Aller au contenu

number05

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    32

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par number05

  1. number05
    -----------\\ ToolBar S&D 1.2.1 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.00GHz ) BIOS : Default System BIOS USER : Administrateur ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total : 18 Go Free : 7 Go D:\ (Local Disk) - NTFS - Total : 19 Go Free : 0 Go E:\ (CD or DVD) F:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 ) Option : [1] ( 03/10/2008| 2:35 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\ADMINI~1\Cookies\administrateur@msxml.webcrawler[1].txt C:\DOCUME~1\ADMINI~1\Cookies\administrateur@webcrawler[1].txt C:\DOCUME~1\ADMINI~1\APPLIC~1\FunWebProducts C:\DOCUME~1\ADMINI~1\APPLIC~1\FunWebProducts\Data C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver C:\Program Files\FunWebProducts\Shared C:\DOCUME~1\ADMINI~1\Cookies\administrateur@hotbar[1].txt C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch\SrchAstt C:\DOCUME~1\ADMINI~1\Cookies\administrateur@mywebsearch[2].txt C:\WINDOWS\iun6002.exe C:\WINDOWS\System32\f3PSSavr.scr C:\Program Files\Internet Explorer\msimg32.dll C:\Program Files\MSN Messenger\riched20.dll -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 03/10/2008| 2:38 - Option : [1] -----------\\ Fin du rapport a 2:38:43,78 merci pour votre aide
  2. number05
    Voici le rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 17:20:15, on 25/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.640\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4a0f12091bbe4640a657e07b3e1007ac O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4a0f12091bbe4640a657e07b3e1007ac O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{49325DED-6FE9-4CFC-AB2C-92ED0B69EA82}: NameServer = 41.221.20.4 208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
  3. number05
    Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14:40:58, on 29/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\BitLord\BitLord.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Downloads\number05.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.atlas-grup.com/yukle/resim/wresim%205.jpg -- End of file - 11051 bytes
  4. number05
    hallilouahhh, ça marche!!!!! mission accomplie charles MERCI pour ton aide!!!!
  5. number05
    salut charles, ci dessous le rapport demandé SmitFraudFix v2.207 Rapport fait à 14:20:07,75, 28/07/2007 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.116.66 DNS Server Search Order: 85.255.112.80 Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.116.66 DNS Server Search Order: 85.255.112.80 Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Pilote de serveur d'accès au réseau local Bluetooth - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.116.66 DNS Server Search Order: 85.255.112.80 HKLM\SYSTEM\CCS\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CCS\Services\Tcpip\..\{198BD5FF-5FB2-4AF7-8432-231E6EC0D561}: DhcpNameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: DhcpNameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS1\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS1\Services\Tcpip\..\{198BD5FF-5FB2-4AF7-8432-231E6EC0D561}: DhcpNameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: DhcpNameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS2\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS2\Services\Tcpip\..\{198BD5FF-5FB2-4AF7-8432-231E6EC0D561}: DhcpNameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: DhcpNameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}: NameServer=85.255.116.66,85.255.112.80 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.66 85.255.112.80 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.66 85.255.112.80 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.66 85.255.112.80 »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
  6. number05
    bonjour charles, voici le contenu de ce que tu m'as demandé de faire. StartupList report, 26/07/2007, 10:53:08 StartupList version: 1.52.2 Started from : C:\Downloads\number05.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16473) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\IAM\bin\asghost.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\BitLord\BitLord.exe C:\Downloads\number05.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] BTTray.lnk = ? DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run MsmqIntCert = regsvr32 /s mqrt.dll SoundMAX = C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray PTHOSTTR = C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe hpWirelessAssistant = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe CognizanceTS = rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe Recguard = C:\WINDOWS\Sminst\Recguard.exe Reminder = C:\WINDOWS\Creator\Remind_XP.exe Scheduler = C:\WINDOWS\SMINST\Scheduler.exe WatchDog = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe igfxtray = C:\WINDOWS\system32\igfxtray.exe igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe igfxpers = C:\WINDOWS\system32\igfxpers.exe Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe SunJavaUpdateSched = C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [optionalcomponents] = -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\scrnsave.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890} (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -------------------------------------------------- Enumerating Download Program Files: [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 8 656 bytes Report generated in 0,312 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Hi jack This: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:55:06, on 26/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\IAM\bin\asghost.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\BitLord\BitLord.exe C:\Downloads\number05.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.atlas-grup.com/yukle/resim/wresim%205.jpg -- End of file - 12143 bytes DNSbak REGEDIT4 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters] "NV Hostname"="your-80aa632ef8" "DataBasePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,64,72,69,76,65,72,73,5c,65,74,63,00 "NameServer"="85.255.116.66 85.255.112.80" "ForwardBroadcasts"=dword:00000000 "IPEnableRouter"=dword:00000000 "Domain"="" "Hostname"="your-80aa632ef8" "SearchList"="" "UseDomainNameDevolution"=dword:00000001 "EnableICMPRedirect"=dword:00000001 "DeadGWDetectDefault"=dword:00000001 "DontAddDefaultGatewayDefault"=dword:00000000 "EnableSecurityFilters"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\NdisWanIp] "LLInterface"="WANARP" "IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\ 65,72,66,61,63,65,73,5c,7b,31,39,38,42,44,35,46,46,2d,35,46,42,32,2d,34,41,\ 46,37,2d,38,34,33,32,2d,32,33,31,45,36,45,43,30,44,35,36,31,7d,00,54,63,70,\ 69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,\ 7b,30,46,35,34,43,38,41,36,2d,37,46,33,30,2d,34,33,42,30,2d,41,36,38,34,2d,\ 36,36,37,32,41,38,34,37,35,35,46,35,7d,00,00 "NumInterfaces"=dword:00000002 "IpInterfaces"=hex:ff,d5,8b,19,b2,5f,f7,4a,84,32,23,1e,6e,c0,d5,61,a6,c8,54,0f,\ 30,7f,b0,43,a6,84,66,72,a8,47,55,f5 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{081CA721-E843-44FB-9D21-36A79FA85DE8}] "LLInterface"="" "IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\ 65,72,66,61,63,65,73,5c,7b,30,38,31,43,41,37,32,31,2d,45,38,34,33,2d,34,34,\ 46,42,2d,39,44,32,31,2d,33,36,41,37,39,46,41,38,35,44,45,38,7d,00,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{7F16BD61-6270-4C3F-BF6E-797751A4F020}] "LLInterface"="ARP1394" "IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\ 65,72,66,61,63,65,73,5c,7b,37,46,31,36,42,44,36,31,2d,36,32,37,30,2d,34,43,\ 33,46,2d,42,46,36,45,2d,37,39,37,37,35,31,41,34,46,30,32,30,7d,00,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}] "LLInterface"="" "IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\ 65,72,66,61,63,65,73,5c,7b,42,39,35,32,35,46,38,38,2d,34,43,44,34,2d,34,41,\ 44,32,2d,38,30,44,45,2d,30,46,36,46,38,44,36,39,38,44,46,45,7d,00,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}] "LLInterface"="" "IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\ 65,72,66,61,63,65,73,5c,7b,44,39,31,33,30,30,46,41,2d,45,37,44,36,2d,34,39,\ 35,43,2d,42,45,39,44,2d,37,43,46,36,41,32,36,46,44,31,35,38,7d,00,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\DNSRegisteredAdapters] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{081CA721-E843-44FB-9D21-36A79FA85DE8}] "UseZeroBroadcast"=dword:00000000 "EnableDeadGWDetect"=dword:00000001 "EnableDHCP"=dword:00000001 "IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00 "SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00 "DefaultGateway"=hex(7):00 "DefaultGatewayMetric"=hex(7):00 "NameServer"="85.255.116.66,85.255.112.80" "Domain"="" "RegistrationEnabled"=dword:00000001 "RegisterAdapterName"=dword:00000000 "TCPAllowedPorts"=hex(7):30,00,00 "UDPAllowedPorts"=hex(7):30,00,00 "RawIPAllowedProtocols"=hex(7):30,00,00 "NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,34,00,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{0F54C8A6-7F30-43B0-A684-6672A84755F5}] "UseZeroBroadcast"=dword:00000000 "EnableDHCP"=dword:00000000 "IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00 "SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00 "DefaultGateway"=hex(7):00 "EnableDeadGWDetect"=dword:00000001 "DontAddDefaultGateway"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{198BD5FF-5FB2-4AF7-8432-231E6EC0D561}] "UseZeroBroadcast"=dword:00000000 "EnableDHCP"=dword:00000000 "IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00 "SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00 "DefaultGateway"=hex(7):00 "EnableDeadGWDetect"=dword:00000001 "DontAddDefaultGateway"=dword:00000000 "NameServer"="" "DhcpNameServer"="85.255.116.66,85.255.112.80" "Domain"="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{7F16BD61-6270-4C3F-BF6E-797751A4F020}] "UseZeroBroadcast"=dword:00000000 "EnableDHCP"=dword:00000001 "IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00 "SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00 "DefaultGateway"=hex(7):00 "DefaultGatewayMetric"=hex(7):00 "NameServer"="85.255.116.66,85.255.112.80" "Domain"="" "RegistrationEnabled"=dword:00000001 "RegisterAdapterName"=dword:00000000 "TCPAllowedPorts"=hex(7):30,00,00 "UDPAllowedPorts"=hex(7):30,00,00 "RawIPAllowedProtocols"=hex(7):30,00,00 "DhcpNameServer"="85.255.116.66,85.255.112.80" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}] "UseZeroBroadcast"=dword:00000000 "EnableDeadGWDetect"=dword:00000001 "EnableDHCP"=dword:00000000 "IPAddress"=hex(7):31,39,32,2e,31,36,38,2e,30,2e,31,31,38,00,00 "SubnetMask"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00 "DefaultGateway"=hex(7):31,39,32,2e,31,36,38,2e,30,2e,31,00,00 "DefaultGatewayMetric"=hex(7):30,00,00 "NameServer"="85.255.116.66,85.255.112.80" "Domain"="" "RegistrationEnabled"=dword:00000001 "RegisterAdapterName"=dword:00000000 "TCPAllowedPorts"=hex(7):30,00,00 "UDPAllowedPorts"=hex(7):30,00,00 "RawIPAllowedProtocols"=hex(7):30,00,00 "NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,32,00,00 "DhcpClassIdBin"=hex: "DhcpServer"="255.255.255.255" "Lease"=dword:00000e10 "LeaseObtainedTime"=dword:45c1cee2 "T1"=dword:45c1d5ea "T2"=dword:45c1db30 "LeaseTerminatesTime"=dword:45c1dcf2 "IPAutoconfigurationAddress"="0.0.0.0" "IPAutoconfigurationMask"="255.255.0.0" "IPAutoconfigurationSeed"=dword:00000000 "AddressType"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}] "UseZeroBroadcast"=dword:00000000 "EnableDeadGWDetect"=dword:00000001 "EnableDHCP"=dword:00000001 "IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00 "SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00 "DefaultGateway"=hex(7):00 "DefaultGatewayMetric"=hex(7):00 "NameServer"="85.255.116.66,85.255.112.80" "Domain"="" "RegistrationEnabled"=dword:00000001 "RegisterAdapterName"=dword:00000000 "TCPAllowedPorts"=hex(7):30,00,00 "UDPAllowedPorts"=hex(7):30,00,00 "RawIPAllowedProtocols"=hex(7):30,00,00 "NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,33,00,00 "DhcpClassIdBin"=hex: "DhcpIPAddress"="169.254.161.124" "DhcpSubnetMask"="255.255.0.0" "DhcpServer"="255.255.255.255" "Lease"=dword:00000000 "LeaseObtainedTime"=dword:465849c7 "T1"=dword:465849c7 "T2"=dword:465849c7 "LeaseTerminatesTime"=dword:7fffffff "IPAutoconfigurationAddress"="169.254.161.124" "IPAutoconfigurationMask"="255.255.0.0" "IPAutoconfigurationSeed"=dword:00000000 "AddressType"=dword:00000001 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\PersistentRoutes] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Winsock] "UseDelayedAcceptance"=dword:00000000 "HelperDllName"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\ 6d,33,32,5c,77,73,68,74,63,70,69,70,2e,64,6c,6c,00 "MaxSockAddrLength"=dword:00000010 "MinSockAddrLength"=dword:00000010 "Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\ 00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\ 00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\ 00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\ 00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\ 00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00
  7. number05
    Bonjour charles, je viens de refaire la manip' et ça ne donne rien!! ci dessous le rapport HijackThis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:55:01, on 24/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Downloads\number05.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.atlas-grup.com/yukle/resim/wresim%205.jpg -- End of file - 11937 bytes
  8. number05
    rapport fix ware out: Username "Administrateur" - 2007-07-23 17:08:10 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{198BD5FF-5FB2-4AF7-8432-231E6EC0D561} "DhcpNameServer"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F16BD61-6270-4C3F-BF6E-797751A4F020} "DhcpNameServer"="85.255.116.66,85.255.112.80" <Value cleared. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "MsmqIntCert"="regsvr32 /s mqrt.dll" "SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start" "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "CognizanceTS"="rundll32.exe C:\\PROGRA~1\\HPQ\\IAM\\Bin\\AsTsVcc.dll,RegisterModule" "QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\ 74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\ 68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\ 61,72,74,00 "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "Recguard"="C:\\WINDOWS\\Sminst\\Recguard.exe" "Reminder"="C:\\WINDOWS\\Creator\\Remind_XP.exe" "Scheduler"="C:\\WINDOWS\\SMINST\\Scheduler.exe" "WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\"" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe" "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" .... Hosts file was reset, If you use a custom hosts file please replace it rapport fix ware out: Username "Administrateur" - 2007-07-23 17:08:10 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{198BD5FF-5FB2-4AF7-8432-231E6EC0D561} "DhcpNameServer"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F16BD61-6270-4C3F-BF6E-797751A4F020} "DhcpNameServer"="85.255.116.66,85.255.112.80" <Value cleared. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "MsmqIntCert"="regsvr32 /s mqrt.dll" "SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start" "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "CognizanceTS"="rundll32.exe C:\\PROGRA~1\\HPQ\\IAM\\Bin\\AsTsVcc.dll,RegisterModule" "QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\ 74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\ 68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\ 61,72,74,00 "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "Recguard"="C:\\WINDOWS\\Sminst\\Recguard.exe" "Reminder"="C:\\WINDOWS\\Creator\\Remind_XP.exe" "Scheduler"="C:\\WINDOWS\\SMINST\\Scheduler.exe" "WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\"" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe" "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" .... Hosts file was reset, If you use a custom hosts file please replace it
  9. number05
    désolé charles, mais le problème persiste toujours.
  10. number05
    Bonjour Charles, effectivement, les 017 apparaissent à nouveau, je suis entrain d'effectuer un scan. ci dessous le rapport sreng. 2007-07-23,09:50:03 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [(Verified)Google Inc] <WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <MsmqIntCert><regsvr32 /s mqrt.dll> [N/A] <SoundMAX><C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray> [Analog Devices, Inc.] <PTHOSTTR><C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start> [Hewlett-Packard Development Company, L.P.] <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.] <DLA><C:\WINDOWS\System32\DLA\DLACTRLW.EXE> [Sonic Solutions] <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe> [Hewlett-Packard Development Company, L.P.] <CognizanceTS><rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule> [Cognizance Corporation] <QlbCtrl><%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start> [ Hewlett-Packard Development Company, L.P.] <Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> [] <Recguard><C:\WINDOWS\Sminst\Recguard.exe> [] <Reminder><C:\WINDOWS\Creator\Remind_XP.exe> [] <Scheduler><C:\WINDOWS\SMINST\Scheduler.exe> [] <WatchDog><C:\Program Files\InterVideo\DVD Check\DVDCheck.exe> [InterVideo Inc.] <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"> [(Verified)Kaspersky Lab] <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <igfxtray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <igfxpers><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Nero AG] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] <WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] <WinlogonNotify: OneCard><C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll> [Cognizance Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation] ================================== Startup Folders [BTTray] <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk --> C:\PROGRA~1\WIDCOMM\LOGICI~1\BTTray.exe [Broadcom Corporation.]><N> [DVD Check] <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk --> C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [InterVideo Inc.]><N> [Microsoft Office] <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N> ================================== Services [Canal de communication local / ASChannel][Running/Auto Start] <C:\WINDOWS\System32\svchost.exe -k Cognizance-->C:\Program Files\HPQ\IAM\Bin\ASChnl.dll><Cognizance Corporation> [Kaspersky Internet Security 7.0 / AVP][Running/Auto Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab> [Bluetooth Service / btwdins][Running/Auto Start] <C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe><Broadcom Corporation.> [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [hpqwmiex / hpqwmiex][Running/Auto Start] <C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe><Hewlett-Packard Development Company, L.P.> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start] <"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"><Hewlett-Packard Company> [LiveUpdate / LiveUpdate][Stopped/Manual Start] <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation> [PC Angel / PCA][Stopped/Auto Start] <C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe><N/A> [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Running/Auto Start] <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation> [Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start] <c:\program files\windows media connect\mswmccds.exe><Microsoft Corporation> [Aide de Windows Media Connect (WMC) / WmcCdsLs][Stopped/Manual Start] <C:\Program Files\Windows Media Connect\mswmcls.exe><Microsoft Corporation> ================================== Drivers [ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start] <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.> [AEAudio Service / AEAudioService][Running/Manual Start] <system32\drivers\AEAudio.sys><Andrea Electronics Corporation> [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] <system32\DRIVERS\AGRSM.sys><Agere Systems> [AliIde / AliIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.> [AuthenTec TruePrint USB Driver (AES2500) / ATSWPDRV][Stopped/Manual Start] <system32\DRIVERS\ATSwpDrv.sys><AuthenTec, Inc.