Matth32

Salut, alors j'ai fait le scan en ligne, il me trouve encore des trojans,.. par contre je peut pas désinfecter car faut être menbre apparement. Voici le rapporrt ci dessous, sinon je n'ai plus accès au pc infecté jusqu'a vendredi donc je pourrai rien y faire dessus, je reprendrai ce week end. ;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-01-01 17:38:51 PROTECTIONS: 0 MALWARE: 50 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00101185 HackTool/Gendel.A SecRisk No 0 Yes No C:\Program Files\PowerDyn\SETUP\GENDEL32.EX_ 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.casalemedia.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.casalemedia.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Cookies\baque@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.atdmt.com/] 00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\Process.exe 00139535 Application/Processor HackTools No 0 No No D:\logiciels\Sécurité\SDFix.exe[sDFix\apps\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\SDFix\APPS\Process.exe 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.tradedoubler.com/] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.tradedoubler.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.247realmedia.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.fastclick.net/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.mediaplex.com/] 00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.sexlist.com/] 00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.sexlist.com/] 00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.sexlist.com/] 00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.sexlist.com/] 00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.sexlist.com/] 00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.sexlist.com/] 00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.spylog.com/] 00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.paycounter.com/] 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.clickbank.net/] 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.revenue.net/] 00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.kinghost.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.com.com/] 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.yadro.ru/] 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.yadro.ru/] 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.yadro.ru/] 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.yadro.ru/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.xiti.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Cookies\baque@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.xiti.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.xiti.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.statcounter.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[ad.yieldmanager.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.apmebf.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.apmebf.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.bs.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.bs.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.bs.serving-sys.com/] 00168095 Cookie/888 TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.888.com/] 00168095 Cookie/888 TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.888.com/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.weborama.fr/] 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Cookies\baque@weborama[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.adtech.de/] 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.adtech.de/] 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[stat.onestat.com/] 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[stat.onestat.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[fl01.ct2.comclick.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[fl01.ct2.comclick.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[fl01.ct2.comclick.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[fl01.ct2.comclick.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[fl01.ct2.comclick.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[fl01.ct2.comclick.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[fl01.ct2.comclick.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[fl01.ct2.comclick.com/] 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[fl01.ct2.comclick.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.advertising.com/] 00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adopt.hbmediapro.com/] 00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adopt.hbmediapro.com/] 00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adopt.hbmediapro.com/] 00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adopt.hbmediapro.com/] 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[statse.webtrendslive.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.overture.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.questionmarket.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.zedo.com/] 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.metriweb.be/] 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.bluestreak.com/] 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.bluestreak.com/] 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.bluestreak.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.adrevolver.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adultfriendfinder.com/] 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[searchportal.information.com/] 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.adviva.net/] 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.adviva.net/] 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.adviva.net/] 00223611 Trj/Crypt.AQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\SDFix\BACKUPS\BACKUPS.ZIP[backups/mswindtc.exe] 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.errorsafe.com/] 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.errorsafe.com/] 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.errorsafe.com/] 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.errorsafe.com/] 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.errorsafe.com/] 00263700 Cookie/E-eliminator TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.evidence-eliminator.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\FOUND.001\FILE0001.CHK[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.smartadserver.com/] 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Baque\Application Data\Mozilla\Firefox\Profiles\DEFAULT.FO1\COOKIES.TXT[.smartadserver.com/] 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.drivecleaner.com/] 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.drivecleaner.com/] 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.drivecleaner.com/] 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\FOUND.005\FILE0000.CHK[.drivecleaner.com/] 00324988 adware/webattaker Adware No 0 Yes No c:\windows\uniq 01132558 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\MX25.EXE 02426288 Trj/Downloader.MDW Virus/Trojan No 1 Yes No D:\Cracking_Hacking\ATTENTION Trojan\y3krat2k5rc10.zip[srvIconChange.exe] 02426923 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\FlashGet\FLASHGET.EXE 02684897 Application/AVSystemCare HackTools No 0 Yes No C:\Documents and Settings\Baque\Application Data\setup_en[1].exe ;=================================================================================================================================================================================== SUSPECTS Location ;=================================================================================================================================================================================== ;===================================================================================================================================================================================

Nickel ca marche, c'était pas l'infexion que tu avait vu qui était la cause ou c'est juste que le scan ELIBAGLA ne marchait pas bien, j'aime bien savoir. Le fichier .reg modifie des infos dans la base de registres, c'est bien ca? Apparement, il me restait bien des traces de trojans sur mon disque d'apres le scan et le rapport. Au fait, j'en profite pour poser une question, je viens de mettre le sp2 et mon pc a l'air de bloquer au démarrage de windows pendant une dizaine de secondes, connait-tu un soft pour anlyser le démarrage (fichier lancé, ...) sinon je vais essayer dee voir avec BootVis. Voici le rapport de SDFix : SDFix: Version 1.120 Run by Administrateur on 30/12/2007 at 20:39 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\ADMINI~1\Bureau\NOUVEA~1\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\ERASEM~4.EXE - Deleted C:\WINDOWS\SYSTEM32\ERASEM~3.EXE - Deleted C:\WINDOWS\system32\eraseme_31551.exe - Deleted C:\WINDOWS\system32\eraseme_27451.exe - Deleted C:\WINDOWS\system32\mswindtc.exe - Deleted C:\WINDOWS\system32\TFTP1312 - Deleted C:\WINDOWS\system32\TFTP1296 - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-30 20:43:01 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\System32\\wbem\\scrcons32.exe"="C:\\WINDOWS\\System32\\wbem\\scrcons32.exe:*:Enabled:WMI Standard Event Consumer - Scripting" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\DOCUME~1\ADMINI~1\Bureau\NOUVEA~1\SDFix\backups\backups.zip Files with Hidden Attributes: Thu 19 Aug 2004 1,667,584 ...H. --- "C:\Program Files\Messenger\msmsgs.exe" Thu 19 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe" Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Thu 13 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Finished! Dans tous les cas, Merci beaucoup pour ta réparation et pour le temps passé sur mon pb

