le patron

salut j'aimerais que vous m'aidiez a supprimez les trojans et spyware de mon pc car je le trouve au ralenti il doit avoir un rootkit .et j'ai aussi des page qui s'ouvre ttes seules tel que "yes messenger" ou "spyware secure" je vous pris de m'aider voila un hijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:46:23, on 09/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Acer\AcerTour\Reminder.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\BR040286.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\p2phost.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\Free Download Manager\FUM\fum.exe C:\Program Files\Free Download Manager\FUM\fumoei.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\LEPATR~1\AppData\Local\Temp\RtkBtMnt.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Downloads\Software\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: eNetHook.dll,avgrsstx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11969 bytes

slt rien a faire, je n'arrive pas a refaire ie fonctionné convenablement. j'ai essayé de supprimé ma session puisque c'est la d'ou vient le problème

salut j'ai fait ce que tu m'as dit mais je n'arrive pas a l'installer quand meme... ça me met une fenetre fichiers necessaires qui dit :"le fichier IEXPLORE.EXE de cd du service pack 2 pour Windows xp plus bas ça demande d'entrer le chemin d'accès au fichier, puis de cliquer sur ok , je le fait et ça ne fait rien

slt IE ne s'ouvre pas carrément je ne comprend pas pourquoi

j'aimerai bien faire un scan en ligne mais il se trouve que kan je démarre l'icône internet explorer,ça m'affiche:"internet explorer ne peut afficher cette page".. donc j'utilise mozilla firefox et je n'arrive pa a faire se scan en ligne avec.

allllllllllloo j'attend tes instructions

allooo tu m'as oublié ?

