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e53fd.qua'!
C:\WINDOWS\photo51.zip
[0] Archive type: ZIP
--> photo51.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e53ff.qua'!
C:\WINDOWS\photo62.zip
[0] Archive type: ZIP
--> photo62.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e5401.qua'!
C:\WINDOWS\photo70.zip
[0] Archive type: ZIP
--> photo70.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e5403.qua'!
C:\WINDOWS\photo75.zip
[0] Archive type: ZIP
--> photo75.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e5405.qua'!
C:\WINDOWS\photo88.zip
[0] Archive type: ZIP
--> photo88.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e5407.qua'!
C:\WINDOWS\photos018.zip
[0] Archive type: ZIP
--> photos018.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e5409.qua'!
C:\WINDOWS\photos034.zip
[0] Archive type: ZIP
--> photos034.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e540b.qua'!
C:\WINDOWS\photos037.zip
[0] Archive type: ZIP
--> photos037.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e540d.qua'!
C:\WINDOWS\photos048.zip
[0] Archive type: ZIP
--> photos048.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e540f.qua'!
C:\WINDOWS\photos050.zip
[0] Archive type: ZIP
--> photos050.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e5410.qua'!
C:\WINDOWS\photos063.zip
[0] Archive type: ZIP
--> photos063.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '471e5412.qua'!
C:\WINDOWS\picture12.zip
[0] Archive type: ZIP
--> picture12.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125415.qua'!
C:\WINDOWS\picture7.zip
[0] Archive type: ZIP
--> picture7.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125417.qua'!
C:\WINDOWS\picture75.zip
[0] Archive type: ZIP
--> picture75.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125419.qua'!
C:\WINDOWS\picture88.zip
[0] Archive type: ZIP
--> picture88.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4712541b.qua'!
C:\WINDOWS\picture9.zip
[0] Archive type: ZIP
--> picture9.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4712541c.qua'!
C:\WINDOWS\picture91.zip
[0] Archive type: ZIP
--> picture91.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4712541e.qua'!
C:\WINDOWS\picture92.zip
[0] Archive type: ZIP
--> picture92.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125420.qua'!
C:\WINDOWS\pictures013.zip
[0] Archive type: ZIP
--> pictures013.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125422.qua'!
C:\WINDOWS\pictures021.zip
[0] Archive type: ZIP
--> pictures021.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125424.qua'!
C:\WINDOWS\pictures032.zip
[0] Archive type: ZIP
--> pictures032.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125426.qua'!
C:\WINDOWS\pictures06.zip
[0] Archive type: ZIP
--> pictures06.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125428.qua'!
C:\WINDOWS\pictures064.zip
[0] Archive type: ZIP
--> pictures064.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4712542a.qua'!
C:\WINDOWS\pictures067.zip
[0] Archive type: ZIP
--> pictures067.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4712542b.qua'!
C:\WINDOWS\pictures072.zip
[0] Archive type: ZIP
--> pictures072.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4712542d.qua'!
C:\WINDOWS\pictures080.zip
[0] Archive type: ZIP
--> pictures080.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4712542f.qua'!
C:\WINDOWS\pictures09.zip
[0] Archive type: ZIP
--> pictures09.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125431.qua'!
C:\WINDOWS\pictures095.zip
[0] Archive type: ZIP
--> pictures095.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125433.qua'!
C:\WINDOWS\pictures096.zip
[0] Archive type: ZIP
--> pictures096.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125435.qua'!
C:\WINDOWS\pictures097.zip
[0] Archive type: ZIP
--> pictures097.scr
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47125436.qua'!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\browser.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!


End of the scan: mardi 31 juillet 2007 17:38
Used time: 39:38 min

The scan has been done completely.

3277 Scanning directories
98617 Files were scanned
55 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
55 files were moved to quarantine
0 files were renamed
38 Files cannot be scanned
98562 Files not concerned
1544 Archives were scanned
38 Warnings
14 Notes
0 Hidden objects were found

C'est OK, tu n'es plus infecté en suivant les dernières manipulations ci-dessous et lire ATTENTIVEMENT ce qui suit

Essaye de rapporter ton infection sur le site que je te donne ci-dessous, ce serait super cool

Ton infection : Backdoor.IRC par msn


Finir le nettoyage :
- Nettoye ton ordinateur avec CCleaner : http://www.malekal.com/tutorial_CCleaner.html
- Désactive puis réactive la restauration du système :
- Mode d'emploi Windows XP
- Tu peux ensuite désinstaller tous les programmes que l'on a utilisé.



je t'invite à jeter un coup d'oeil à ces liens dans la mesure du possible, essaye de rapporter ton infection :

Pour les utilisateurs d'Avast! Vous n'êtes pas protégé en utilisant Avast!. Antivir est vraiment très performant, c'est pourquoi, je te conseille d'opter pour cet antivirus qui est gratuit (surtout si tu as Avast!), voici le tutorial d'Antivir : http://www.malekal.com/tutorial_antivir.php
Pour plus d'informations, voici un petit comparatif : http://forum.malekal.com/ftopic3123.php

Comment se protéger des virus : - Tout ceci est résume sur cette page : Sécuriser son ordinateur et connaître les menaces
Je t'invite aussi à mettre à jour tous les composants de ton système - Garde l'habitude de les maintenir à jour, un ordinateur avec des logiciels non à jour = infection ! tu peux scanner ton ordinateur pour vérifier quels sont les progammes non à jour en suivant les directives de cette page : http://www.malekal.com/scan_vulnerabilite.php

Faire bouger les choses :

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

Pour poster un message, clics sur le bouton "post reply" et remplir les informations - NE PAS CREER UN SUJET avec le bouton New Topic.

Pour toutes aides pour poster ton message, tu peux consulter ce lien : http://www.malekal.com/malwarecomplaints.html
Si tu as des questions ou des problèmes, n'hésites pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.