virus

[mouflette]

bonsoir j ai comme beaucoup d internautes un virus ou plusieurs je ne sais pas je sais qu il faut faire msnfix et hijackthis mais pouvez vous me donner les liens pour les telecharger merci d avance

[Malekal_morte]

Bonjour,

- Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -

[mouflette]

merci de repondre aussi vite voila le rapportLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:17, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4c3bd26fd6e04ef680d9d9bbf315fb39
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4c3bd26fd6e04ef680d9d9bbf315fb39
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se9602.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13705 bytes

[Malekal_morte]

Désinstalle : Crawler & Multi_Media_France


Désactive ton antivirus et autres logiciels de protection puis :

Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

- Télécharge sur ton bureau DiagHelp.zip sur ton bureau - Tuto : https://www.malekal.com/DiagHelp/DiagHelp.php
- !!! Ne double-clic pas dessus !!! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Si une fenêtre de licences SigCheck s'ouvre... accepte, si tu as un parefeu qui demande si SigCheck tente de se connecter à internet, accepte.
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes.
- Lorsque l'analyse sera terminé... Il peut t'être demandé d'envoyer un fichier contenant des fichiers infectieux.
Envoie le fichier (si ça ne fonctionne pas.. continue la procédure) puis retourne sur la fenêtre noire, suis les instructions en appuyant sur une touche pour obtenir le rapport dans le bloc-note

- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

[mouflette]

voila le rapport n ai pas pu envoyer l autre desole DiagHelp version v1.4 - https://www.malekal.com
excute le 15/04/2008 à 23:58:21,89


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->15/04/2008 23:58:03
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->15/04/2008 23:57:47
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->15/04/2008 23:56:52
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->15/04/2008 23:55:24
C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf -->15/04/2008 23:52:19
C:\WINDOWS\prefetch\AVAST.SETUP-032170A8.pf -->15/04/2008 23:49:55
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->15/04/2008 23:42:22
C:\WINDOWS\prefetch\ACRORD32INFO.EXE-24548733.pf -->15/04/2008 23:41:25
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->15/04/2008 23:36:16
C:\WINDOWS\prefetch\HIJACKTHIS.EXE-34A0FC79.pf -->15/04/2008 23:36:04

C:\WINDOWS\System32\drivers\aswFsBlk.sys -->29/03/2008 19:35:49
C:\WINDOWS\System32\drivers\aswmon2.sys -->29/03/2008 19:35:21
C:\WINDOWS\System32\drivers\aswSP.sys -->29/03/2008 19:31:34
C:\WINDOWS\System32\drivers\aswRdr.sys -->29/03/2008 19:29:08
C:\WINDOWS\System32\drivers\aswTdi.sys -->29/03/2008 19:27:33
C:\WINDOWS\System32\drivers\aavmker4.sys -->29/03/2008 19:26:52
C:\WINDOWS\System32\drivers\aswmon.sys -->17/01/2008 17:34:01

C:\WINDOWS\System32\wpa.dbl -->15/04/2008 19:47:48
C:\WINDOWS\System32\PerfStringBackup.INI -->12/04/2008 16:07:32
C:\WINDOWS\System32\perfh00C.dat -->12/04/2008 16:07:32
C:\WINDOWS\System32\perfh009.dat -->12/04/2008 16:07:32
C:\WINDOWS\System32\perfc00C.dat -->12/04/2008 16:07:32
C:\WINDOWS\System32\perfc009.dat -->12/04/2008 16:07:32
C:\WINDOWS\System32\FNTCACHE.DAT -->09/04/2008 21:14:17
C:\WINDOWS\System32\MRT.exe -->06/04/2008 07:56:20
C:\WINDOWS\System32\CONFIG.NT -->03/04/2008 22:29:02
C:\WINDOWS\System32\real.txt -->03/04/2008 00:05:26
C:\WINDOWS\System32\aswBoot.exe -->29/03/2008 19:45:49
C:\WINDOWS\System32\AvastSS.scr -->29/03/2008 19:23:22
C:\WINDOWS\System32\win32k.sys -->20/03/2008 10:09:22
C:\WINDOWS\System32\real.MSNFix -->13/03/2008 08:30:49
C:\WINDOWS\System32\TuneUpDefragService.exe -->08/03/2008 17:22:37
C:\WINDOWS\System32\mshtml.dll -->01/03/2008 18:28:10
C:\WINDOWS\System32\wininet.dll -->01/03/2008 14:58:11
C:\WINDOWS\System32\webcheck.dll -->01/03/2008 14:58:11
C:\WINDOWS\System32\urlmon.dll -->01/03/2008 14:58:10
C:\WINDOWS\System32\url.dll -->01/03/2008 14:58:10
C:\WINDOWS\System32\pngfilt.dll -->01/03/2008 14:58:10
C:\WINDOWS\System32\occache.dll -->01/03/2008 14:58:10
C:\WINDOWS\System32\mstime.dll -->01/03/2008 14:58:10
C:\WINDOWS\System32\msrating.dll -->01/03/2008 14:58:10
C:\WINDOWS\System32\mshtmled.dll -->01/03/2008 14:58:09