voila je l'ai refait DiagHelp version v1.1 - http://www.malekal.com excute le 31/05/2007 à 19:25:42,21 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\fidbox.dat -->31/05/2007 19:22:12 C:\WINDOWS\System32/drivers\fidbox2.idx -->31/05/2007 18:00:16 C:\WINDOWS\System32/drivers\fidbox2.dat -->31/05/2007 18:00:16 C:\WINDOWS\System32/drivers\fidbox.idx -->31/05/2007 18:00:16 C:\WINDOWS\System32/drivers\klin.dat -->17/05/2007 13:22:37 C:\WINDOWS\System32/drivers\klick.dat -->17/05/2007 13:22:37 C:\WINDOWS\System32/drivers\sptd.sys -->12/05/2007 15:21:37 C:\WINDOWS\System32\nvapps.xml -->31/05/2007 18:09:08 C:\WINDOWS\System32\wpa.dbl -->31/05/2007 18:08:32 C:\WINDOWS\System32\perfh00C.dat -->30/05/2007 10:41:52 C:\WINDOWS\System32\perfh009.dat -->30/05/2007 10:41:52 C:\WINDOWS\System32\perfc00C.dat -->30/05/2007 10:41:52 C:\WINDOWS\System32\perfc009.dat -->30/05/2007 10:41:52 C:\WINDOWS\System32\PerfStringBackup.INI -->30/05/2007 10:41:51 C:\WINDOWS\System32\d3d8caps.dat -->28/05/2007 12:45:43 C:\WINDOWS\System32\MRT.exe -->11/05/2007 15:18:46 C:\WINDOWS\System32\FNTCACHE.DAT -->03/05/2007 20:34:06 C:\WINDOWS\System32\msi.dll -->18/04/2007 18:14:18 C:\WINDOWS\System32\wups.dll -->16/04/2007 22:47:36 C:\WINDOWS\System32\wuaucpl.cpl.mui -->16/04/2007 22:47:26 C:\WINDOWS\System32\wuapi.dll.mui -->16/04/2007 22:46:54 C:\WINDOWS\System32\wuaueng.dll -->16/04/2007 22:45:54 C:\WINDOWS\System32\wuapi.dll -->16/04/2007 22:45:48 C:\WINDOWS\System32\wucltui.dll -->16/04/2007 22:45:42 C:\WINDOWS\System32\wuaueng.dll.mui -->16/04/2007 22:45:42 C:\WINDOWS\System32\wuaucpl.cpl -->16/04/2007 22:45:40 C:\WINDOWS\System32\wuweb.dll -->16/04/2007 22:45:36 C:\WINDOWS\System32\cdm.dll -->16/04/2007 22:45:28 C:\WINDOWS\System32\wups2.dll -->16/04/2007 22:45:20 C:\WINDOWS\System32\wuauclt.exe -->16/04/2007 22:45:20 C:\WINDOWS\System32\wucltui.dll.mui -->16/04/2007 22:45:06 C:\WINDOWS\System32\mucltui.dll -->16/04/2007 22:44:20 C:\WINDOWS\WindowsUpdate.log -->31/05/2007 18:11:33 C:\WINDOWS\wiadebug.log -->31/05/2007 18:01:11 C:\WINDOWS\wiaservc.log -->31/05/2007 18:01:08 C:\WINDOWS.log -->31/05/2007 18:01:04 C:\WINDOWS\bootstat.dat -->31/05/2007 18:01:03 C:\WINDOWS\SchedLgU.Txt -->31/05/2007 18:00:06 C:\WINDOWS\bthservsdp.dat -->31/05/2007 18:00:00 C:\WINDOWS\NeroDigital.ini -->30/05/2007 20:03:15 C:\WINDOWS\setupact.log -->29/05/2007 23:39:32 C:\WINDOWS\ntbtlog.txt -->28/05/2007 15:17:39 C:\WINDOWS\tsoc.log -->25/05/2007 13:50:47 C:\WINDOWS\ocmsn.log -->25/05/2007 13:50:47 C:\WINDOWS\ntdtcsetup.log -->25/05/2007 13:50:47 C:\WINDOWS\KB927891.log -->25/05/2007 13:50:47 C:\WINDOWS\imsins.log -->25/05/2007 13:50:47 Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 28EC-B834 Répertoire de C:\WINDOWS\system 07/05/1998 18:04 52 736 hpsysdrv.exe 1 fichier(s) 52 736 octets 0 Rép(s) 71 261 208 576 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 28EC-B834 Répertoire de C:\WINDOWS\system32 05/08/2004 20:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 71 261 208 576 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 28EC-B834 Répertoire de C:\WINDOWS\Downloaded Program Files 13/04/2007 20:12 <REP> . 13/04/2007 20:12 <REP> .. 24/08/2006 09:28 141 424 asinst.dll 22/08/2006 10:06 537 asinst.inf 07/12/2004 17:07 32 bdcore.dll 01/03/2005 15:08 118 784 bdupd.dll 23/11/2004 23:20 65 desktop.ini 26/07/2002 02:13 24 576 dwusplay.dll 26/07/2002 02:13 196 608 dwusplay.exe 22/11/2006 23:22 372 736 GAME_UNO1.dll 22/11/2006 20:50 316 GAME_UNO1.INF 02/08/2002 11:26 126 976 gsda.dll 01/03/2005 15:08 53 248 ipsupd.dll 28/07/2004 00:48 323 584 isusweb.dll 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 22/02/2007 23:41 304 544 MessengerStatsPAClient.dll 28/02/2007 14:21 130 472 MineSweeper.dll 01/06/2006 03:57 1 331 oscan8.inf 01/06/2006 03:54 471 040 oscan8.ocx 31/05/2006 05:15 10 oscan81.ocx_x 14/03/2005 14:58 7 073 scanoptions.tsi 09/11/2006 15:36 5 019 swflash.inf 22 fichier(s) 2 285 940 octets Total des fichiers listés : 22 fichier(s) 2 285 940 octets 2 Rép(s) 71 261 204 480 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II" "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe:*:Enabled:Age of Empires II" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Documents and Settings\\MaDiNiNa_972\\Mes documents\\Jeux\\Warcraft III\\Warcraft III.exe"="C:\\Documents and Settings\\MaDiNiNa_972\\Mes documents\\Jeux\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... REGEDIT4 [taskmgr.exe] catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-31 19:26:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 268 - alg.exe 364 - firefox.exe 728 - csrss.exe 752 - winlogon.exe 800 - services.exe 812 - lsass.exe 968 - svchost.exe 1016 - svchost.exe 1056 - svchost.exe 1312 - epmworker.exe 1496 - avp.exe 1516 - svchost.exe 1604 - mdm.exe 1636 - nvsvc32.exe 2056 - explorer.exe 2348 - usnsvc.exe 2508 - wuauclt.exe 2520 - cmd.exe 2828 - WinRAR.exe 2956 - kbd.exe 3008 - rundll32.exe 3064 - rundll32.exe 3096 - rundll32.exe 3128 - avp.exe 3232 - msnmsgr.exe 3320 - msmsgs.exe 3340 - ctfmon.exe 3436 - BTTray.exe 3472 - hpqtra08.exe Total number of processes = 30 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F8AA5000 - \WINDOWS\system32\KDCOM.DLL F89B5000 - \WINDOWS\system32\BOOTVID.dll F83DC000 - sptd.sys F8AA7000 - \WINDOWS\System32\Drivers\WMILIB.SYS F83C4000 - \WINDOWS\System32\Drivers\SPTDDRV1.SYS F8395000 - ACPI.sys F8384000 - pci.sys F85A5000 - ohci1394.sys F85B5000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F85C5000 - isapnp.sys F8B6D000 - pciide.sys F8825000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8AA9000 - viaide.sys F8AAB000 - intelide.sys F85D5000 - MountMgr.sys F8365000 - ftdisk.sys F882D000 - PartMgr.sys F85E5000 - VolSnap.sys F834D000 - atapi.sys F85F5000 - disk.sys F8605000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F832D000 - fltMgr.sys F831B000 - sr.sys F8615000 - PxHelp20.sys F8304000 - KSecDD.sys F8277000 - Ntfs.sys F824A000 - NDIS.sys F822F000 - Mup.sys F8213000 - kl1.sys F8835000 - \WINDOWS\system32\drivers\TDI.SYS F8655000 - \SystemRoot\system32\DRIVERS\nic1394.sys F7911000 - \SystemRoot\system32\DRIVERS\intelppm.sys