> [Broadcom NetLink (TM) Gigabit Ethernet / b57w2k][Stopped/Manual Start] <system32\DRIVERS\b57xp32.sys><Broadcom Corporation> [Broadcom 440x 10/100 Integrated Controller / bcm4sbxp][Running/Manual Start] <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation> [Périphérique audio Bluetooth / btaudio][Running/Manual Start] <system32\drivers\btaudio.sys><Broadcom Corporation.> [Pilote de communications virtuelles Bluetooth / BTDriver][Running/Manual Start] <system32\DRIVERS\btport.sys><Broadcom Corporation.> [Enumérateur de bus Bluetooth / BTKRNL][Running/Manual Start] <system32\DRIVERS\btkrnl.sys><Broadcom Corporation.> [Serveur d'accès au réseau local Bluetooth / BTWDNDIS][Running/Manual Start] <system32\DRIVERS\btwdndis.sys><Broadcom Corporation.> [Modem Bluetooth / btwmodem][Running/Manual Start] <system32\DRIVERS\btwmodem.sys><Broadcom Corporation.> [WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start] <System32\Drivers\btwusb.sys><Broadcom Corporation.> [DLABOIOM / DLABOIOM][Running/Auto Start] <System32\DLA\DLABOIOM.SYS><Sonic Solutions> [DLACDBHM / DLACDBHM][Running/System Start] <System32\Drivers\DLACDBHM.SYS><Sonic Solutions> [DLADResN / DLADResN][Running/Auto Start] <System32\DLA\DLADResN.SYS><Sonic Solutions> [DLAIFS_M / DLAIFS_M][Running/Auto Start] <System32\DLA\DLAIFS_M.SYS><Sonic Solutions> [DLAOPIOM / DLAOPIOM][Running/Auto Start] <System32\DLA\DLAOPIOM.SYS><Sonic Solutions> [DLAPoolM / DLAPoolM][Running/Auto Start] <System32\DLA\DLAPoolM.SYS><Sonic Solutions> [DLARTL_N / DLARTL_N][Running/System Start] <System32\Drivers\DLARTL_N.SYS><Sonic Solutions> [DLAUDFAM / DLAUDFAM][Running/Auto Start] <System32\DLA\DLAUDFAM.SYS><Sonic Solutions> [DLAUDF_M / DLAUDF_M][Running/Auto Start] <System32\DLA\DLAUDF_M.SYS><Sonic Solutions> [DRVMCDB / DRVMCDB][Running/Boot Start] <\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions> [DRVNDDM / DRVNDDM][Running/Auto Start] <System32\Drivers\DRVNDDM.SYS><Sonic Solutions> [eabfiltr / eabfiltr][Running/System Start] <system32\DRIVERS\eabfiltr.sys><Hewlett-Packard Development Company, L.P.> [eabusb / eabusb][Stopped/Manual Start] <system32\DRIVERS\eabusb.sys><Hewlett-Packard Development Company, L.P.> [Symantec Eraser Control driver / eeCtrl][Running/System Start] <\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation> [GTIPCI21 / GTIPCI21][Stopped/Manual Start] <system32\DRIVERS\gtipci21.sys><N/A> [HBtnKey / HBtnKey][Running/Manual Start] <system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.> [Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start] <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider> [ialm / ialm][Running/Manual Start] <system32\DRIVERS\ialmnt5.sys><Intel Corporation> [Intel AHCI Controller / iaStor][Running/Boot Start] <\SystemRoot\System32\DRIVERS\iaStor.sys><Intel Corporation> [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab> [klif / klif][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab> [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start] <system32\DRIVERS\klim5.sys><Kaspersky Lab> [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [Pilote de périphérique SMC IrCC Miniport / SMCIRDA][Stopped/Manual Start] <system32\DRIVERS\smcirda.sys><SMC> [Synaptics TouchPad Driver / SynTP][Running/Manual Start] <system32\DRIVERS\SynTP.sys><Synaptics, Inc.> [tifm21 / tifm21][Stopped/Manual Start] <system32\drivers\tifm21.sys><N/A> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation> [Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start] <system32\DRIVERS\w39n51.sys><Intel® Corporation> ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [DriveLetterAccess] {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.> [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.> [HP Credential Manager for ProtectTools] {DF21F1DB-80C6-11D3-9483-B03D0EC10000} <C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll, Infineon Technologies AG> [Java Plug-in 1.6.0_01] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.> [Statistiques d’Anti-Virus Internet] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab> [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation> [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.> [Java Plug-in 1.6.0_01] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.> [ActiveScan Installer Class] {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software> [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.6.0_01] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.> [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.> [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation> [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation> [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation> [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [Reporte Class] {4A2A4430-3967-4461-94C7-BD95C419F3CF} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software> [DriveLetterAccess] {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Microsoft Shell UI Helper] {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Seleccion Class] {6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software> [ControlConexion Class] {6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software> [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.> [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation> [Panda ActiveScan] {96567F65-E04C-4611-AF29-7CDEA6FA6A84} <C:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software> [ActiveScan Installer Class] {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software> [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [VIDEO__AVI Moniker Class] {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [] {D030BD04-F963-47E6-B897-D3E73EE187BB} <C:\WINDOWS\system32\jkkjj.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.> [HP Credential Manager for ProtectTools] {DF21F1DB-80C6-11D3-9483-B03D0EC10000} <C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll, Infineon Technologies AG> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A> [] {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation> [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A> [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A> [Ajouter à Kaspersky Anti-Bannière] <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm, N/A> [E&xporter vers Microsoft Excel] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [Envoyer à &Bluetooth] <C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm, N/A> ================================== Running Processes [PID: 1452 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1556 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1584 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll] [Cognizance Corporation, 1.5.0.037] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\Program Files\HPQ\IAM\Bin\ASChnl.dll] [Cognizance Corporation, 1.23.0.125] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\HPQ\IAM\Bin\ItMsg.dll] [Cognizance Corporation, 1.18.0.305] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1628 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 1640 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\HPQ\IAM\bin\AsWlnPkg.dll] [Cognizance Corporation, 1.5.0.037] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 1820 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 1904 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 1964 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.119] [PID: 264 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 368 / SYSTEM][C:\WINDOWS\system32\DllHost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\HPQ\IAM\Bin\TrayIcon.dll] [Cognizance Corporation, 1.5.0.102] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\Program Files\HPQ\IAM\Bin\ItMsg.dll] [Cognizance Corporation, 1.18.0.305] [C:\Program Files\HPQ\IAM\bin\HPBrand.dll] [Hewlett-Packard Company, 1.01.0.020] [C:\Program Files\HPQ\IAM\bin\1036\HPBrand.dll] [Hewlett-Packard Company, 1.01.0.021] [C:\Program Files\HPQ\IAM\bin\1036\ItMsg.dll] [Cognizance Corporation, 1.18.0.282] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\HPQ\IAM\Bin\ittal.dll] [Cognizance Corporation, 1.5.0.141] [C:\Program Files\HPQ\IAM\Bin\ItReports.DLL] [Cognizance Corporation, 1.5.0.036] [C:\Program Files\HPQ\IAM\bin\1036\ItReports.DLL] [Cognizance Corporation, 1.5.0.032] [C:\Program Files\HPQ\IAM\Bin\STEngine.dll] [Cognizance Corporation, 1.5.0.025] [PID: 400 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [PID: 872 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16] [C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00] [C:\WINDOWS\system32\HPBHealr.dll] [N/A, ] [C:\WINDOWS\system32\HPMPMW.DLL] [Hewlett-Packard, 1, 0, 0, 0] [C:\WINDOWS\system32\HPMystPM.DLL] [Hewlett-Packard, 1, 0, 0, 0] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\system32\bthcrp.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\WidcommSdk.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\wbtapi.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp041.dll] [Hewlett-Packard Corporation, 60.041.41.00] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp35z.dll] [Hewlett-Packard Corporation, 60.041.41.00] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 932 / SERVICE LOCAL][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 1032 / SERVICE RÉSEAU][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4414.258] [C:\Program Files\Fichiers communs\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.105.1] [PID: 1484 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 1520 / SYSTEM][C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe] [Symantec Corporation, 3.0.0.171] [C:\Program Files\Symantec\LiveUpdate\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Symantec\LiveUpdate\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [PID: 172 / SYSTEM][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe] [Hewlett-Packard Development Company, L.P., 2, 0, 1, 9] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 348 / SYSTEM][C:\WINDOWS\system32\mqsvc.exe] [Microsoft Corporation, 5.01.1108] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 1252 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpmde.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [PID: 2188 / SYSTEM][C:\WINDOWS\system32\mqtgsvc.exe] [Microsoft Corporation, 5.01.1108] [PID: 2836 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2308 / Administrateur][C:\Program Files\HPQ\IAM\bin\asghost.exe] [Cognizance Corporation, 1.5.0.035] [C:\Program Files\HPQ\IAM\bin\ItMsg.dll] [Cognizance Corporation, 1.18.0.305] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\Program Files\HPQ\IAM\Bin\Aswallet.dll] [Cognizance Corporation, 1.09.0.079] [C:\Program Files\HPQ\IAM\bin\1036\Aswallet.dll] [Cognizance Corporation, 1.09.047] [C:\Program Files\HPQ\IAM\Bin\ItSSO.dll] [Cognizance Corporation, 1.50.3.319QC] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\HPQ\IAM\Bin\RasAdmin.dll] [Cognizance Corporation, 1.5.0.024] [C:\Program Files\HPQ\IAM\Bin\ItReports.DLL] [Cognizance Corporation, 1.5.0.036] [C:\Program Files\HPQ\IAM\bin\1036\ItReports.DLL] [Cognizance Corporation, 1.5.0.032] [C:\Program Files\HPQ\IAM\bin\1036\RasAdmin.dll] [Cognizance Corporation, 1.5.0.021] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\HPQ\IAM\Bin\SFSShell.dll] [Cognizance Corporation, 1.21.0.143] [C:\Program Files\HPQ\IAM\bin\1036\SFSShell.dll] [Cognizance Corporation, 1.18.0.111] [C:\Program Files\HPQ\IAM\Bin\PkiAdmin.dll] [Cognizance Corporation, 1.5.0.023] [C:\Program Files\HPQ\IAM\bin\HPBrand.dll] [Hewlett-Packard Company, 1.01.0.020] [C:\Program Files\HPQ\IAM\bin\1036\HPBrand.dll] [Hewlett-Packard Company, 1.01.0.021] [C:\Program Files\HPQ\IAM\bin\1036\ItMsg.dll] [Cognizance Corporation, 1.18.0.282] [C:\Program Files\HPQ\IAM\bin\1036\PkiAdmin.dll] [Cognizance Corporation, 1.5.0.020] [C:\Program Files\HPQ\IAM\Bin\ITVCClient.dll] [Cognizance Corporation, 1.5.1.122] [C:\Program Files\HPQ\IAM\Bin\ItVCard.dll] [Cognizance Corporation, 1.01.127] [C:\Program Files\HPQ\IAM\Bin\TrayIcon.dll] [Cognizance Corporation, 1.5.0.102] [C:\Program Files\HPQ\IAM\Bin\NetAdmin.dll] [Cognizance Corporation, 1.5.0.108] [C:\Program Files\HPQ\IAM\bin\1036\NetAdmin.dll] [Cognizance Corporation, 1.5.0.097] [C:\Program Files\HPQ\IAM\Bin\SSOMngr.dll] [Cognizance Corporation, 2.25.0.235b] [C:\Program Files\HPQ\IAM\bin\1036\SSOMngr.dll] [Cognizance Corporation, 2.25.0.232] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\HPQ\IAM\Bin\ASChnl.dll] [Cognizance Corporation, 1.23.0.125] [C:\Program Files\HPQ\IAM\Bin\ittal.dll] [Cognizance Corporation, 1.5.0.141] [C:\Program Files\HPQ\IAM\Bin\STEngine.dll] [Cognizance Corporation, 1.5.0.025] [C:\Program Files\HPQ\IAM\Bin\ItDAC.dll] [Cognizance Corporation, 1.00.173w] [C:\Program Files\HPQ\IAM\Bin\AuthWiz.dll] [Cognizance Corporation, 1.5.0.267] [C:\Program Files\HPQ\IAM\bin\1036\AuthWiz.dll] [Cognizance Corporation, 1.5.0.254] [PID: 2468 / Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\HPQ\IAM\Bin\SFSShell.dll] [Cognizance Corporation, 1.21.0.143] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\Program Files\HPQ\IAM\bin\ItMsg.dll] [Cognizance Corporation, 1.18.0.305] [C:\Program Files\HPQ\IAM\bin\1036\SFSShell.dll] [Cognizance Corporation, 1.18.0.111] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\btncopy.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543] [C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\WINDOWS\System32\DLA\DLASHX_W.DLL] [Sonic Solutions, 5.20.07a] [C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.07a] [C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.07a] [C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll] [Infineon Technologies AG, 1.01.069] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 2088 / Administrateur][C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000] [PID: 2116 / Administrateur][C:\WINDOWS\System32\DLA\DLACTRLW.EXE] [Sonic Solutions, 5.20.07a] [C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.07a] [C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.07a] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 2288 / Administrateur][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.2.16.4 03Mar06] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.16.4 03Mar06] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.2.16.4 03Mar06] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 1704 / Administrateur][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] [Hewlett-Packard Development Company, L.P., 2, 0, 5, 1] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 2412 / Administrateur][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe] [ Hewlett-Packard Development Company, L.P., 6, 0, 5, 1] [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll] [Hewlett-Packard Development Company, L.P., 6, 0, 5, 1] [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.dll] [Hewlett-Packard Company, 6, 0, 5, 1] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [PID: 700 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2528 / Administrateur][C:\WINDOWS\SMINST\Scheduler.exe] [, 1, 0, 3, 6] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 2596 / Administrateur][C:\Program Files\Analog Devices\Core\smax4pnp.exe] [Analog Devices, Inc., 6, 0, 0, 20] [C:\Program Files\Analog Devices\Core\SMWDMIF.dll] [Analog Devices, Inc., 6, 0, 4200, 014] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2972 / Administrateur][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4543] [PID: 3088 / Administrateur][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4543] [PID: 3092 / Administrateur][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543] [PID: 2352 / Administrateur][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4543] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 3416 / Administrateur][C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.10.6] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [PID: 3544 / Administrateur][C:\Program Files\Picasa2\PicasaMediaDetector.exe] [Google Inc., 2.7.36.60] [PID: 4044 / Administrateur][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1472 / Administrateur][C:\Program Files\Windows Media Player\WMPNSCFG.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Windows Media Player\wmpnssci.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [PID: 2076 / Administrateur][C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\wbtapi.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btosif.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btwhidcs.DLL] [Broadcom Corporation., 4.0.1.3300] [C:\Program Files\WIDCOMM\Logiciel Bluetooth\BtBalloon.dll] [Broadcom Corporation., 4.0.1.3300] [C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\btrez.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\CSH.dll] [Blue Sky Software Corporation, 2.00.039] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\WIDCOMM\Logiciel Bluetooth\btkeyind.dll] [N/A, ] [PID: 2436 / Administrateur][C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE] [, 1, 0, 0, 7] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [PID: 2396 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3724 / Administrateur][C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btins.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btosif.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\BtAudioHelper.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btrez.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\CSH.dll] [Blue Sky Software Corporation, 2.00.039] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3252 / Administrateur][C:\Program Files\BitLord\BitLord.exe] [www.BitLord.com, 1.1.] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\params.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.119] [PID: 3020 / Administrateur][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.5: 2007071317] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.5: 2007071317] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.5: 2007071317] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.5: 2007071317] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.5: 2007071317] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.64] [C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.5: 2007071317] [C:\Program Files\WIDCOMM\Logiciel Bluetooth\btkeyind.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\HPQ\IAM\Bin\SFSShell.dll] [Cognizance Corporation, 1.21.0.143] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\Program Files\HPQ\IAM\bin\ItMsg.dll] [Cognizance Corporation, 1.18.0.305] [C:\Program Files\HPQ\IAM\bin\1036\SFSShell.dll] [Cognizance Corporation, 1.18.0.111] [PID: 424 / Administrateur][C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE] [Microsoft Corporation, 11.0.5510] [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLLIB.dll] [Microsoft Corporation, 11.0.5608] [C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.5606] [C:\PROGRA~1\MICROS~2\OFFICE11\1036\outllibr.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Fichiers communs\System\MSMAPI\1036\msmapi32.dll] [Microsoft Corporation, 11.0.5601] [C:\Program Files\Fichiers communs\System\MSMAPI\1036\mapi32.dll] [Microsoft Corporation, 1.0.2536.0] [C:\Program Files\Fichiers communs\SYSTEM\MSMAPI\1036\MAPIR.DLL] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Fichiers communs\SYSTEM\MSMAPI\1036\contab32.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\mcou.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\mapiedk.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\params.ppl] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Fichiers communs\SYSTEM\MSMAPI\1036\mspst32.dll] [Microsoft Corporation, 11.0.5604] [C:\Program Files\Fichiers communs\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.30.2002] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\Microsoft Office\OFFICE11\1036\outlwvw.dll] [Microsoft Corporation, 11.0.5510] [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLRPC.dll] [Microsoft Corporation, 11.0.5510] [C:\PROGRA~1\MICROS~2\OFFICE11\exsec32.dll] [Microsoft Corporation, 11.0.5523] [c:\program files\kaspersky lab\kaspersky internet security 7.0\mailmsg.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\hashmd5.ppl] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\btsendto_office.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btosif.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btsendto.