C:\WINDOWS\WindowsUpdate.log -->15/04/2008 23:09:34
C:\WINDOWS\QTFont.qfn -->15/04/2008 19:51:38
C:\WINDOWS\wiadebug.log -->15/04/2008 19:48:22
C:\WINDOWS\wiaservc.log -->15/04/2008 19:48:19
C:\WINDOWS\Sti_Trace.log -->15/04/2008 19:48:16
C:\WINDOWS\bootstat.dat -->15/04/2008 19:47:43
C:\WINDOWS\SchedLgU.Txt -->15/04/2008 19:46:45
C:\WINDOWS\NeroDigital.ini -->15/04/2008 19:06:40
C:\WINDOWS\Thumbs.db -->08/04/2008 19:22:56
C:\WINDOWS\msnfix.txt -->02/04/2008 23:03:58
C:\WINDOWS\msnfix bloc notes 2.txt -->31/03/2008 23:37:38
C:\WINDOWS\msnfix bloc notes.txt -->31/03/2008 21:52:15
C:\WINDOWS\msnfix rapport 2.txt -->30/03/2008 19:06:29
C:\WINDOWS\win.ini -->21/03/2008 20:21:35
C:\WINDOWS\WD.INI -->21/02/2008 22:31:59

winlogon.exe
Verified: Unsigned
svchost.exe
Verified: Unsigned
ws2_32.dll
Verified: Unsigned
user32.dll
Verified: Unsigned
tcpip.sys
Verified: Signed
ndis.sys
Verified: Unsigned
null.sys
Verified: Unsigned


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 3428
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x009b0000 0x17000 9.05.0000.1098 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll
0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0xf000 3.00.0002.0000 C:\Program Files\Labtec\Desktop\V5.1\MOUDL32A.DLL
0x01f30000 0xe000 3.07.0000.0000 C:\Program Files\Labtec\Desktop\V5.1\KBDDL32A.DLL
0x00940000 0x27000 1.00.0003.0021 C:\Program Files\IncrediMail\bin\B4ImApp.dll
0x025e0000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x43ff0000 0xa000 7.00.6000.16640 C:\WINDOWS\system32\jsproxy.dll
0x03370000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x00e00000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x03010000 0x144000 4.05.0146.0000 C:\Program Files\Multi_Media_France\tbMul0.dll
0x085c0000 0x15000 10.00.0000.3802 C:\WINDOWS\system32\wmpshell.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x035d0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x03290000 0x28000 C:\Program Files\WinRAR\rarext.dll
0x032d0000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
0x64f00000 0x12000 4.08.1169.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x03330000 0x38000 3.00.0000.0058 C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 736
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x73d50000 0x3000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70D5-EC31

Répertoire de C:\WINDOWS\system32

19/08/2004 17:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 79 946 051 584 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70D5-EC31

Répertoire de C:\WINDOWS\Downloaded Program Files

04/07/2007 18:45 <REP> .
04/07/2007 18:45 <REP> ..
03/06/2007 17:44 <REP> CONFLICT.1
03/06/2007 16:34 <REP> CONFLICT.2
03/01/2006 00:31 65 desktop.ini
13/04/2007 02:14 382 344 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
10/11/2005 15:05 876 jinstall-1_5_0_06.inf
29/11/2006 15:00 367 LegitCheckControl.inf
29/05/2003 16:00 160 864 messengerstatsclient.dll
06/04/2004 19:03 172 072 MessengerStatsPAClient.dll
29/05/2003 15:00 84 064 minesweeper.dll
29/05/2003 15:00 77 408 msgrchkr.dll
30/06/2005 15:19 227 MsnMessengerSetupDownloader.inf
14/08/2005 00:26 113 664 MsnMessengerSetupDownloader.ocx
08/10/2004 16:01 372 736 MsnPUpld.dll
08/10/2004 16:13 587 MSNPupld.inf
22/09/2004 15:59 110 592 PURen-us.dll
15/10/2004 07:59 110 592 PURfr-xx.dll
29/05/2003 15:00 86 112 solitaireshowdown.dll
27/03/2007 16:00 5 021 swflash.inf
15/01/2007 23:50 463 768 wlscBase.dll
15/01/2007 23:50 320 wlscBase.inf
02/11/2005 18:01 1 777 xscan.inf
02/11/2005 18:07 435 712 xscan53.ocx
19/02/2007 11:26 159 128 ZIntro.ocx
29/04/2005 18:24 155 648 zylomgamesplayer.dll
25/03/2005 18:17 244 ZylomGamesPlayer.inf
24 fichier(s) 2 894 504 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

03/06/2007 17:44 <REP> .
03/06/2007 17:44 <REP> ..
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
29/05/2003 15:00 84 064 minesweeper.dll
29/05/2003 15:00 77 408 msgrchkr.dll
28/02/2007 14:21 142 248 SolitaireShowdown.dll
4 fichier(s) 608 264 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.2

03/06/2007 16:34 <REP> .
03/06/2007 16:34 <REP> ..
28/02/2007 14:21 131 472 msgrchkr.dll
1 fichier(s) 131 472 octets

Total des fichiers listés :
29 fichier(s) 3 634 240 octets
8 Rép(s) 79 946 039 296 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues
C:\Program Files\Multi_Media_France présent! Possible infection : lop.com