F75B3000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F759F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F757A000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F8935000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F7557000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F893D000 - \SystemRoot\system32\DRIVERS\usbehci.sys F7544000 - \SystemRoot\system32\DRIVERS\Rtlnicxp.sys F7438000 - \SystemRoot\system32\DRIVERS\AGRSM.sys F7415000 - \SystemRoot\system32\DRIVERS\ks.sys F8945000 - \SystemRoot\System32\Drivers\Modem.SYS F7401000 - \SystemRoot\system32\DRIVERS\parport.sys F7901000 - \SystemRoot\system32\DRIVERS\imapi.sys F78F1000 - \SystemRoot\system32\DRIVERS\cdrom.sys F78E1000 - \SystemRoot\system32\DRIVERS\redbook.sys F894D000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys F73B7000 - \SystemRoot\System32\Drivers\awvm81yp.SYS F739F000 - \SystemRoot\System32\Drivers\SCSIPORT.SYS F725B000 - \SystemRoot\system32\DRIVERS\btkrnl.sys F8C5A000 - \SystemRoot\system32\DRIVERS\audstub.sys F899D000 - \SystemRoot\system32\DRIVERS\rasirda.sys F78D1000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F8183000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F7244000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F78C1000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F8645000 - \SystemRoot\system32\DRIVERS\raspptp.sys F7233000 - \SystemRoot\system32\DRIVERS\psched.sys F8665000 - \SystemRoot\system32\DRIVERS\msgpc.sys F89AD000 - \SystemRoot\system32\DRIVERS\ptilink.sys F8845000 - \SystemRoot\system32\DRIVERS\raspti.sys F8675000 - \SystemRoot\system32\DRIVERS\termdd.sys F8875000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F887D000 - \SystemRoot\system32\DRIVERS\mouclass.sys F8685000 - \SystemRoot\system32\DRIVERS\stmatm.sys F8ADD000 - \SystemRoot\system32\DRIVERS\swenum.sys F71B5000 - \SystemRoot\system32\DRIVERS\update.sys F8A89000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F8695000 - \SystemRoot\System32\Drivers\NDProxy.SYS F48EE000 - \SystemRoot\system32\drivers\RtkHDAud.sys F48CC000 - \SystemRoot\system32\drivers\portcls.sys F86A5000 - \SystemRoot\system32\drivers\drmk.sys F86B5000 - \SystemRoot\system32\DRIVERS\usbhub.sys F8AE1000 - \SystemRoot\system32\DRIVERS\USBD.SYS F8AE3000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8C08000 - \SystemRoot\System32\Drivers\Null.SYS F8AE5000 - \SystemRoot\System32\Drivers\Beep.SYS F889D000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F88A5000 - \SystemRoot\System32\drivers\vga.sys F8AE9000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8AEB000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F88AD000 - \SystemRoot\System32\Drivers\Msfs.SYS F88B5000 - \SystemRoot\System32\Drivers\Npfs.SYS F8A75000 - \SystemRoot\system32\DRIVERS\rasacd.sys F4849000 - \SystemRoot\system32\DRIVERS\ipsec.sys F47F1000 - \SystemRoot\system32\DRIVERS\tcpip.sys F47C9000 - \SystemRoot\system32\DRIVERS\netbt.sys F47A8000 - \SystemRoot\system32\DRIVERS\ipnat.sys F4786000 - \SystemRoot\System32\drivers\afd.sys F86E5000 - \SystemRoot\system32\DRIVERS\netbios.sys F86F5000 - \SystemRoot\system32\DRIVERS\wanarp.sys F475B000 - \SystemRoot\system32\DRIVERS\rdbss.sys F46EC000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F8705000 - \SystemRoot\system32\DRIVERS\arp1394.sys F46B1000 - \??\C:\WINDOWS\system32\drivers\klif.sys F8725000 - \SystemRoot\System32\Drivers\Fips.SYS F88C5000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F4604000 - \SystemRoot\system32\DRIVERS\torususb.sys F88D5000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F45E1000 - \SystemRoot\System32\Drivers\Fastfat.SYS F719D000 - \SystemRoot\system32\DRIVERS\usbscan.sys F88DD000 - \SystemRoot\system32\DRIVERS\usbprint.sys F88E5000 - \SystemRoot\system32\DRIVERS\HPZius12.sys F45D0000 - \SystemRoot\System32\Drivers\Udfs.SYS F4599000 - \SystemRoot\system32\DRIVERS\camdrv21.sys F8785000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F88ED000 - \SystemRoot\system32\DRIVERS\USBCAMD2.SYS F8795000 - \SystemRoot\system32\drivers\usbaudio.sys F718D000 - \SystemRoot\system32\DRIVERS\hidusb.sys F87A5000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F87B5000 - \SystemRoot\system32\DRIVERS\HPZid412.sys F48AC000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F48A8000 - \SystemRoot\system32\DRIVERS\mouhid.sys F81B3000 - \SystemRoot\system32\DRIVERS\HPZipr12.sys F44E1000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8B13000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F4870000 - \SystemRoot\System32\drivers\Dxapi.sys F88F5000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F8BE3000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BAC82000 - \SystemRoot\system32\DRIVERS\irda.sys BAD08000 - \SystemRoot\system32\DRIVERS\ndisuio.sys BA24D000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F898D000 - \??\C:\WINDOWS\system32\drivers\btserial.sys BA1F3000 - \??\C:\WINDOWS\system32\drivers\btslbcsp.sys BA011000 - \SystemRoot\system32\DRIVERS\srv.sys B94B4000 - \SystemRoot\system32\drivers\wdmaud.sys BA173000 - \SystemRoot\system32\drivers\sysaudio.sys B9E09000 - \SystemRoot\System32\Drivers\Cdfs.SYS B9295000 - \SystemRoot\System32\Drivers\HTTP.sys B7065000 - \SystemRoot\system32\drivers\kmixer.sys F8CC2000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 136 Liste des programmes installes 1000Tour 1200 1200_Help 1200Trb Adaptateur USB-IrDA Adobe Flash Player 9 ActiveX Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.9 - Français Agere Systems PCI Soft Modem AiO_Scan AiOSoftware Archiveur WinRAR ArcSoft PhotoBase 3 ArcSoft PhotoImpression ArcSoft VideoImpression 1.6 AVS Video Tools 5.3 BeWAN ADSL modem BufferChm CameraDrivers CameraDrivers CCleaner (remove only) Connexion Facile à Internet Connexion Facile à Internet Correctif pour Windows XP (KB914440) Correctif pour Windows XP (KB935448) Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888239 Correctif Windows XP - KB888302 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB893066 CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config CueTour Destinations DeviceManagementQFolder