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\WidcommSdk.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\wbtapi.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btosif_ol.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\CSH.dll] [Blue Sky Software Corporation, 2.00.039] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\mcouas.dll] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\winreg.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\trainsup.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\mdb.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\msoe.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\thpimpl.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\FSSync.dll] [Kaspersky Lab, 7.0.5.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\basegui.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\nfio.ppl] [Kaspersky Lab, 7.0.0.119] [c:\program files\kaspersky lab\kaspersky internet security 7.0\fsdrvplg.ppl] [Kaspersky Lab, 7.0.0.119] [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLCTL.DLL] [, ] [C:\Program Files\Microsoft Office\OFFICE11\outlph.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Microsoft Office\OFFICE11\SENDTO.DLL] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] [C:\PROGRA~1\MICROS~2\OFFICE11\msostyle.dll] [Microsoft Corporation, 11.0.5510] [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLMIME.DLL] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Microsoft Office\OFFICE11\RTFHTML.DLL] [Microsoft Corporation, 11.0.5515] [c:\program files\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl] [Kaspersky Lab, 7.0.0.119] [PID: 3692 / Administrateur][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] [Microsoft Corporation, 11.0.5604] [C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.5606] [C:\Program Files\Fichiers communs\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.30.2002] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\btsendto_office.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btosif.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\btsendto.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\WidcommSdk.dll] [Broadcom Corporation., 4.0.1.3300] [C:\WINDOWS\system32\wbtapi.dll] [Broadcom Corporation., 4.0.1.3300] [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\MSSP3FR.DLL] [SYNAPSE Développement, Toulouse (France), 1, 7, 2, 28] [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\mslid.dll] [Microsoft Corporation, 1.0.2305] [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\1036\MSGR3FR.DLL] [Microsoft Corporation, 3.1.2303] [C:\WINDOWS\system32\CSH.dll] [Blue Sky Software Corporation, 2.00.039] [C:\Program Files\HPQ\IAM\Bin\SFSShell.dll] [Cognizance Corporation, 1.21.0.143] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\Program Files\HPQ\IAM\bin\ItMsg.dll] [Cognizance Corporation, 1.18.0.305] [C:\Program Files\HPQ\IAM\bin\1036\SFSShell.dll] [Cognizance Corporation, 1.18.0.111] [C:\Program Files\Microsoft Office\OFFICE11\SENDTO.DLL] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Microsoft Office\OFFICE11\ENVELOPE.DLL] [Microsoft Corporation, 11.0.5530] [C:\Program Files\Microsoft Office\OFFICE11\1036\envelopr.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Fichiers communs\Microsoft Shared\office11\usp10.DLL] [Microsoft Corporation, 1.0471.4030.0 (main.030626-1414)] [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\METCONV.DLL] [Microsoft Corporation, 11.0.5117] [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\INTLNAME.DLL] [Microsoft Corporation, 11.0.5315] [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\FNAME.DLL] [Microsoft Corporation, 11.0.5510] [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\1036\stintl.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL] [Microsoft Corporation, 5.2.3790.120 (srv03_qfe.031205-1652)] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL] [Microsoft Corporation, 5.2.3790.184 (srv03_qfe.040410-1236)] [PID: 2956 / Administrateur][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ] [C:\Program Files\HPQ\IAM\Bin\SFSShell.dll] [Cognizance Corporation, 1.21.0.143] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\Program Files\HPQ\IAM\bin\ItMsg.dll] [Cognizance Corporation, 1.18.0.305] [C:\Program Files\HPQ\IAM\bin\1036\SFSShell.dll] [Cognizance Corporation, 1.18.0.111] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.119] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [PID: 996 / Administrateur][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.250\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.250\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.119] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.119] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf [E:\] [autorun] OPEN=setupSNK.exe ICON=\SMRTNTKY\fcw.ico ACTION=Assistant Réseau sans fil ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1136, C:\PROGRAM FILES\WIDCOMM\LOGICIEL BLUETOOTH\BIN\BTWDINS.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 172, C:\PROGRAM FILES\HEWLETT-PACKARD\SHARED\HPQWMIEX.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2308, C:\PROGRAM FILES\HPQ\IAM\BIN\ASGHOST.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2088, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2116, C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1704, C:\PROGRAM FILES\HPQ\HP WIRELESS ASSISTANT\HP WIRELESS ASSISTANT.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2412, C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2528, C:\WINDOWS\SMINST\SCHEDULER.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2076, C:\PROGRAM FILES\WIDCOMM\LOGICIEL BLUETOOTH\BTTRAY.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2436, C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3724, C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3252, C:\PROGRAM FILES\BITLORD\BITLORD.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2956, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] ================================== API HOOK RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys) ================================== Hidden Process N/A ==================================
  11. number05
    fausse alerte c'est revenu!!! ahhhhhhhhhh
  12. number05
    MERCI Charles tout est rentré dans l'ordre, MERCI, MERCI, Merci. tout marche nickel désormais, je n'ai plus de redirections.
  13. number05
    cela dit , kasper les bloque du premier coup
  14. number05
    les lignes 017 ne sont pas apparues mais j'ai toujours les redirections qui sont bloquées désormais par Kasper: Kaspersky Internet Security 7.0 The requested URL http://64.28.181.146/index.php is forbidden Ci dessous le rapport Hijack This: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:17:09, on 22/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\BitLord\BitLord.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Downloads\number05.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.atlas-grup.com/yukle/resim/wresim%205.jpg -- End of file - 10914 bytes Fixwareout: Username "Administrateur" - 2007-07-22 19:04:50 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.116.66 85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{081CA721-E843-44FB-9D21-36A79FA85DE8} "nameserver"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F16BD61-6270-4C3F-BF6E-797751A4F020} "nameserver"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE} "nameserver"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158} "nameserver"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{198BD5FF-5FB2-4AF7-8432-231E6EC0D561} "DhcpNameServer"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F16BD61-6270-4C3F-BF6E-797751A4F020} "DhcpNameServer"="85.255.116.66,85.255.112.80" <Value cleared. Cache de résolution DNS vidé. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "MsmqIntCert"="regsvr32 /s mqrt.dll" "SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start" "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "CognizanceTS"="rundll32.exe C:\\PROGRA~1\\HPQ\\IAM\\Bin\\AsTsVcc.dll,RegisterModule" "QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\ 74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\ 68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\ 61,72,74,00 "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "Recguard"="C:\\WINDOWS\\Sminst\\Recguard.exe" "Reminder"="C:\\WINDOWS\\Creator\\Remind_XP.exe" "Scheduler"="C:\\WINDOWS\\SMINST\\Scheduler.exe" "WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\"" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe" "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
  15. number05
    salut charles, voici le rapport à priori rien n'a changé, mais Kaspersky est entrain de bloquer les redirections l'adresse IP est la suivante 195.225.177.18.. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14:27:44, on 22/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BitLord\BitLord.exe C:\Downloads\number05.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.atlas-grup.com/yukle/resim/wresim%205.jpg -- End of file - 12165 bytes
  16. number05
    Bonjour Charles, ci-plus bàs le rapport NAVILOG: Search Navipromo version 2.0.5 commencé le 22/07/2007 à 10:53:30,21 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of October, 2007. Version information: 2.2.1064. [+] Started on 07/22/07 at 10:53:33. [+] Initializing ... [+] Starting scan, press Ctrl-C to abort. [+] Scanning for hidden items ......................................................................... [+] Scan complete. [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming. [+] Exited on 07/22/07 at 11:01:44 (return code = 0). *** Recherche fichiers *** *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * ** *** **** ***** ****** ******* ******** 3)Recherche Certificats : *** Analyse Terminé le 22/07/2007 à 11:02:00,25 *** Hijack this: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:08:28, on 22/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Downloads\number05.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.atlas-grup.com/yukle/resim/wresim%205.jpg -- End of file - 12029 bytes
  17. number05
    en revanche je ne tombe plus sur la page.