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Ahead\\Nero\\nero.exe"="C:\\Program Files\\Ahead\\Nero\\nero.exe:*:Disabled:Nero Burning ROM"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\WINDOWS\\system32\\lxctcoms.exe"="C:\\WINDOWS\\system32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
@=dword:00000001
"C:\\DOCUME~1\\MCPC\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MCPC\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
"C:\\DOCUME~1\\maurane\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\maurane\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
"C:\\Documents and Settings\\MCPC\\fayuco.exe"="C:\\Documents and Settings\\MCPC\\fayuco.exe:*:Enabled:Nvidia"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

REGEDIT4

[taskmgr.exe]


exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 http://www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 http://www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 http://www.eupdatepage.com
127.0.0.1 eupdatepage.com
127.0.0.1 http://www.exeupdate.com
127.0.0.1 exeupdate.com
127.0.0.1 http://www.hotwinupdates.com
127.0.0.1 hotwinupdates.com
127.0.0.1 http://www.lavasoftupdate.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 http://www.malwarewipeupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 http://www.msupdate.net
127.0.0.1 msupdate.net
127.0.0.1 http://www.msupdater.net
127.0.0.1 msupdater.net
127.0.0.1 http://www.necessaryupdates.com
127.0.0.1 necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 http://www.securityupdatesite.com
127.0.0.1 securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 http://www.spyaxeupdate.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 http://www.spyfalconupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 http://www.systemupdates.net
127.0.0.1 systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 update.680180.net
127.0.0.1 http://www.updatemysettings.com
127.0.0.1 updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 http://www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 http://www.urgentsystemupdate.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 update.shareaza.com
127.0.0.1 http://www.antispywareupdates.net
127.0.0.1 antispywareupdates.net
127.0.0.1 http://www.pandaantivirus-2007.com
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 http://www.pandadownload-now.com
127.0.0.1 pandadownload-now.com
127.0.0.1 http://www.panda-hq.com
127.0.0.1 panda-hq.com
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 23:59:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
176 - lxctcoms.exe
208 - MDM.EXE
304 - MOffice.exe
444 - KBDAP32A.EXE
488 - iTunesHelper.ex
572 - mouse32a.exe
700 - ADeck.exe
712 - csrss.exe
736 - winlogon.exe
780 - services.exe
792 - lsass.exe
948 - svchost.exe
1020 - svchost.exe
1172 - svchost.exe
1212 - svchost.exe
1328 - alg.exe
1384 - TeaTimer.exe
1400 - svchost.exe
1652 - ashServ.exe
1752 - ctfmon.exe
1888 - LVPrcSrv.exe
1996 - AppleMobileDevi
2012 - BTNtService.exe
2180 - LogitechDesktop
2204 - NkbMonitor.exe
2716 - iexplore.exe
2980 - IncMail.exe
3292 - emule.exe
3336 - ImApp.exe
3428 - explorer.exe
3872 - CToolbar.exe
3892 - iPodService.exe
3976 - cmd.exe
3988 - ashDisp.exe
4036 - lxctmon.exe
4072 - ezprint.exe