DFX 8 for Winamp Disc2Phone DivX DivX Player DivX Web Player DocProc DocumentViewer DocumentViewerQFolder EF CheckSum Manager Fax GameSpy Arcade Google Earth High Definition Audio - KB888111 HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Appareils photos Photosmart 5.0 HP Deskjet Printer Preload HP Document Viewer 5.3 HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP Multimedia Keyboard Software HP Photosmart 330,380,420,470,7800,8000,8200 Series HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant HpSdpAppCoreApp InstantShareDevices InterVideo WinDVD Player iTunes iTunes J2SE Runtime Environment 5.0 Update 11 Kaspersky Internet Security 6.0 Kaspersky Internet Security 6.0 Lecteur Windows Media 11 LightScribe 1.4.42.1 LimeWire 4.12.6 Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Age of Empires II Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint Viewer 2003 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mozilla Firefox (2.0.0.3) Mozilla Firefox (2.0.0.4) MP3 Player Utilities 3.13 MP3 Player Utilities 3.5.02 MP3 Player Utilities 3.68 MP3 Player Utilities 4.09 MSN MSXML 4.0 SP2 (KB927978) muvee autoProducer 4.0 Need for Speed™ Carbon Nero 7 Premium NewCopy NVIDIA Drivers Panda ActiveScan PanoStandAlone PC-Doctor 5 for Windows PC-Doctor 5 for Windows Philips ToUcam Pro Camera PhotoGallery PrintMaster ClickArt ProductContext PS2 PSPrinters08 PSTAPlugin Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder QuickTime RandMap Readme RealPlayer s3ven MSN Nick changer winamp plugin Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Excel 2007 (KB934670) Security Update for Office 2007 (KB934062) SHARP GX20 Handset Manager SkinsHP1 SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Sony Ericsson PC Suite 1.20.224 Status SuperCopier2 Theme Hospital TrayApp TuneUp Utilities 2007 Unload Update for Office 2007 (KB932080) Update for Office 2007 (KB933688) Update for Office 2007 (KB934393) Update for Outlook 2007 Junk Email Filter (KB934655) Update for Word 2007 (KB934173) VideoLAN VLC media player 0.8.6 VideoLink Pro WebFldrs XP WebReg WIDCOMM Bluetooth Software Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Yahoo! Toolbar Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 28EC-B834 Répertoire de C:\Program Files 12/05/2007 15:36 <REP> . 12/05/2007 15:36 <REP> .. 03/01/2005 01:00 <REP> Adobe 06/05/2006 12:07 <REP> ArcSoft 30/08/2006 22:07 <REP> AVSMedia 15/04/2006 05:01 <REP> Azureus 09/05/2006 02:38 <REP> Broderbund 26/01/2007 21:32 <REP> CCleaner 24/11/2004 03:37 <REP> ComPlus Applications 12/05/2007 15:25 <REP> DAEMON Tools 01/04/2006 19:14 <REP> DFX 24/05/2006 19:21 <REP> DIFX 30/08/2006 16:11 <REP> Disc2Phone 03/04/2006 18:14 <REP> DivX 09/09/2006 19:25 <REP> Easy Internet signup 14/01/2007 16:08 <REP> EFCM 28/05/2007 15:30 <REP> Electronic Arts 03/05/2007 20:00 <REP> Fichiers communs 25/10/2006 21:39 <REP> Free Download Manager 03/05/2007 20:26 <REP> GameSpy Arcade 20/12/2006 19:17 <REP> Google 30/12/2006 18:27 <REP> Grisoft 04/08/2006 17:45 <REP> GX20 Handset Manager 03/01/2005 00:59 <REP> Hewlett-Packard 30/05/2007 17:59 <REP> HijackThis 03/01/2005 00:47 <REP> HP 05/06/2006 20:31 <REP> ImTOO 11/05/2007 22:35 <REP> Internet Explorer 03/01/2005 00:59 <REP> InterVideo 03/01/2005 01:01 <REP> iPod 06/03/2007 21:01 <REP> iTunes 08/03/2007 20:44 <REP> Java 02/08/2006 19:17 <REP> JoWooD 18/02/2007 11:44 <REP> Kaspersky Lab 29/12/2006 17:11 <REP> LimeWire 06/03/2007 21:02 <REP> Messenger 03/05/2007 19:19 <REP> Messenger Plus! Live 10/05/2007 22:41 <REP> Microsoft CAPICOM 2.1.0.2 25/11/2004 05:27 <REP> microsoft frontpage 09/10/2006 17:42 <REP> Microsoft Games 03/05/2007 20:00 <REP> Microsoft Office 03/05/2007 20:00 <REP> Microsoft Visual Studio 03/05/2007 20:01 <REP> Microsoft Works 03/05/2007 19:57 <REP> Microsoft.NET 25/11/2004 05:27 <REP> Movie Maker 31/05/2007 18:32 <REP> Mozilla Firefox 06/04/2007 09:57 <REP> MP3 Player Utilities 3.13 06/04/2007 13:04 <REP> MP3 Player Utilities 3.5.02 06/04/2007 13:12 <REP> MP3 Player Utilities 4.09 03/05/2007 20:00 <REP> MSBuild 01/07/2006 17:14 <REP> MSI 01/04/2006 02:53 <REP> MSN 25/11/2004 05:27 <REP> MSN Gaming Zone 03/05/2007 19:24 <REP> MSN Messenger 15/11/2006 10:34 <REP> MSXML 4.0 25/01/2007 20:44 168 msxnrgvj.txt 03/01/2005 01:04 <REP> muvee Technologies 05/05/2007 19:03 <REP> MyMPxPlayer.org 23/02/2007 19:55 <REP> Nero 01/02/2005 11:01 <REP> NetMeeting 25/11/2004 05:27 <REP> Online Services 16/12/2006 01:13 <REP> Outlook Express 21/03/2003 13:37 16 056 owcstp16.dll 03/01/2005 01:14 <REP> PC-Doctor 5 for Windows 06/03/2007 21:06 <REP> Philips ToUcam Camera 30/12/2006 17:03 <REP> QuickTime 15/04/2006 03:38 <REP> Real 03/01/2005 01:12 <REP> Services en ligne 31/03/2006 02:38 <REP> Softwin 03/01/2005 00:58 <REP> Sonic 30/08/2006 15:51 <REP> Sony Ericsson 03/05/2007 20:34 <REP> Spybot - Search & Destroy 08/04/2006 21:17 <REP> SuperCopier 06/03/2007 21:08 <REP> SuperCopier2 22/12/2006 21:35 <REP> Symantec 15/04/2006 01:49 <REP> SymNetDrv 06/03/2007 21:08 <REP> TuneUp Utilities 2007 24/11/2004 03:37 <REP> Uninstall Information 22/12/2006 21:36 <REP> VideoLAN 06/05/2006 10:42 <REP> VideoLink Pro 06/03/2007 21:09 <REP> Winamp 03/05/2007 20:26 <REP> Windows Live Safety Center 06/03/2007 21:09 <REP> Windows Live Toolbar 14/01/2007 16:05 <REP> Windows Media Connect 2 22/12/2006 21:48 <REP> Windows Media Player 01/02/2005 11:01 <REP> Windows NT 03/05/2007 20:34 <REP> WinRAR 25/11/2004 05:28 <REP> xerox 26/01/2007 21:32 <REP> Yahoo! 2 fichier(s) 16 224 octets 87 Rép(s) 71 259 430 912 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 28EC-B834 Répertoire de C:\Program Files\fichiers communs 03/05/2007 20:00 <REP> . 03/05/2007 20:00 <REP> .. 