  18. number05
    Désolé charles mais j'ai toujours des problèmes de redirections
  19. number05
    Bonjour Charles voici le rapport PANDA: Incident Statut Analyse Outil indésirable:Application/NirCmd.A No Désinfecté C:\ComboFix\nircmd.cfexe Outil indésirable:Application/NirCmd.A No Désinfecté C:\ComboFix\nircmd.exe Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[.xiti.com/] Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[.advertising.com/] Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[.adtech.de/] Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[.2o7.net/] Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[.overture.com/] Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7dphcckb.default\cookies.txt[.bluestreak.com/] Virus:Generic Malware Désinfecté C:\Downloads\ComboFix.exe Outil indésirable:Application/MyWebSearch No Désinfecté C:\Downloads\Nero-6.6.1.15a.exe[Toolbar.exe] Outil indésirable:Application/NirCmd.A No Désinfecté C:\fixwareout\FindT\nircmd.exe Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe
  20. number05
    si si j'ai IE7 sur mon ordinateur, pourraije faire un scan avec kasper???? parce que j'ai des problèmes avec le active X, panda ne veut pas se lancer
  21. number05
    juste une petite précision, je navigue avec firefox
  22. number05
    voici les deux rapports: Fixwareout: Username "Administrateur" - 2007-07-11 15:03:33 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.116.66 85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{081CA721-E843-44FB-9D21-36A79FA85DE8} "nameserver"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F16BD61-6270-4C3F-BF6E-797751A4F020} "nameserver"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE} "nameserver"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158} "nameserver"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{198BD5FF-5FB2-4AF7-8432-231E6EC0D561} "DhcpNameServer"="85.255.116.66,85.255.112.80" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F16BD61-6270-4C3F-BF6E-797751A4F020} "DhcpNameServer"="85.255.116.66,85.255.112.80" <Value cleared. Cache de résolution DNS vidé. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "MsmqIntCert"="regsvr32 /s mqrt.dll" "SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start" "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "CognizanceTS"="rundll32.exe C:\\PROGRA~1\\HPQ\\IAM\\Bin\\AsTsVcc.dll,RegisterModule" "QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\ 74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\ 68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\ 61,72,74,00 "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "Recguard"="C:\\WINDOWS\\Sminst\\Recguard.exe" "Reminder"="C:\\WINDOWS\\Creator\\Remind_XP.exe" "Scheduler"="C:\\WINDOWS\\SMINST\\Scheduler.exe" "WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\"" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» >>> DiagHELP DiagHelp version v1.1.2 - http://www.malekal.com excute le 11/07/2007 à 15:20:50,57 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\fidbox2.dat -->11/07/2007 15:17:45 C:\WINDOWS\System32/drivers\fidbox.dat -->11/07/2007 15:16:14 C:\WINDOWS\System32/drivers\fidbox2.idx -->11/07/2007 15:05:04 C:\WINDOWS\System32/drivers\fidbox.idx -->11/07/2007 15:05:04 C:\WINDOWS\System32/drivers\103C_HP_NTBK_HP Compaq nx6310 (EY376EA#ABF)_YN_0U_QCNU6390TNL_E404611054_46_I30AA_SHP_VKBC Version 58.11_B68YDU Ver. F.08_T060727_WXP2_L40C_M504_J80_7Intel_8T2400_91.83_#060824_N14E4170C_(EY376EA#ABF)_XMOBILE_CN10.MRK -->10/06/2007 13:07:02 C:\WINDOWS\System32/drivers\klif.cab -->31/05/2007 09:12:16 C:\WINDOWS\System32/drivers\klin.dat -->22/05/2007 10:22:59 C:\WINDOWS\System32\wpa.dbl -->11/07/2007 15:06:37 C:\WINDOWS\System32\lsass.log -->11/07/2007 15:05:50 C:\WINDOWS\System32\sound.tra -->08/07/2007 20:34:32 C:\WINDOWS\System32\screenSaver.tra -->08/07/2007 20:34:32 C:\WINDOWS\System32\nFrame.tra -->08/07/2007 20:34:32 C:\WINDOWS\System32\JkmFile.tra -->08/07/2007 20:34:32 C:\WINDOWS\System32\files.tra -->08/07/2007 20:34:32 C:\WINDOWS\System32\InstallUtil.InstallLog -->10/06/2007 13:41:58 C:\WINDOWS\System32\PerfStringBackup.INI -->10/06/2007 13:37:11 C:\WINDOWS\System32\perfh00C.dat -->10/06/2007 13:37:11 C:\WINDOWS\System32\perfh009.dat -->10/06/2007 13:37:11 C:\WINDOWS\System32\perfc00C.dat -->10/06/2007 13:37:11 C:\WINDOWS\System32\perfc009.dat -->10/06/2007 13:37:11 C:\WINDOWS\System32\MRT.exe -->06/06/2007 07:38:41 C:\WINDOWS\System32\nscompat.tlb -->03/06/2007 11:22:48 C:\WINDOWS\System32\amcompat.tlb -->03/06/2007 11:22:48 C:\WINDOWS\System32\divxsm.tlb -->31/05/2007 07:45:07 C:\WINDOWS\System32\DivXsm.exe -->31/05/2007 07:45:07 C:\WINDOWS\System32\divx_xx07.dll -->31/05/2007 07:44:55 C:\WINDOWS\System32\divx_xx11.dll -->31/05/2007 07:44:54 C:\WINDOWS\System32\divx_xx0c.dll -->31/05/2007 07:44:54 C:\WINDOWS\System32\DivX.dll -->31/05/2007 07:44:54 C:\WINDOWS\System32\divxdec.ax -->31/05/2007 07:44:42 C:\WINDOWS\System32\klogon.dll -->19/05/2007 22:37:14 C:\WINDOWS\System32\FNTCACHE.DAT -->19/05/2007 08:50:32 C:\WINDOWS\WindowsUpdate.log -->11/07/2007 15:07:03 C:\WINDOWS.log -->11/07/2007 15:06:31 C:\WINDOWS\bootstat.dat -->11/07/2007 15:05:49 C:\WINDOWS\SchedLgU.Txt -->11/07/2007 15:04:55 C:\WINDOWS\KB936357.log -->11/07/2007 14:23:53 C:\WINDOWS\NeroDigital.ini -->11/07/2007 12:38:20 C:\WINDOWS\wiaservc.log -->11/07/2007 12:17:59 C:\WINDOWS\wiadebug.log -->11/07/2007 12:17:57 C:\WINDOWS\setupact.log -->10/07/2007 12:15:47 C:\WINDOWS\wmsetup.log -->08/07/2007 21:10:37 C:\WINDOWS\setupapi.log -->04/07/2007 17:54:09 C:\WINDOWS\IE4 Error Log.txt -->01/07/2007 12:51:13 C:\WINDOWS\tsoc.log -->14/06/2007 03:03:04 C:\WINDOWS\tabletoc.log -->14/06/2007 03:03:04 C:\WINDOWS\ocmsn.log -->14/06/2007 03:03:04 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5D16-ECEA Répertoire de C:\WINDOWS\system32 05/08/2004 09:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 28 105 342 976 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5D16-ECEA Répertoire de C:\WINDOWS\Downloaded Program Files 16/04/2007 14:40 <REP> . 16/04/2007 14:40 <REP> .. 17/08/2004 09:07 65 desktop.ini 25/07/2002 17:13 24 576 dwusplay.dll 25/07/2002 17:13 196 608 dwusplay.exe 23/03/2007 11:17 1 292 erma.inf 27/07/2004 15:48 323 584 isusweb.dll 5 fichier(s) 546 125 octets Total des fichiers listés : 5 fichier(s) 546 125 octets 2 Rép(s) 28 105 342 976 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-11 15:21:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ??4B??????????????hB? ?????? scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 204 - svchost.exe 272 - mqsvc.exe 368 - svchost.exe 396 - dllhost.exe 636 - WINWORD.EXE 648 - asghost.exe 732 - wmpnetwk.exe 768 - HP Wireless Ass 888 - cmd.exe 1016 - msdtc.exe 1124 - guard.exe 1136 - avp.exe 1156 - btwdins.exe 1228 - svchost.exe 1332 - notepad.exe 1368 - MDM.EXE 1560 - csrss.exe 1588 - winlogon.exe 1632 - services.exe 1644 - lsass.exe 1828 - svchost.exe 1884 - svchost.exe 1920 - hkcmd.exe 1968 - svchost.exe 2000 - HPQTOA~1.EXE 2148 - Scheduler.exe 2152 - hpwuSchd2.exe 2228 - BitLord.exe 2280 - pthosttr.exe 2284 - SynTPEnh.exe 2344 - explorer.exe 2392 - WinRAR.exe 2440 - ctfmon.exe 2468 - firefox.exe 2572 - igfxpers.exe 2576 - wmiprvse.exe 2728 - alg.exe 2972 - BTTray.exe 2996 - OUTLOOK.EXE 3132 - avp.exe 3176 - avgas.exe 3284 - BTSTAC~1.EXE 3296 - smax4pnp.exe 3304 - igfxtray.exe 3552 - QLBCTRL.exe 3648 - wmpnscfg.exe 4044 - DLACTRLW.EXE Total number of processes = 48 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F8972000 - \WINDOWS\system32\KDCOM.DLL F8882000 - \WINDOWS\system32\BOOTVID.dll F8342000 - ACPI.sys F8974000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F8331000 - pci.sys F8472000 - isapnp.sys F8482000 - ohci1394.sys F8492000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F8886000 - compbatt.sys F888A000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F8A3A000 - pciide.sys F86F2000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8976000 - intelide.sys F8978000 - viaide.sys F897A000 - aliide.sys F8313000 - pcmcia.sys F84A2000 - MountMgr.sys F82F4000 - ftdisk.sys F897C000 - dmload.sys F82CE000 - dmio.sys F888E000 - ACPIEC.sys F8A3B000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F86FA000 - PartMgr.sys F84B2000 - VolSnap.sys F82B6000 - atapi.sys F81E0000 - iaStor.sys F84C2000 - disk.sys F84D2000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F81C0000 - fltMgr.sys F81AE000 - sr.sys F8198000 - DRVMCDB.SYS F84E2000 - PxHelp20.sys F8181000 - KSecDD.sys F80F4000 - Ntfs.sys F80C7000 - NDIS.sys F80AC000 - Mup.sys F8090000 - kl1.sys F8702000 - \WINDOWS\system32\drivers\TDI.SYS F8522000 - \SystemRoot\system32\DRIVERS\nic1394.sys F8542000 - \SystemRoot\system32\DRIVERS\intelppm.sys F6E11000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys F6DFD000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F6DD8000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F6C7B000 - \SystemRoot\system32\DRIVERS\w39n51.sys F87AA000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F6C58000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F87B2000 - \SystemRoot\system32\DRIVERS\usbehci.sys F8552000 - \SystemRoot\system32\DRIVERS\bcm4sbxp.sys F8562000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F87BA000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F6C28000 - \SystemRoot\system32\DRIVERS\SynTP.sys F89BE000 - \SystemRoot\system32\DRIVERS\USBD.SYS F87C2000 - \SystemRoot\system32\DRIVERS\mouclass.sys F8572000 - \SystemRoot\system32\DRIVERS\imapi.sys F89C0000 - \SystemRoot\System32\Drivers\DLACDBHM.SYS F8582000 - \SystemRoot\system32\DRIVERS\cdrom.sys F8592000 - \SystemRoot\system32\DRIVERS\redbook.sys F6C05000 - \SystemRoot\system32\DRIVERS\ks.sys F8936000 - \SystemRoot\system32\DRIVERS\cpqbttn.sys F85A2000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F87CA000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F893A000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F893E000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys F6A98000 - \SystemRoot\system32\DRIVERS\btkrnl.sys F87D2000 - \SystemRoot\system32\DRIVERS\klim5.sys F8AE0000 - \SystemRoot\system32\DRIVERS\audstub.sys F85B2000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F8946000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F6A81000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F85C2000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F85D2000 - \SystemRoot\system32\DRIVERS\raspptp.sys F6A70000 - \SystemRoot\system32\DRIVERS\psched.sys F85E2000 - \SystemRoot\system32\DRIVERS\msgpc.sys F87DA000 - \SystemRoot\system32\DRIVERS\ptilink.sys F87E2000 - \SystemRoot\system32\DRIVERS\raspti.sys F6A3F000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F85F2000 - \SystemRoot\system32\DRIVERS\termdd.sys F89C2000 - \SystemRoot\system32\DRIVERS\swenum.sys F6A0B000 - \SystemRoot\system32\DRIVERS\update.sys F895A000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F8068000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F6F7E000 - \SystemRoot\System32\Drivers\NDProxy.SYS A4E25000 - \SystemRoot\system32\drivers\ADIHdAud.sys A4E01000 - \SystemRoot\system32\drivers\portcls.sys A6154000 - \SystemRoot\system32\drivers\drmk.sys A4DDB000 - \SystemRoot\system32\drivers\AEAudio.sys A4CC0000 - \SystemRoot\system32\DRIVERS\AGRSM.sys A6036000 - \SystemRoot\System32\Drivers\Modem.SYS A6134000 - \SystemRoot\system32\DRIVERS\usbhub.sys A484E000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS A57F3000 - \SystemRoot\System32\Drivers\Null.SYS A484C000 - \SystemRoot\System32\Drivers\Beep.SYS A5F30000 - \SystemRoot\System32\Drivers\DLARTL_N.SYS A57AA000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys A58C9000 - \SystemRoot\System32\Drivers\btwusb.sys A5F28000 - \SystemRoot\System32\drivers\vga.sys A4848000 - \SystemRoot\System32\Drivers\mnmdd.SYS A4846000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys A5F20000 - \SystemRoot\System32\Drivers\Msfs.SYS A5F18000 - \SystemRoot\System32\Drivers\Npfs.SYS A5749000 - \SystemRoot\system32\DRIVERS\rasacd.sys A4700000 - \SystemRoot\system32\DRIVERS\ipsec.sys A34E2000 - \SystemRoot\system32\DRIVERS\tcpip.sys A288D000 - \SystemRoot\system32\DRIVERS\netbt.sys A229F000 - \SystemRoot\System32\drivers\afd.sys A984E000 - \SystemRoot\system32\DRIVERS\netbios.sys F8A0C000 - \SystemRoot\system32\DRIVERS\eabfiltr.sys A0F8D000 - \SystemRoot\system32\DRIVERS\rdbss.sys A02E2000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys 9FD0A000 - \??\C:\WINDOWS\system32\drivers\klif.sys 9FCC1000 - \SystemRoot\system32\DRIVERS\ipnat.sys A110D000 - \SystemRoot\system32\DRIVERS\wanarp.sys A0142000 - \SystemRoot\system32\DRIVERS\btport.sys 9FCA3000 - \SystemRoot\system32\DRIVERS\btwdndis.sys 9FC40000 - \SystemRoot\system32\drivers\btaudio.sys A013A000 - \SystemRoot\system32\DRIVERS\btwmodem.sys A0938000 - \SystemRoot\system32\DRIVERS\arp1394.sys A0908000 - \SystemRoot\System32\Drivers\Fips.SYS 9FBDF000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys A048B000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys A08E8000 - \SystemRoot\System32\Drivers\Cdfs.SYS 9FB09000 - \SystemRoot\System32\Drivers\dump_iaStor.sys BF800000 - \SystemRoot\System32\win32k.sys 9FCEE000 - \SystemRoot\System32\drivers\Dxapi.sys 9FDDC000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys A0493000 - \SystemRoot\System32\drivers\dxgthk.sys BF9E4000 - \SystemRoot\System32\ialmdnt5.dll BF9D5000 - \SystemRoot\System32\ialmrnt5.dll BFA06000 - \SystemRoot\System32\ialmdev5.DLL BFA41000 - \SystemRoot\System32\ialmdd5.DLL AAD35000 - \SystemRoot\System32\Drivers\DRVNDDM.SYS F8B5D000 - \SystemRoot\System32\DLA\DLADResN.SYS 9FAF3000 - \SystemRoot\System32\DLA\DLAIFS_M.SYS F67DA000 - \SystemRoot\System32\DLA\DLAOPIOM.SYS F8A36000 - \SystemRoot\System32\DLA\DLAPoolM.SYS F878A000 - \SystemRoot\System32\DLA\DLABOIOM.SYS 9FADB000 - \SystemRoot\System32\DLA\DLAUDFAM.SYS 9FAC5000 - \SystemRoot\System32\DLA\DLAUDF_M.SYS A98DE000 - \SystemRoot\system32\DRIVERS\ndisuio.sys 9FA70000 - \SystemRoot\system32\DRIVERS\mrxdav.sys 9F9B7000 - \SystemRoot\System32\Drivers\HTTP.sys 9F93D000 - \SystemRoot\system32\DRIVERS\srv.sys 9F8DB000 - \??\C:\WINDOWS\system32\drivers\mqac.sys 9F881000 - \??\C:\WINDOWS\system32\drivers\RMCast.sys 9F4D4000 - \SystemRoot\system32\drivers\wdmaud.sys F791A000 - \SystemRoot\system32\drivers\sysaudio.sys 9D8AD000 - \SystemRoot\system32\drivers\kmixer.sys F8AFD000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 151 Liste des programmes installes 3D Sea Aquarium Adobe Flash Player ActiveX Adobe Reader 8.1.0 - Français Adobe Shockwave Player Agere Systems HDA Modem Application Installer 4.00.B5 Archiveur WinRAR AutoUpdate AVG Anti-Spyware 7.5 BitLord 1.1 Broadcom 440x 10/100 Integrated Controller Correctif pour Windows XP (KB896243) Correctif pour Windows XP (KB896256) Correctif pour Windows XP (KB909095) Correctif pour Windows XP (KB910728) Correctif pour Windows XP (KB912436) Correctif pour Windows XP (KB914440) Correctif pour Windows XP (KB915326) Correctif pour Windows XP (KB918005) Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB884575 Correctif Windows XP - KB885250 Correctif Windows XP - KB885464 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885855 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888113 Correctif Windows XP - KB888239 Correctif Windows XP - KB888302 Correctif Windows XP - KB888402 Correctif Windows XP - KB889673 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB892559 DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD Decrypter (Remove Only) eMule Google Talk (remove only) Google Toolbar for Internet Explorer HijackThis 2.0.0 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Backup & Recovery Manager Pre-Load Module HP BIOS Configuration for ProtectTools 2.00 E1 HP Credential Manager for ProtectTools HP Help and Support HP Integrated Module with Bluetooth wireless technology HP Notebook Accessories Product Tour HP ProtectTools Security Manager 2.00 C3 HP Quick Launch Buttons 6.00 H1 HP Smart Card Security for ProtectTools 5.00 D4 HP Software Update HP User Guides 0015 HP Wireless Assistant 2.00 E1 HpSdpAppCoreApp Installation de HP Backup and Recovery Manager Intel® Graphics Media Accelerator Driver InterVideo DVD Check IrfanView (remove only) J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 6 Java SE Runtime Environment 6 Update 1 Kaspersky Internet Security 7.0 Kaspersky Internet Security 7.0 Lecteur Windows Media 11 LightScribe 1.4.105.1 LiveUpdate 3.0 (Symantec Corporation) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Office XP Professional avec FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mozilla Firefox (2.0.0.3) Mozilla Firefox (2.0.0.4) MSN Nero 6 Enterprise Edition NeroVision Express 2 Picasa 2 QuickTime Alternative 1.81 Radio Media Player Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic DLA Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager SoundMAX Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Connect Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 XnView 1.91.1 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5D16-ECEA Répertoire de C:\Program Files 04/07/2007 12:28 <REP> . 