Total number of processes = 37
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7B48000 - \WINDOWS\system32\KDCOM.DLL
F7A58000 - \WINDOWS\system32\BOOTVID.dll
F75F8000 - ACPI.sys
F7B4A000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F75E7000 - pci.sys
F7648000 - isapnp.sys
F7B4C000 - viaide.sys
F78C8000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F7658000 - MountMgr.sys
F75C8000 - ftdisk.sys
F7B4E000 - dmload.sys
F75A2000 - dmio.sys
F78D0000 - PartMgr.sys
F7668000 - VolSnap.sys
F758A000 - atapi.sys
F7678000 - disk.sys
F7688000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F756A000 - fltmgr.sys
F7558000 - sr.sys
F7698000 - PxHelp20.sys
F7541000 - KSecDD.sys
F752E000 - WudfPf.sys
F74A1000 - Ntfs.sys
F7474000 - NDIS.sys
F76A8000 - viaagp.sys
F78D8000 - viaagp1.sys
F7459000 - Mup.sys
F78E0000 - BTHidMgr.sys
F76D8000 - \SystemRoot\System32\DRIVERS\intelppm.sys
F7410000 - \SystemRoot\System32\DRIVERS\s3gnbm.sys
F73D4000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F76E8000 - \SystemRoot\System32\Drivers\Imapi.SYS
F76F8000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F7708000 - \SystemRoot\System32\DRIVERS\redbook.sys
F73B1000 - \SystemRoot\System32\DRIVERS\ks.sys
F7918000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F7920000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F738E000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7928000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F735C000 - \SystemRoot\system32\drivers\vinyl97.sys
F7338000 - \SystemRoot\system32\drivers\portcls.sys
F7728000 - \SystemRoot\system32\drivers\drmk.sys
F7738000 - \SystemRoot\System32\DRIVERS\fetnd5b.sys
F7940000 - \SystemRoot\System32\DRIVERS\fdc.sys
F7327000 - \SystemRoot\System32\DRIVERS\serial.sys
F7AF4000 - \SystemRoot\System32\DRIVERS\serenum.sys
F7313000 - \SystemRoot\System32\DRIVERS\parport.sys
F7748000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7AFC000 - \SystemRoot\System32\Drivers\moufiltr.SYS
F7958000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7B00000 - \SystemRoot\System32\Drivers\kbfilter.SYS
F7968000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7758000 - \SystemRoot\System32\Drivers\VcommMgr.sys
F7B08000 - \SystemRoot\system32\DRIVERS\vbtenum.sys
F7980000 - \SystemRoot\system32\DRIVERS\blueletaudio.sys
F7D3F000 - \SystemRoot\System32\DRIVERS\audstub.sys
F7B72000 - \SystemRoot\System32\Drivers\RootMdm.sys
F7990000 - \SystemRoot\System32\Drivers\Modem.SYS
F77C8000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7B10000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F72FC000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F77D8000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F77E8000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F79B0000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F72EB000 - \SystemRoot\System32\DRIVERS\psched.sys
F77F8000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F79C0000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F79D0000 - \SystemRoot\System32\DRIVERS\raspti.sys
F7B28000 - \SystemRoot\system32\DRIVERS\btnetdrv.sys
F79E0000 - \SystemRoot\system32\DRIVERS\VComm.sys
F721A000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F7808000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7B78000 - \SystemRoot\System32\DRIVERS\swenum.sys
F7199000 - \SystemRoot\System32\DRIVERS\update.sys
F7B3C000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F7818000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7838000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7B7E000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F7B82000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7D7D000 - \SystemRoot\System32\Drivers\Null.SYS
F7B86000 - \SystemRoot\System32\Drivers\Beep.SYS
F7A20000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7A28000 - \SystemRoot\System32\drivers\vga.sys
F7B8A000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7B8E000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7A38000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7A48000 - \SystemRoot\System32\Drivers\Npfs.SYS
F720E000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F50C6000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F506E000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F7858000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F504D000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F7868000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F5025000 - \SystemRoot\System32\DRIVERS\netbt.sys
F5003000 - \SystemRoot\System32\drivers\afd.sys
F7878000 - \SystemRoot\System32\DRIVERS\netbios.sys
F7900000 - \SystemRoot\System32\Drivers\StarOpen.SYS
F4FD8000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F4F41000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F7898000 - \SystemRoot\System32\Drivers\Fips.SYS
F4F2B000 - \SystemRoot\System32\Drivers\aswSP.SYS
F7930000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F7948000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F7718000 - \SystemRoot\system32\drivers\lvusbsta.sys
F7175000 - \SystemRoot\system32\DRIVERS\usbscan.sys
F7970000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F7988000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
F7AD0000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F7768000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F7778000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F4E73000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7BA2000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F5111000 - \SystemRoot\System32\drivers\Dxapi.sys
F79B8000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7D1E000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\s3gnb.dll
F79A0000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
F06F3000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
F058D000 - \SystemRoot\System32\Drivers\aswMon2.SYS
F0359000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F06AB000 - \??\C:\WINDOWS\system32\drivers\Haspnt.sys
F7B54000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F031F000 - \SystemRoot\System32\Drivers\SENTINEL.SYS
F0288000 - \??\C:\WINDOWS\system32\drivers\hardlock.sys
F0265000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F0123000 - \SystemRoot\System32\DRIVERS\srv.sys
F0485000 - \SystemRoot\System32\DRIVERS\secdrv.sys
F7998000 - \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
F00D7000 - \SystemRoot\System32\Drivers\aswRdr.SYS
EFCD6000 - \SystemRoot\system32\drivers\wdmaud.sys
EFE83000 - \SystemRoot\system32\drivers\sysaudio.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
EF40A000 - \SystemRoot\system32\drivers\kmixer.sys
F7C14000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 138

Liste des programmes installes

avast! Antivirus
Correctif pour Windows Internet Explorer 7 (KB947864)
Crawler Toolbar with Web Security Guard
HijackThis 2.0.2
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows XP (KB941693)
Mise à jour de sécurité pour Windows XP (KB945553)
Mise à jour de sécurité pour Windows XP (KB948590)
Mise à jour de sécurité pour Windows XP (KB948881)
Virtual DJ Home Edition - Atomix Productions
Windows Live Writer