15/02/2007 17:20 <REP> Adobe 23/02/2007 20:02 <REP> Ahead 30/08/2006 22:09 <REP> AVSMedia 03/05/2007 20:00 <REP> DESIGNER 03/01/2005 00:53 <REP> Hewlett-Packard 03/01/2005 00:50 <REP> HP 03/01/2005 01:03 <REP> InstallShield 03/01/2005 00:31 <REP> Java 06/03/2007 20:52 <REP> LightScribe 03/05/2007 20:18 <REP> Microsoft Shared 25/11/2004 05:26 <REP> MSSoap 03/01/2005 01:04 <REP> muvee Technologies 25/11/2004 05:26 <REP> ODBC 18/01/2007 22:18 <REP> Panda Software 15/04/2006 03:39 <REP> Real 01/02/2005 11:01 <REP> Services 06/05/2006 10:42 <REP> Smith Micro Shared 31/05/2006 02:16 <REP> Softwin 03/01/2005 00:57 <REP> Sonic Shared 25/11/2004 05:26 <REP> SpeechEngines 03/01/2005 00:57 <REP> SureThing Shared 22/12/2006 21:35 <REP> Symantec Shared 03/05/2007 20:15 <REP> System 06/03/2007 20:53 <REP> Teleca Shared 03/01/2005 00:58 <REP> TiVo Shared 18/02/2007 16:11 <REP> Wise Installation Wizard 15/04/2006 03:39 <REP> xing shared 0 fichier(s) 0 octets 29 Rép(s) 71 259 426 816 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 28EC-B834 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 03/05/2007 20:14 <REP> . 03/05/2007 20:14 <REP> .. 31/03/2006 03:35 <REP> 1033 03/05/2007 20:18 <REP> 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 03/06/1999 19:09 122 937 MSOWS409.DLL 07/03/2001 14:00 127 033 MSOWS40c.DLL 29/01/2004 16:08 86 016 PKMWS.DLL 5 fichier(s) 1 346 770 octets 4 Rép(s) 71 259 426 816 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 28EC-B834 Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 71 259 426 816 octets libres c:\Documents and Settings\HP_Propriétaire\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\HP_Propriétaire\Bureau\Windows-KB890830-V1.29.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\diff.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\find2.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\grep.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\streams.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Invité\Bureau\Max Payne\MaxPayne.exe c:\Documents and Settings\MaDiNiNa_972\.limewire\.NetworkShare\LimeWireWin4.12.11.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}\_154754de.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}\_39b32d12.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}\_428b26a6.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}\_644366bb.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}\_74d4dc8.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{2D5B83B8-98A0-4F9C-AE1D-BED98AE17467}\_121f73da.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{2D5B83B8-98A0-4F9C-AE1D-BED98AE17467}\_12e1798b.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{2D5B83B8-98A0-4F9C-AE1D-BED98AE17467}\_3ef6822.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{2D5B83B8-98A0-4F9C-AE1D-BED98AE17467}\_5991409d.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_676DC81D912A6677D0EFC4.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_7DCF10681A8382FFDEEAE8.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_7EC80E276239A1DC886356.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_CC9EDFE9EC0F100678C534.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_FEBA4063AF0EDCA3ECE13C.exe c:\Documents and Settings\MaDiNiNa_972\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\MaDiNiNa_972\Local Settings\Temp\AutoRun.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Need For Speed Carbon\Pack_Need_for_speed_Carbon_CRACK_KEYGEN_DAEMON_byNoemy\Daemon tools v4.06-x86 byNoemy.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Need For Speed Carbon\Pack_Need_for_speed_Carbon_CRACK_KEYGEN_DAEMON_byNoemy\NFS Carbon KeygenGenerator byNoemy.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Need For Speed Carbon\Pack_Need_for_speed_Carbon_CRACK_KEYGEN_DAEMON_byNoemy\NFSC.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Pes 6\Crack Pes6\Pack_Pro_evolution_soccer_6_CRACK_KEYGEN_DAEMON_byNoemy\Daemon tools v4.06-x86 byNoemy.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Pes 6\Crack Pes6\Pack_Pro_evolution_soccer_6_CRACK_KEYGEN_DAEMON_byNoemy\PES6 KeygenGenerator byNoemy.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Pes 6\Crack Pes6\Pack_Pro_evolution_soccer_6_CRACK_KEYGEN_DAEMON_byNoemy\PES6.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Warcraft III\BNUpdate.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Warcraft III\Frozen Throne.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Warcraft III\SetupReg.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Warcraft III\War3.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Warcraft III\Warcraft III.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Warcraft III\World Editor.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Jeux\Warcraft III\WorldEdit.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes albums\dossier pascal\Need For Speed Carbon\Pack_Need_for_speed_Carbon_CRACK_KEYGEN_DAEMON_byNoemy\Daemon tools v4.06-x86 byNoemy.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes albums\dossier pascal\Need For Speed Carbon\Pack_Need_for_speed_Carbon_CRACK_KEYGEN_DAEMON_byNoemy\NFS Carbon KeygenGenerator byNoemy.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes albums\dossier pascal\Need For Speed Carbon\Pack_Need_for_speed_Carbon_CRACK_KEYGEN_DAEMON_byNoemy\NFSC.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes fichiers\DXSETUP.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes fichiers\quickzip 4.60.015.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes fichiers\winamp521_full.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes logiciels\Craagle.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes logiciels\Install_MSN_Messenger.EXE c:\Documents and Settings\MaDiNiNa_972\Mes documents\Mes logiciels\PPVIEWER.EXE c:\Documents and Settings\MaDiNiNa_972\Mes documents\Muze\InstMsiA.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Muze\InstMsiW.exe c:\Documents and Settings\MaDiNiNa_972\Mes documents\Muze\setup.exe c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Bases\avcmhk4.dll c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.614\adialhk.dll c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc\i386\ForDiff\unp035.avc.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\MaDiNiNa_972\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\MaDiNiNa_972\Application Data\Mozilla\Firefox\Profiles\477kvj0k.default\extensions\{0784CD66-62FE-4cef-ABF4-F8ED9B654ACC}\components\tab_effect_xpcom.dll ****** Fin du rapport DiagHelp