04/07/2007 12:28 <REP> .. 31/05/2007 11:24 <REP> 3D Sea Aquarium 12/06/2007 17:16 <REP> Adobe 15/05/2007 22:24 <REP> Ahead 08/01/2007 17:31 <REP> Analog Devices 10/05/2007 09:18 <REP> BitLord 16/05/2007 16:08 <REP> Broadcom 08/01/2007 17:31 <REP> ComPlus Applications 12/06/2007 09:47 <REP> DivX 03/07/2007 12:14 <REP> DVD Decrypter 10/07/2007 14:17 <REP> eMule 09/06/2007 11:48 <REP> Fichiers communs 08/01/2007 17:31 <REP> Fingerprint Sensor 19/06/2007 17:12 <REP> Google 22/05/2007 19:28 <REP> Grisoft 10/06/2007 13:06 <REP> Hewlett-Packard 08/01/2007 17:31 <REP> Hp 10/06/2007 13:29 <REP> HPQ 16/05/2007 16:22 <REP> Intel 27/06/2007 17:29 <REP> Internet Explorer 04/07/2007 18:04 <REP> InterVideo 15/05/2007 10:22 <REP> IrfanView 21/04/2007 10:30 <REP> Java 31/05/2007 09:14 <REP> Kaspersky Lab 08/01/2007 17:31 <REP> Messenger 08/01/2007 17:31 <REP> microsoft frontpage 10/05/2007 11:43 <REP> Microsoft Office 08/01/2007 08:53 <REP> Microsoft Visual Studio 10/05/2007 11:43 <REP> Microsoft.NET 08/01/2007 17:31 <REP> Movie Maker 03/06/2007 08:46 <REP> Mozilla Firefox 03/02/2007 09:33 <REP> MSN 08/01/2007 17:31 <REP> MSN Gaming Zone 16/04/2007 14:49 <REP> MSN Messenger 08/01/2007 17:31 <REP> NetMeeting 08/01/2007 17:31 <REP> Online Services 14/06/2007 03:03 <REP> Outlook Express 15/05/2007 15:34 <REP> Picasa2 26/06/2007 16:59 <REP> QuickTime Alternative 08/01/2007 08:37 <REP> Raccourcis de programmes 08/01/2007 17:31 <REP> Services en ligne 08/01/2007 17:31 <REP> Sonic 22/05/2007 09:47 <REP> Symantec 08/01/2007 17:31 <REP> Synaptics 08/01/2007 08:45 <REP> WIDCOMM 10/06/2007 13:41 <REP> Windows Media Connect 03/06/2007 09:47 <REP> Windows Media Connect 2 04/06/2007 15:03 <REP> Windows Media Player 08/01/2007 17:31 <REP> Windows NT 12/05/2007 10:46 <REP> WinRAR 08/01/2007 17:31 <REP> xerox 04/07/2007 12:28 <REP> XnView 0 fichier(s) 0 octets 53 Rép(s) 28 105 342 976 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5D16-ECEA Répertoire de C:\Program Files\fichiers communs 09/06/2007 11:48 <REP> . 09/06/2007 11:48 <REP> .. 12/06/2007 17:17 <REP> Adobe 15/05/2007 22:20 <REP> Ahead 08/01/2007 08:53 <REP> Designer 08/01/2007 17:31 <REP> InstallShield 08/01/2007 17:31 <REP> Java 16/06/2007 12:18 <REP> LightScribe 10/05/2007 11:45 <REP> Microsoft Shared 08/01/2007 17:31 <REP> MSSoap 08/01/2007 17:31 <REP> ODBC 08/01/2007 17:31 <REP> Services 08/01/2007 17:31 <REP> Sonic Shared 08/01/2007 17:31 <REP> SpeechEngines 08/01/2007 17:31 <REP> SureThing Shared 22/05/2007 10:02 <REP> Symantec Shared 14/06/2007 03:03 <REP> System 08/01/2007 17:31 <REP> TiVo Shared 0 fichier(s) 0 octets 18 Rép(s) 28 105 342 976 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5D16-ECEA Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 10/05/2007 11:44 <REP> . 10/05/2007 11:44 <REP> .. 10/05/2007 11:44 <REP> 1033 10/05/2007 11:44 <REP> 1036 11/07/2003 09:15 1 292 872 MSONSEXT.DLL 15/07/2003 05:52 35 896 MSOSV.DLL 03/06/1999 06:09 122 937 MSOWS409.DLL 07/03/2001 01:00 127 033 MSOWS40c.DLL 06/08/2000 09:04 401 462 MSVCP60.DLL 22/01/2001 03:25 69 632 PKMAXCTL.DLL 22/01/2001 03:25 872 448 PKMCDO.DLL 22/01/2001 03:25 159 744 PKMCORE.DLL 07/02/2001 09:59 106 496 PKMFORMS.DLL 12/02/2001 04:03 684 032 PKMRES.DLL 22/01/2001 03:25 28 672 PKMSSTLB.DLL 22/01/2001 03:25 40 960 PKMTEMPL.DLL 22/01/2001 03:25 24 576 PKMTRACE.DLL 11/07/2003 01:25 80 448 PKMWS.DLL 22/01/2001 03:25 237 568 PROMDEMO.DLL 22/01/2001 03:25 184 320 SECMGR.DLL 22/01/2001 03:25 323 584 VAIDDMGR.DLL 22/01/2001 03:25 32 768 VAIMEM.DLL 18 fichier(s) 4 825 448 octets 4 Rép(s) 28 105 342 976 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5D16-ECEA Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 28 105 342 976 octets libres c:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x0\connectaddin6x0.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.0.119\French\setup.exe c:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x0\connecthook.dll c:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x0\connectsprd.dll c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\libola.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Merci d'vance pour ton aide Charles
  23. number05
    bonjour à tous, ci dessous mon rapport Hijack this. j'ai un problème qui m'enerve à chaque fois que je me trompes de sites je me connete fatalement sur un site chelou (search @hand par exemple). Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:32:01, on 11/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\BitLord\BitLord.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Downloads\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O17 - HKLM\System\CCS\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F16BD61-6270-4C3F-BF6E-797751A4F020}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{B9525F88-4CD4-4AD2-80DE-0F6F8D698DFE}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\..\{D91300FA-E7D6-495C-BE9D-7CF6A26FD158}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O17 - HKLM\System\CS2\Services\Tcpip\..\{081CA721-E843-44FB-9D21-36A79FA85DE8}: NameServer = 85.255.116.66,85.255.112.80 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/03/clip_image002.gif O24 - Desktop Component 1: (no name) - http://www.atlas-grup.com/yukle/resim/wresim%205.jpg -- End of file - 11975 bytes
  24. number05
    le 2me est introuvable
  25. number05
    voila ce que ça donne pour le premier (HP imprimante!!) zhp1018.exe: Complete scanning result of "zshp1018.exe", received in VirusTotal at 03.31.2007, 00:37:26 (CET). Antivirus Version Update Result AhnLab-V3 2007.3.30.0 03.30.2007 no virus found AntiVir 7.3.1.46 03.30.2007 no virus found Authentium 4.93.8 03.30.2007 no virus found Avast 4.7.936.0 03.30.2007 no virus found AVG 7.5.0.447 03.30.2007 no virus found BitDefender 7.2 03.31.2007 no virus found CAT-QuickHeal 9.00 03.30.2007 no virus found ClamAV devel-20070312 03.30.2007 no virus found DrWeb 4.33 03.30.2007 no virus found eSafe 7.0.15.0 03.29.2007 no virus found eTrust-Vet 30.6.3524 03.30.2007 no virus found Ewido 4.0 03.30.2007 no virus found FileAdvisor 1 03.31.2007 No threat detected Fortinet 2.85.0.0 03.30.2007 no virus found F-Prot 4.3.1.45 03.30.2007 no virus found F-Secure 6.70.13030.0 03.30.2007 no virus found Ikarus T3.1.1.3 03.30.2007 no virus found Kaspersky 4.0.2.24 03.30.2007 no virus found McAfee 4996 03.30.2007 no virus found Microsoft 1.2306 03.30.2007 no virus found NOD32v2 2158 03.30.2007 no virus found Norman 5.80.02 03.30.2007 no virus found Panda 9.0.0.4 03.30.2007 no virus found Prevx1 V2 03.31.2007 Win32.Malware.gen Sophos 4.16.0 03.30.2007 no virus found Sunbelt 2.2.907.0 03.29.2007 no virus found Symantec 10 03.31.2007 no virus found TheHacker 6.1.6.083 03.30.2007 no virus found UNA 1.83 03.16.2007 no virus found VBA32 3.11.3 03.30.2007 no virus found VirusBuster 4.3.7:9 03.30.2007 no virus found Webwasher-Gateway 6.0.1 03.30.2007 no virus found Aditional Information File size: 442368 bytes MD5: beed68f5acd0fe6e0a214cc4262c06e5 SHA1: 93b62937fe64b1479c754c909f1328e0e64b598e Bit9 info: http://fileadvisor.bit9.com/services/extin...a214cc4262c06e5 Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=0fa028132568
×
×
  • Créer...