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70D5-EC31

Répertoire de C:\Program Files

03/04/2008 20:59 <REP> .
03/04/2008 20:59 <REP> ..
13/10/2007 19:02 <REP> Abbyy FineReader 6.0 Sprint
25/02/2008 21:11 <REP> Adobe
04/01/2006 04:38 <REP> Ahead
30/11/2006 21:50 <REP> Alias
01/09/2006 17:25 <REP> Alwil Software
27/12/2007 16:03 <REP> Apple Software Update
03/11/2006 22:35 <REP> ArcSoft
15/04/2008 19:52 <REP> a-squared Free
05/02/2008 22:03 <REP> AviSynth 2.5
27/07/2007 10:08 <REP> AxBx
13/01/2008 20:50 <REP> BitComet
29/10/2006 16:29 <REP> CCleaner
13/05/2007 19:16 <REP> ChangeWallpaper
24/12/2007 23:27 <REP> Common Files
03/01/2006 00:29 <REP> ComPlus Applications
24/09/2007 16:36 <REP> Crawler
29/10/2006 16:34 <REP> Disk Cleaner
21/07/2007 12:11 <REP> DivX
04/01/2006 04:43 <REP> Elaborate Bytes
15/04/2008 23:01 <REP> eMule
17/10/2007 18:41 <REP> Ensemble clavier et souris sans fil Labtec
08/03/2008 17:07 <REP> Fichiers communs
15/01/2008 21:21 <REP> Free iPod Video Converter
14/10/2006 15:52 <REP> Free.fr
14/02/2007 19:25 <REP> Google
31/12/2006 15:53 <REP> illiminable
27/08/2007 20:18 <REP> IncrediMail
04/01/2006 02:39 <REP> Intel Desktop Board
17/03/2006 23:13 <REP> InterActual
12/04/2008 16:05 <REP> Internet Explorer
27/12/2007 16:11 <REP> iPod
21/01/2008 19:52 <REP> iTunes
15/12/2006 00:15 <REP> IVT Corporation
14/01/2007 13:06 <REP> Java
06/07/2006 01:37 70 144 Keygen winace 2.20.exe
14/08/2006 17:01 <REP> KONAMI
22/10/2007 19:58 <REP> Labtec
13/10/2007 19:04 <REP> Lexmark 5400 Series
13/10/2007 19:02 <REP> Lexmark Toolbar
13/10/2007 15:37 <REP> Live_TV
23/08/2006 18:45 <REP> Logitech
16/07/2006 01:03 <REP> loups
15/04/2008 23:08 <REP> Lx_cats
24/07/2007 17:02 <REP> ma-config.com
09/09/2006 18:29 <REP> Maxis
29/03/2006 19:01 <REP> Media Player Classic
07/01/2006 21:08 <REP> Messenger
08/01/2006 01:40 <REP> Micro Application
04/01/2006 04:55 <REP> Microsoft AntiSpyware
09/05/2007 19:02 <REP> Microsoft CAPICOM 2.1.0.2
03/01/2006 00:32 <REP> microsoft frontpage
24/08/2007 18:25 <REP> Microsoft Office
15/01/2008 14:13 <REP> Microsoft SQL Server Compact Edition
04/01/2006 04:17 <REP> Microsoft Visual Studio
24/08/2007 18:27 <REP> Microsoft.NET
06/04/2007 15:10 <REP> Mindscape
23/10/2006 15:21 <REP> Model
25/02/2007 19:42 <REP> Movie Maker
30/07/2007 21:11 <REP> Mozilla Firefox
28/05/2007 16:18 <REP> MSN
07/02/2007 11:39 <REP> MSN Apps
03/01/2006 00:29 <REP> MSN Gaming Zone
15/01/2008 14:32 <REP> MSN Messenger
16/10/2006 19:00 <REP> MSXML 4.0
30/05/2007 15:32 <REP> Multi_Media_France
10/04/2008 15:30 <REP> Navilog1
03/01/2006 03:56 <REP> NetMeeting
03/11/2006 22:36 <REP> Nikon
30/07/2007 18:23 <REP> Oberon Media
13/06/2007 19:04 <REP> Outlook Express
26/07/2007 16:01 <REP> PC Wizard 2007
29/02/2008 23:57 <REP> Picasa2
04/11/2006 17:25 <REP> PictureProject
27/12/2007 16:08 <REP> QuickTime
25/07/2007 22:58 <REP> Real
15/01/2008 22:01 <REP> Red Kawa
24/07/2007 23:23 <REP> RegCleaner
03/01/2006 03:25 <REP> S3Inc
14/10/2006 15:54 <REP> SAGEM
15/02/2008 13:07 <REP> Samsung
15/08/2007 23:02 <REP> Seagrand
03/01/2006 00:31 <REP> Services en ligne
05/04/2006 15:10 <REP> Sierra On-Line
29/03/2006 19:29 <REP> SlySoft
03/01/2006 04:13 <REP> Softwin
29/12/2007 13:45 <REP> Sony
01/01/2007 16:15 <REP> Sony Corporation
08/03/2008 17:39 <REP> Spybot - Search & Destroy
14/07/2002 16:32 318 743 Traduction francaise winace 2.20.exe
02/04/2008 23:30 <REP> Trend Micro
08/03/2008 17:31 <REP> TuneUp Utilities 2007
08/03/2008 17:29 <REP> TuneUp Utilities 2008
02/03/2007 17:40 <REP> TurnTool
26/03/2006 23:25 <REP> Ubi Soft
01/05/2007 13:27 <REP> UbiSoft
24/07/2007 17:50 <REP> VIA
21/07/2007 12:05 <REP> VIAudioi
08/08/2006 13:08 <REP> VideoLAN
07/02/2008 22:29 <REP> Videora
15/04/2008 14:50 <REP> VirtualDJ
14/07/2002 16:27 2 826 786 Winace 2.20.exe
29/12/2002 14:42 1 284 WinACE.2.20.Patch.Fr.Keygen.txt
30/09/2002 15:03 277 WinAce.url
27/02/2008 20:08 <REP> Windows Live
30/11/2007 20:02 <REP> Windows Live Favorites
02/03/2007 18:22 <REP> Windows Live Safety Center
30/11/2007 20:03 <REP> Windows Live Toolbar
29/03/2006 19:31 <REP> Windows Media Bonus Pack for Windows XP
30/09/2007 15:38 <REP> Windows Media Connect 2
18/01/2008 20:47 <REP> Windows Media Player
03/01/2006 03:56 <REP> Windows NT
14/07/2007 15:46 <REP> WinRAR
03/01/2006 00:32 <REP> xerox
12/03/2006 17:39 <REP> Yahoo!
29/02/2008 14:51 <REP> Zylom Games
5 fichier(s) 3 217 234 octets
112 Rép(s) 79 931 625 472 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70D5-EC31