voici le rapport catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-30 20:28:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run ToUcamVProperty = C:\PROGRA~1\PHILIP~1\VProperty.exe??~?1?\?V?P?r?o?p?e?r?t?y?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{BDE80120-D2D2-BF52-F210-C15BE6806B68}1\11-{BDE80120-D2D2-BF52-F210-C15BE6806B68}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{A58D4903-6E0C-C418-6788-D38D255876CD}1\14-{A58D4903-6E0C-C418-6788-D38D255876CD}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{361A6ADF-A818-D6D3-550A-D71F48D9E97C}1\10-{361A6ADF-A818-D6D3-550A-D71F48D9E97C}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{84D1F186-0B9B-8043-A2D1-D608F75A1644}1\13-{84D1F186-0B9B-8043-A2D1-D608F75A1644}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{1E95B197-1C2A-FB4F-6602-A84EC84B0B03}1\15-{1E95B197-1C2A-FB4F-6602-A84EC84B0B03}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}1\10-{6CDB99D7-BC0C-02AF-F59F-3552137B8252}-v1-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\35\135-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v135-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v135-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5214 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\35\135-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v135-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v135-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 608 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\36\136-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v136-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 304 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\37\137-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v137-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11424 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\37\137-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v137-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1312 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\38\138-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v138-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1784 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\39\139-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v139-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\41\141-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v141-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 360 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\42\142-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v142-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v142-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14772 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\42\142-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v142-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v142-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1680 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\44\144-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v144-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v144-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\45\145-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v145-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v145-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 296 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\46\146-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v146-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v146-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\47\147-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v147-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v147-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16500 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\47\147-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v147-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v147-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1880 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\48\148-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v148-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v148-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1600 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\49\149-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v149-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v149-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1056 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\50\150-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v150-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v150-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 432 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\51\151-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v151-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v151-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 800 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\52\11-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v152-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13944 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\52\11-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v152-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1624 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\54\13-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v154-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16068 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\54\13-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v154-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1832 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\55\14-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v155-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5052 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\55\14-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v155-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 576 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\56\15-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v156-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2442 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\56\15-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v156-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 272 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\57\157-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v157-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\58\158-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v158-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\60\160-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v160-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v160-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 216 bytes hidden from API C:\8295f65fd8ab1f0692d3a9\update\update.exe C:\8295f65fd8ab1f0692d3a9\update\wpdinstallutil.dll C:\9b138f5d31713f2753cd4244\update\update.exe scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 39 file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{BDE80120-D2D2-BF52-F210-C15BE6806B68}1\11-{BDE80120-D2D2-BF52-F210-C15BE6806B68}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ( 8 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{A58D4903-6E0C-C418-6788-D38D255876CD}1\14-{A58D4903-6E0C-C418-6788-D38D255876CD}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.1 ( 8 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{361A6ADF-A818-D6D3-550A-D71F48D9E97C}1\10-{361A6ADF-A818-D6D3-550A-D71F48D9E97C}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.2 ( 8 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{84D1F186-0B9B-8043-A2D1-D608F75A1644}1\13-{84D1F186-0B9B-8043-A2D1-D608F75A1644}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.3 ( 8 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{1E95B197-1C2A-FB4F-6602-A84EC84B0B03}1\15-{1E95B197-1C2A-FB4F-6602-A84EC84B0B03}-v1-{CD7BC6D1-4EBD-453B-980B-88EC4BDEE23A}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.4 ( 8 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}1\10-{6CDB99D7-BC0C-02AF-F59F-3552137B8252}-v1-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.5 ( 8 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\35\135-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v135-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v135-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ( 5214 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\35\135-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v135-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v135-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.6 ( 608 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\36\136-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v136-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.7 ( 304 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\37\137-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v137-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1.1 ( 11424 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\37\137-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v137-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.8 ( 1312 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\38\138-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v138-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.9 ( 1784 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\39\139-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v139-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.10 ( 488 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\41\141-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v141-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.11 ( 360 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\42\142-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v142-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v142-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1.2 ( 14772 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\42\142-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v142-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v142-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.12 ( 1680 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\44\144-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v144-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v144-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.13 ( 176 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\45\145-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v145-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v145-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.14 ( 296 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\46\146-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v146-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v146-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.15 ( 184 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\47\147-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v147-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v147-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1.3 ( 16500 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\47\147-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v147-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v147-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.16 ( 1880 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\48\148-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v148-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v148-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.17 ( 1600 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\49\149-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v149-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v149-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.18 ( 1056 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\50\150-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v150-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v150-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.19 ( 432 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\51\151-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v151-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v151-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.20 ( 800 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\52\11-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v152-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1.4 ( 13944 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\52\11-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v152-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.21 ( 1624 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\54\13-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v154-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1.5 ( 16068 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\54\13-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v154-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.22 ( 1832 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\55\14-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v155-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1.6 ( 5052 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\55\14-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v155-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.23 ( 576 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\56\15-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v156-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1.7 ( 2442 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\56\15-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v156-{BB37C8B7-58FD-4A9D-A0E0-473A448ADDD7}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.24 ( 272 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\57\157-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v157-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.25 ( 464 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\58\158-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v158-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.26 ( 176 bytes ) file zipped: C:\Documents and Settings\MaDiNiNa_972\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{6CDB99D7-BC0C-02AF-F59F-3552137B8252}\60\160-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v160-{496EAE1D-0002-4CBB-A0AA-93F3B457E344}-v160-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.27 ( 216 bytes ) file zipped: C:\8295f65fd8ab1f0692d3a9\update\update.exe -> catchme.zip -> update.exe ( 716000 bytes ) file zipped: C:\8295f65fd8ab1f0692d3a9\update\wpdinstallutil.dll -> catchme.zip -> wpdinstallutil.dll ( 13312 bytes ) file zipped: C:\9b138f5d31713f2753cd4244\update\update.exe -> catchme.zip -> update.exe.1 ( 727776 bytes )