Répertoire de C:\Program Files\fichiers communs

08/03/2008 17:07 <REP> .
08/03/2008 17:07 <REP> ..
25/02/2008 21:13 <REP> Adobe
04/01/2006 04:38 <REP> Ahead
27/12/2007 14:05 <REP> Apple
24/08/2007 18:25 <REP> DESIGNER
23/08/2006 18:44 <REP> InstallShield
10/01/2006 20:05 <REP> Java
23/08/2006 18:47 <REP> Logitech
15/01/2008 14:10 <REP> Microsoft Shared
03/01/2006 00:30 <REP> MSSoap
03/11/2006 22:36 <REP> muvee Technologies
03/11/2006 22:45 <REP> Nikon
02/01/2006 21:24 <REP> ODBC
26/07/2007 20:22 <REP> Real
03/01/2006 00:30 <REP> Services
03/01/2006 04:13 <REP> Softwin
01/01/2007 16:16 <REP> Sony Shared
02/01/2006 21:24 <REP> SpeechEngines
24/08/2007 18:24 <REP> System
08/03/2008 17:31 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
21 Rép(s) 79 931 625 472 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70D5-EC31

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

24/08/2007 18:25 <REP> .
24/08/2007 18:25 <REP> ..
04/01/2006 04:18 <REP> 1033
24/08/2007 18:25 <REP> 1036
25/04/2006 21:33 967 952 MSONSEXT.DLL
15/07/2003 06:52 35 896 MSOSV.DLL
03/06/1999 15:09 122 937 MSOWS409.DLL
07/03/2001 10:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 334 266 octets
4 Rép(s) 79 931 609 088 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70D5-EC31

Répertoire de C:\Program Files\common files

24/12/2007 23:27 <REP> .
24/12/2007 23:27 <REP> ..
24/12/2007 23:27 <REP> Sony Shared
0 fichier(s) 0 octets
3 Rép(s) 79 931 609 088 octets libres




Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 70D5-EC31

Répertoire de C:\

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chocolatier\fr-FR\chocolatier.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ddfotg\fr-FR\ddfotg.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\dinerdash2\fr-FR\dinerdash2.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\dreamchronicles\fr-FR\dreamchronicles.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\dreamchronicles\fr-FR\ZylomHost.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\sweetopia\fr-FR\sweetopia.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\trijinx\fr-FR\TriJinx.exe
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\HardwareTest.exe
c:\Documents and Settings\All Users\Bureau\spybotsd152.exe
c:\Documents and Settings\louloune\Local Settings\Temporary Internet Files\Content.IE5\W2Z3L1DQ\PLAY_MP3[1].exe
c:\Documents and Settings\marine\Local Settings\Temporary Internet Files\Content.IE5\WNY4526B\pizzachefdownload[1].exe
c:\Documents and Settings\maurane\Local Settings\Temp\Install_Messenger.exe
c:\Documents and Settings\maurane\Local Settings\Temp\services.exe
c:\Documents and Settings\maurane\Local Settings\Temp\setup_wm.exe
c:\Documents and Settings\maurane\Local Settings\Temp\.zylominstallertemp1182444252\ZylomGameITemp.exe
c:\Documents and Settings\maurane\Local Settings\Temp\.zylomisrtemp1198763113\ZylomGameITemp.exe
c:\Documents and Settings\maurane\Local Settings\Temp\.zylomisrtemp1198763139\ZylomGameITemp.exe
c:\Documents and Settings\maurane\Local Settings\Temp\.zylomisrtemp1198763172\ZylomGameITemp.exe
c:\Documents and Settings\maurane\Local Settings\Temp\.zylomisrtemp1198763192\ZylomGameITemp.exe
c:\Documents and Settings\maurane\Local Settings\Temp\bye18.tmp\Disk1\setup.exe
c:\Documents and Settings\maurane\Local Settings\Temp\bye2F.tmp\Disk1\setup.exe
c:\Documents and Settings\maurane\Local Settings\Temp\byeA9.tmp\Disk1\setup.exe
c:\Documents and Settings\maurane\Local Settings\Temp\byeAA.tmp\Disk1\setup.exe
c:\Documents and Settings\maurane\Local Settings\Temp\byeB7.tmp\Disk1\setup.exe
c:\Documents and Settings\maurane\Local Settings\Temp\byeCB.tmp\Disk1\setup.exe
c:\Documents and Settings\maurane\Local Settings\Temp\byeEF.tmp\Disk1\setup.exe
c:\Documents and Settings\maurane\Local Settings\Temp\Div3.tmp\PatchInstaller.exe
c:\Documents and Settings\maurane\Local Settings\Temp\Magentic\MagenticInstall\bin\mgsetup.exe
c:\Documents and Settings\MCPC\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\MCPC\Application Data\Adobe\Acrobat\7.0\Updater\multimedia_efgj.exe
c:\Documents and Settings\MCPC\Application Data\Nikon\Message Center\DOWNLOAD_LOG\11914\S-P2____-161WU-EURFR.exe
c:\Documents and Settings\MCPC\Application Data\Nikon\Message Center\DOWNLOAD_LOG\12397\S-P2____-164WU-EURFR.exe
c:\Documents and Settings\MCPC\Application Data\Nikon\Message Center\DOWNLOAD_LOG\12550\A-MCA___-113W_U-EURFR.exe
c:\Documents and Settings\MCPC\Application Data\Nikon\Message Center\DOWNLOAD_LOG\12670\S-P2____-175WU-EURFR.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\MCPC\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\MCPC\Mes documents\avast_avast_4.7.1001_francais_anglais_11113.exe
c:\Documents and Settings\MCPC\Mes documents\DOSSIERS IMPORTANTS\HJTInstall 2.exe
c:\Documents and Settings\MCPC\Mes documents\pilotes\pc-wizard-experience-edition_pc_wizard_experience_edition_2007.1.72_francais_10988.exe
c:\Documents and Settings\MCPC\Mes documents\pilotes\A1u680b\INSTMSIA.EXE
c:\Documents and Settings\MCPC\Mes documents\pilotes\A1u680b\INSTMSIW.EXE
c:\Documents and Settings\MCPC\Mes documents\pilotes\A1u680b\SETUP.EXE
c:\Documents and Settings\MCPC\Mes documents\pilotes\A1u680b\Vinyl\VinylUpDrv64.exe
c:\Documents and Settings\MCPC\Mes documents\pilotes\A1u680b\Vinyl\CPL\ADeck.exe
c:\Documents and Settings\MCPC\Mes documents\pilotes\A1u680b\Vinyl\CPL\vpatch.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Babel\babel.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Babel\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Babel\fr-FR\babel.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Babel\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\BCASFWeb\fr-FR\bass.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\BCASFWeb\fr-FR\BCASFWeb.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\bejeweled2\fr-FR\Bejeweled2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\BigIslandBlends\fr-FR\BigIslandBlends.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\chainz2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\core.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\file.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\gfx2d.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\gfx2d_dd7.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\imglib.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\jpeg.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\logger.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\msvcr71.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\snd3d.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\snd3d_fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chainz2\fr-FR\ui2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\chuzzle\fr-FR\Chuzzle.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Delicious\fr-FR\delicious.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Delicious\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\delicious2\fr-FR\Delicious2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\delicious2\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\deliciouswinteredition\fr-FR\deliciouswinteredition.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\deliciouswinteredition\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\dreamchronicles\fr-FR\ZylomAdapter.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ElDorado\fr-FR\Eldorado.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ElDorado\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\FeedingFrenzy\fr-FR\FeedingFrenzy.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\GenericGameExtension\GenericGameExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\hotelmahjong\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\hotelmahjong\fr-FR\HotelMahjong.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\insaniquarium\fr-FR\insaniquarium.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Lotus\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Lotus\fr-FR\lotus.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\core.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\file.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\gfx2d.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\gfx2d_dd7.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\imglib.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\jpeg.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\logger.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\luxor.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\msvcr71.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\snd3d.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\snd3d_fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\luxor\fr-FR\ui2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\mahjongescape\fr-FR\bass.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\mahjongescape\fr-FR\mahjongescape.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\mahjongescape\fr-FR\Resource.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\mahjongescapeaj\fr-FR\bass.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\mahjongescapeaj\fr-FR\mahjongescapeaj.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\mahjongescapeaj\fr-FR\Resource.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MahjongFortuna2\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MahjongFortuna2\fr-FR\mahjongfortuna2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MumboJumboExtension\MumboJumboExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MyZylomExtension\MyZylomExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PastimePuzzles\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PastimePuzzles\fr-FR\PastimePuzzles.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\peggle\fr-FR\bass.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\peggle\fr-FR\j2k-codec.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\peggle\fr-FR\peggle.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PharaohsSolitaire\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PharaohsSolitaire\PharaohsSolitaire.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PharaohsSolitaire\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PharaohsSolitaire\fr-FR\PharaohsSolitaire.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\pixelus\fr-FR\Pixelus.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PlayfirstExtension\PlayfirstExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PlaytimeExtension\PlaytimeExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PopcapExtension\PopcapExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\rainforestadventure\fr-FR\rainforestadventure.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Ribiba\fr-FR\ribiba.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\SafariIsland\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\SafariIsland\fr-FR\SafariIsland.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ShangriLa\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ShangriLa\fr-FR\shangrila.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\SproutExtension\SproutExtension.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\sunsetstudio\fr-FR\sunsetstudio.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\textexpress2\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\textexpress2\fr-FR\textexpress2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TrivialPursuit\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TrivialPursuit\fr-FR\msvcr71d.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TrivialPursuit\fr-FR\trivialpursuit.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TrivialPursuitEighties\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TrivialPursuitEighties\fr-FR\trivialpursuiteighties.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TrivialPursuitNineties\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TrivialPursuitNineties\fr-FR\trivialpursuitnineties.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TwoOfAKind\fr-FR\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\TwoOfAKind\fr-FR\TwoOfAKind.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\Zuma\fr-FR\Zuma.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomDeluxeInstaller\ZylomDeluxeInstaller.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\ZylomExtension.dll
c:\Documents and Settings\maurane\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVK3}\xmlparse.dll
c:\Documents and Settings\maurane\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVL6}\xmlparse.dll
c:\Documents and Settings\maurane\Application Data\Identities\{000HQ7FF-AD7A-3FG7-DNQC-2227NIQAQVVA}\xmlparse.dll
c:\Documents and Settings\maurane\Application Data\Identities\{002AVPFP-JHLQ-ABE5-RUNH-200OMT85IVUO}\xmlparse.dll
c:\Documents and Settings\maurane\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\MCPC\Application Data\Identities\{0000278T-TT9K-T8DU-12ET-241L598QQVVQ}\xmlparse.dll
c:\Documents and Settings\MCPC\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVK3}\xmlparse.dll
c:\Documents and Settings\MCPC\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVL6}\xmlparse.dll
c:\Documents and Settings\MCPC\Application Data\Identities\{000HQ7FF-AD7A-3FG2-FTST-22EV6QAI2VV1}\xmlparse.dll
c:\Documents and Settings\MCPC\Application Data\Identities\{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUR}\xmlparse.dll
c:\Documents and Settings\MCPC\Application Data\Identities\{000HQ7FF-AD7A-3FG6-18S6-24RHV5SBEVUU}\xmlparse.dll
c:\Documents and Settings\MCPC\Application Data\Identities\{002AVPFP-JHLQ-ABE4-QA67-20IOCV7P6VVE}\xmlparse.dll
c:\Documents and Settings\MCPC\Application Data\Identities\{002AVPFP-JHLQ-ABE5-RUNH-200OMT85IVUO}\xmlparse.dll
c:\Documents and Settings\MCPC\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\MCPC\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_MPC-TRDVOQLEJDE.tar.gz a l'adresse http://upload.malekal.com