re voici le rapport HijackThis Logfile of HijackThis v1.99.1 Scan saved at 17:59:41, on 30/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\MSI\BToes Logiciel Bluetooth\bin\btwdins.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\HP\KBD\KBD.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSI\BToes Logiciel Bluetooth\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...&CLCID=1036 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CDBB5151-480D-4BBE-94AB-06CF6A26846E}: NameServer = 217.175.160.11 217.175.160.12 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Logiciel Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

re voici le rapport HijackThis Logfile of HijackThis v1.99.1 Scan saved at 17:59:41, on 30/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\MSI\BToes Logiciel Bluetooth\bin\btwdins.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\HP\KBD\KBD.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSI\BToes Logiciel Bluetooth\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...&CLCID=1036 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CDBB5151-480D-4BBE-94AB-06CF6A26846E}: NameServer = 217.175.160.11 217.175.160.12 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Logiciel Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

salut depuis quelques jours j'ai remarqué que mon pc est extremmement lent, il y a 2 session dans l'ordi celle de ma mere et la mienne . celle de ma mère fonctionne très bien; mais pa la mienne. je ne peut rien faire dans ma session j'ai besoin d'aide merci.

re, voici les deux rapport que tu m'as demandé GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-14 21:01:28 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2 SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey SSDT kl1.sys ZwOpenFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296] Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.12 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE40 5 Bytes JMP F49D4F00 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF634 5 Bytes JMP F49D5400 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntkrnlpa.exe!KiDispatchInterrupt + 100 80544AA0 7 Bytes JMP F49D83C0 \??\C:\WINDOWS\system32\drivers\klif.sys ? C:\DOCUME~1\MADINI~1\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. ---- User code sections - GMER 1.0.12 ---- .text C:\WINDOWS\explorer.exe[952] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\explorer.exe[952] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system\hpsysdrv.exe[1936] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system\hpsysdrv.exe[1936] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\SOUNDMAN.EXE[2096] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\SOUNDMAN.EXE[2096] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\ALCWZRD.EXE[2124] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\ALCWZRD.EXE[2124] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\hp\KBD\kbd.exe[2140] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\hp\KBD\kbd.exe[2140] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\Program Files\iTunes\iTunesHelper.exe[2152] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[2152] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\rundll32.exe[2192] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\rundll32.exe[2192] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe[2204] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe[2204] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2216] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2216] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\rundll32.exe[2228] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\rundll32.exe[2228] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\PHILIP~1\VProperty.exe[2240] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\PROGRA~1\PHILIP~1\VProperty.exe[2240] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 27001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 27001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [ 24, AF, CC, CC ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003270 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004AB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 270049D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 27004B50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WS2_32.dll!send 719F428A 5 Bytes JMP 270095A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 27009390 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WS2_32.dll!recv 719F615A 5 Bytes JMP 27009200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 27009720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 27009930 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 5 Bytes JMP 27002BA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 27001D30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 27001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WININET.dll!InternetCloseHandle 771BDA79 5 Bytes JMP 27008460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WININET.dll!HttpOpenRequestA 771C4341 5 Bytes JMP 27008180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WININET.dll!InternetReadFile 771CABAC 5 Bytes JMP 270082E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2264] WININET.dll!HttpSendRequestA 771CCD38 5 Bytes JMP 270083B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\WINDOWS\system32\rundll32.exe[2268] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\rundll32.exe[2268] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2296] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2296] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 27001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 27001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [ 24, AF, CC, CC ] .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003270 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004AB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 270049D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 27004B50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WS2_32.dll!send 719F428A 5 Bytes JMP 270095A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 27009390 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WS2_32.dll!recv 719F615A 5 Bytes JMP 27009200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 27009720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 27009930 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 5 Bytes JMP 27002BA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 27001D30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 27001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WININET.dll!InternetCloseHandle 771BDA79 5 Bytes JMP 27008460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WININET.dll!HttpOpenRequestA 771C4341 5 Bytes JMP 27008180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WININET.dll!InternetReadFile 771CABAC 5 Bytes JMP 270082E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSN Messenger\msnmsgr.exe[2496] WININET.dll!HttpSendRequestA 771CCD38 5 Bytes JMP 270083B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll .text C:\Program Files\MSI\BToes Logiciel Bluetooth\BTTray.exe[2712] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ] .text C:\Program Files\MSI\BToes Logiciel Bluetooth\BTTray.exe[2712] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\Program Files\MSI\BToes Logiciel Bluetooth\BTTray.exe[2712] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2752] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ] .text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2752] SHELL32.dll!SHFileOperationW 7CA7FD0A 6 Bytes JMP 5F0B0F5A .text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2752] SHELL32.dll!SHFileOperation 7CA7FFF2 6 Bytes JMP 5F040F5A .text C:\Program Files\Winamp\winamp.exe[3580] USER32.dll!SetScrollInfo 77D19056 7 Bytes JMP 0AE17CD0 C:\Program Files\Winamp\Plugins\gen_RadiosFR.dll .text C:\Program Files\Winamp\winamp.exe[3580] USER32.dll!GetScrollInfo 77D217F8 7 Bytes JMP 0AE17C20 C:\Program Files\Winamp\Plugins\gen_RadiosFR.dll .text C:\Program Files\Winamp\winamp.exe[3580] USER32.dll!ShowScrollBar 77D2F2CA 5 Bytes JMP 0AE17DA0 C:\Program Files\Winamp\Plugins\gen_RadiosFR.dll .text C:\Program Files\Winamp\winamp.exe[3580] USER32.dll!GetScrollPos 77D2F6DC 5 Bytes JMP 0AE17C60 C:\Program Files\Winamp\Plugins\gen_RadiosFR.dll .text C:\Program Files\Winamp\winamp.exe[3580] USER32.dll!SetScrollPos 77D2F728 5 Bytes JMP 0AE17D10 C:\Program Files\Winamp\Plugins\gen_RadiosFR.dll .text C:\Program Files\Winamp\winamp.exe[3580] USER32.dll!GetScrollRange 77D2F75F 5 Bytes JMP 0AE17C90 C:\Program Files\Winamp\Plugins\gen_RadiosFR.dll .text C:\Program Files\Winamp\winamp.exe[3580] USER32.dll!SetScrollRange 77D2F973 5 Bytes JMP 0AE17D50 C:\Program Files\Winamp\Plugins\gen_RadiosFR.dll .text C:\Program Files\Winamp\winamp.exe[3580] USER32.dll!EnableScrollBar 77D67BC5 7 Bytes JMP 0AE17BE0 C:\Program Files\Winamp\Plugins\gen_RadiosFR.dll ---- Threads - GMER 1.0.12 ---- Thread 4:112 82C848E0 Thread 4:116 82C848E0 Thread 4:120 82C5D8D0 Thread 4:124 82C5D8D0 Thread 4:128 82C5D8D0 Thread 4:404 82C848E0 Thread 4:468 82C848E0 Thread 4:652 82C848E0 Thread 4:444 81E864A0 ---- EOF - GMER 1.0.12 ---- ------------------------ et le rapport hijackthis StartupList report, 14/03/2007, 21:03:40 StartupList version: 1.52.2 Started from : C:\Documents and Settings\MaDiNiNa_972\Bureau\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16414) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSI\BToes Logiciel Bluetooth\bin\btwdins.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\MSI\BToes Logiciel Bluetooth\BTTray.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MSI\BTOESL~1\BTSTAC~1.EXE C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Winamp\Winamp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows NT\Accessoires\wordpad.exe C:\Documents and Settings\MaDiNiNa_972\Bureau\gmer.exe C:\Program Files\Windows NT\Accessoires\wordpad.exe C:\Documents and Settings\MaDiNiNa_972\Bureau\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\MaDiNiNa_972\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] BTTray.lnk = ? HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run hpsysdrv = c:\windows\system\hpsysdrv.exe Raccourci vers la page des propriétés de High Definition Audio = HDAShCut.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /installquiet /keeploaded /nodetect SoundMan = SOUNDMAN.EXE AlcWzrd = ALCWZRD.EXE HPHUPD08 = c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe KBD = C:\HP\KBD\KBD.EXE iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE PS2 = C:\WINDOWS\system32\ps2.exe LSBWatcher = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe AdslTaskBar = rundll32.exe stmctrl.dll,TaskBar -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SuperCopier2.exe = C:\Program Files\SuperCopier2\SuperCopier2.exe msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] * StubPath = C:\WINDOWS\system32\ieudinit.exe [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: HPCeeSchedule.job Maintenance en 1 clic.job Vérifier les mises à jour de Windows Live Toolbar.job -------------------------------------------------- Enumerating Download Program Files: [bDSCANONLINE Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx CODEBASE = http://www.bitdefender.fr/scan8/oscan8.cab [GSDACtl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\WINDOWS\system32\wshbth.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll Protocol #26: C:\WINDOWS\system32\mswsock.dll Protocol #27: C:\WINDOWS\system32\mswsock.dll Protocol #28: C:\WINDOWS\system32\mswsock.dll Protocol #29: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: system32\DRIVERS\arp1394.sys (manual start) Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) Antivirus Filter Driver: \SystemRoot\system32\drivers\av5flt.sys (manual start) Kaspersky Internet Security 6.0: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (autostart) BitDefender Firewall NDIS Filter Service: system32\DRIVERS\bdfndisf.sys (manual start) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Périphérique audio Bluetooth: system32\drivers\btaudio.sys (manual start) Pilote de communications virtuelles Bluetooth: system32\DRIVERS\btport.sys (manual start) Pilote de bloc de demande Bluetooth: system32\DRIVERS\BthEnum.sys (manual start) Périphérique Bluetooth (réseau personnel): system32\DRIVERS\bthpan.sys (manual start) Pilote de port Bluetooth: System32\Drivers\BTHport.sys (manual start) Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart) Pilote USB radio Bluetooth: System32\Drivers\BTHUSB.sys (manual start) Enumérateur de bus Bluetooth: system32\DRIVERS\btkrnl.sys (manual start) Bluetooth Serial Driver: \??\C:\WINDOWS\system32\drivers\btserial.sys (autostart) Bluetooth Port Client Driver: \??\C:\WINDOWS\system32\drivers\btslbcsp.sys (autostart) Bluetooth Service: C:\Program Files\MSI\BToes Logiciel Bluetooth\bin\btwdins.exe (autostart) Serveur d'accès au réseau local Bluetooth: system32\DRIVERS\btwdndis.sys (manual start) btwhid: system32\DRIVERS\btwhid.sys (manual start) Modem Bluetooth: system32\DRIVERS\btwmodem.sys (manual start) WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start) Philips ToUcam Camera; Video: system32\DRIVERS\camdrv21.sys (manual start) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) Coach Digital Camera on USB: system32\DRIVERS\CoachUsb.sys (manual start) Panda Anti-Dialer: \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys (manual start) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (manual start) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start) gmer: System32\DRIVERS\gmer.sys (manual start) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Pilote de fonction Microsoft UAA pour Service High Definition Audio: system32\drivers\HdAudio.sys (manual start) Pilote de bus Microsoft UAA pour High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start) IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start) IntelIde: system32\DRIVERS\intelide.sys (system) Pilote de processeur Intel: system32\DRIVERS\intelppm.sys (system) Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Protocole IrDA: system32\DRIVERS\irda.sys (autostart) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) Moniteur infrarouge: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: system32\DRIVERS\kbdhid.sys (system) Kl1: system32\drivers\kl1.sys (system) Klif: \??\C:\WINDOWS\system32\drivers\klif.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) LightScribeService Direct Disc Labeling Service: "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe" (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) LT Modem Driver: system32\DRIVERS\ltmdmnt.sys (manual start) mchInjDrv: \??\C:\DOCUME~1\MADINI~1\LOCALS~1\Temp\mc21.tmp (disabled) Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" (autostart) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Microsoft IR Communications Driver: system32\DRIVERS\MSIRCOMM.sys (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) NBService: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: system32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: system32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte compatible IEE 1394 VIA OHCI: system32\DRIVERS\ohci1394.sys (system) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) Panda Process Protection Driver: \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (autostart) Pilote de bus PCI: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (system) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) PS2: system32\DRIVERS\PS2.sys (manual start) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Miniport réseau étendu (IrDA): system32\DRIVERS\rasirda.sys (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Périphérique Bluetooth (TDI protocole RFCOMM): system32\DRIVERS\rfcomm.sys (manual start) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtlnicxp.sys (manual start) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C): system32\DRIVERS\RTL8139.SYS (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Sony Ericsson Device 039 Driver driver (WDM): system32\DRIVERS\SE27bus.sys (manual start) Sony Ericsson Device 039 USB WMC Modem Filter: system32\DRIVERS\SE27mdfl.sys (manual start) Sony Ericsson Device 039 USB WMC Modem Driver: system32\DRIVERS\SE27mdm.sys (manual start) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) sptd: System32\Drivers\sptd.sys (system) Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) STIrUsb.sys USB-IrDA Adapter: system32\DRIVERS\irstusb.sys (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) ATM/ADSL miniport: system32\DRIVERS\stmatm.sys (manual start) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{383FA16D-AF8F-4C60-B213-2B9363664871} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) ADSL Modem USB Service: system32\DRIVERS\torususb.sys (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TSP: \??\C:\WINDOWS\system32\drivers\klif.sys (manual start) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start) Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start) Service Messenger Sharing Folders USN Journal Reader: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start) Extension de conception TuneUp: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) ViaIde: system32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Service Partage réseau du Lecteur Windows Media: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start) Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start) Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 41 058 bytes Report generated in 1,000 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