[mouflette]

desole n ai pas pu envoyer le fichier ca ne marche pas merci pour les premieres manips bonsoir j attends de vos nouvelles

[Malekal_morte]

Vas dans ajout/suppression de programmes et lance la désinstallation de : Crawler Toolbar with Web Security Guard


[*]Télécharge OTMoveIt de OldTimer.
[*]Sauvegarde le sur ton Bureau.
[*]Double-Clique sur OTMoveIt.exe pour le lancer.
[*]Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :[/list]

[kill explorer]
C:\Program Files\Crawler
C:\Program Files\Multi_Media_France
[start explorer]

[*]Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
[*]Clique sur le bouton rouge Moveit!.
[*]Ferme OTMoveIt.
Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

Poste nous le rapport de OTMoveIT dispo ici : C:\_OTMoveIt\MovedFiles




Mon avis est qu'Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations :
http://forum.malekal.com/avast-vs-antivir-t3528.html
http://forum.malekal.com/un-point-sur-l ... t3123.html

Pour moi, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place (ce n'est pas une obligation) : https://www.malekal.com/tutorial_antivir.php

Pour t'aider tu peux suivre ce lien : http://forum.malekal.com/abandonner-ava ... t4192.html

[mouflette]

voila je sais pas si c est bon Explorer killed successfully
File/Folder C:\Program Files\Crawler not found.
C:\Program Files\Multi_Media_France moved successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 0416

[mouflette]

desole je n arrive pas a poster le resultat a l autre adresse pour ce qui est d avast j ai potasse le sujet abandonner avast pour antivir je vais le faire en sachant que j ai aussi spybot ccleaner diskcleaner et asquaredfree qu en pensez vous ?

[Malekal_morte]

a-squared à désinstaller, inutile.
Diskeeper mouais.. j'aime pas trop les défragmenteurs comme ça.

J'attends la suite.

[mouflette]

c est pas diskqueper c est diskcleaner je sais pas si y a une difference et pour le resultat du dernier scan de OTMovelt2 ca donne quoi ?

[mouflette]

bonsoir j attend des news suite a mon dernier rapport merci que dois je faire maintenant

[Malekal_morte]

Mon avis est qu'Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations :
http://forum.malekal.com/avast-vs-antivir-t3528.html
http://forum.malekal.com/un-point-sur-l ... t3123.html

Pour moi, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place (ce n'est pas une obligation) : https://www.malekal.com/tutorial_antivir.php

Pour t'aider tu peux suivre ce lien : http://forum.malekal.com/abandonner-ava ... t4192.html

[mouflette]

je vais desinstaller avast mais avant j voulais savoir si y a + rien sur mon ordi le resultat du dernier scan avec movelt est affiche + haut mais comme tu ne m en parle pas ......

[Malekal_morte]

Non y a rien.