slt, la fameuse ligne 017 a réapparu, est ce que c'est un problème? sinon ,que doit -je faire

VirusTotal VirusTotal is a free file analisys service that works using several antivirus engines. Select file : Distribute SSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send. Menu: * News Hot news in the virus/antivirus sector. * Estadisticas Statistics of VirusTotal procesing. * Virustotal More info about Virustotal. STATUS: FINISHED Complete scanning result of "unvise32qt.exe", received in VirusTotal at 03.09.2007, 01:00:14 (CET). Antivirus Version Update Result AntiVir 7.3.1.41 03.08.2007 no virus found Authentium 4.93.8 03.08.2007 no virus found Avast 4.7.936.0 03.08.2007 no virus found AVG 7.5.0.447 03.08.2007 no virus found BitDefender 7.2 03.09.2007 no virus found CAT-QuickHeal 9.00 03.08.2007 no virus found ClamAV devel-20060426 03.08.2007 no virus found DrWeb 4.33 03.08.2007 no virus found eSafe 7.0.14.0 03.08.2007 no virus found eTrust-Vet 30.6.3464 03.08.2007 no virus found Ewido 4.0 03.07.2007 no virus found FileAdvisor 1 03.09.2007 no virus found Fortinet 2.85.0.0 03.08.2007 no virus found F-Prot 4.3.1.45 03.08.2007 no virus found F-Secure 6.70.13030.0 03.08.2007 no virus found Ikarus T3.1.1.3 03.08.2007 no virus found Kaspersky 4.0.2.24 03.09.2007 no virus found McAfee 4980 03.08.2007 no virus found Microsoft 1.2204 03.08.2007 no virus found NOD32v2 2104 03.08.2007 no virus found Norman 5.80.02 03.07.2007 no virus found Panda 9.0.0.4 03.08.2007 no virus found Prevx1 V2 03.09.2007 no virus found Sophos 4.15.0 03.07.2007 no virus found Sunbelt 2.2.907.0 03.07.2007 no virus found Symantec 10 03.08.2007 no virus found TheHacker 6.1.6.072 03.07.2007 no virus found UNA 1.83 03.07.2007 no virus found VBA32 3.11.2 03.08.2007 no virus found VirusBuster 4.3.19:9 03.08.2007 no virus found Aditional Information File size: 86016 bytes MD5: 9b91238821b483663beff72d5603aa33 SHA1: 44a64ac567afe7a0216bc33b6f2af425240f377a VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail [email protected] voila j'ai fait ce tu m'as demandé