Alors j'ai bien fait l'analyse avec ELIBAGLA mais il me trouve rien, du coup le mode sans échec n'est toujours pas accessible. Voici le rapport (je l'ai passé deux fois au cas ou). Sinon effectivement les entrées enlevées étaient car je connaissait pas et me parraissaient suspecte. Voici le rapport quand même : Sun Dec 30 12:35:10 2007 EliBagle v10.79 ©2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Sun Dec 30 12:35:50 2007 EliBagle v10.79 ©2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 3300 Nº Total de Ficheros: 41135 Nº de Ficheros Analizados: 10378 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Sun Dec 30 12:52:02 2007 EliBagle v10.79 ©2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Sun Dec 30 12:52:14 2007 EliBagle v10.79 ©2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 3307 Nº Total de Ficheros: 41138 Nº de Ficheros Analizados: 10411 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0

Voici le rapport, sinon oui pour Kaspersky je sais mais vu que je suis en trial version je préfère garder Kerio pour le moment ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\DcomLaunch <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\vds <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF} <SANS NOM> REG_SZ Volume shadow copy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\DcomLaunch <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ip6fw.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ipnat.sys <SANS NOM> REG_SZ Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Ndisuio <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\sharedaccess <SANS NOM> REG_SZ Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\WZCSVC <SANS NOM> REG_SZ Service ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services SDhelper REG_DWORD 0x2 C-DillaCdaC11BA REG_DWORD 0x2 matlabserver REG_DWORD 0x2 Win32Sr REG_DWORD 0x2 usnjsvc REG_DWORD 0x3 IDriverT REG_DWORD 0x3 Boonty Games REG_DWORD 0x3 WZCSVC REG_DWORD 0x3 wuauserv REG_DWORD 0x3 Schedule REG_DWORD 0x2 SCardSvr REG_DWORD 0x3 RemoteRegistry REG_DWORD 0x2 RDSessMgr REG_DWORD 0x3 MSDTC REG_DWORD 0x3 mnmsrvc REG_DWORD 0x3 ImapiService REG_DWORD 0x3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk backup REG_SZ C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup location REG_SZ Common Startup command REG_SZ C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE item REG_SZ Adobe Gamma Loader HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk path REG_SZ C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup REG_SZ C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location REG_SZ Common Startup command REG_SZ C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l item REG_SZ Microsoft Office HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ hkey REG_SZ HKLM command REG_SZ inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\adiras key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ adiras hkey REG_SZ HKLM command REG_SZ adiras.exe inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\adobemgr key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ adobemgr hkey REG_SZ HKCU inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ANIWZCS2Service key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ WZCSLDR2 hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\drvsyskit key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ hidr hkey REG_SZ HKCU inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gfxtray key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ rundll32 ctccw32 hkey REG_SZ HKLM command REG_SZ rundll32 ctccw32.dll,findwnd inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ iTunesHelper hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ mmtask hkey REG_SZ HKLM command REG_SZ c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ mm_tray hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ NeroCheck hkey REG_SZ HKLM command REG_SZ C:\WINDOWS\system32\NeroCheck.exe inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ NvCpl hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ NVMCTRAY hkey REG_SZ HKCU command REG_SZ RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ nwiz hkey REG_SZ HKLM command REG_SZ nwiz.exe /install inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ qttask hkey REG_SZ HKLM command REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Salestart key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ strpmon hkey REG_SZ HKLM command REG_SZ "C:\Program Files\Fichiers communs\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ SOUNDMAN hkey REG_SZ HKLM command REG_SZ SOUNDMAN.EXE inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\startkey key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ server hkey REG_SZ HKCU inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ jusched hkey REG_SZ HKLM command REG_SZ "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ucookw key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ ucookw hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB Hardware8 Monitoring key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ USBhardware8 hkey REG_SZ HKCU command REG_SZ USBhardware8.exe inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UVS10 Preload key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ uvPL hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusProtect 3.8 key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ VirusProtect 3 hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\win msdt service key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ mswindtc hkey REG_SZ HKLM command REG_SZ mswindtc.exe inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ scvhost hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinPCDoctor key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run item REG_SZ SysRep hkey REG_SZ HKLM inimapping REG_SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini REG_DWORD 0x0 win.ini REG_DWORD 0x0 bootini REG_DWORD 0x0 services REG_DWORD 0x2 startup REG_DWORD 0x2

Désolé pour l'impatience c'est car ce problème m'énerve tellement surtout que je n'y arrive pas Sinon voila le rapport demandé et envoyé. DiagHelp version v1.4 - http://www.malekal.com excute le 29/12/2007 à 18:43:47,51 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf -->29/12/2007 02:47:14 C:\WINDOWS\prefetch\KPF4GUI.EXE-2F166019.pf -->29/12/2007 02:47:12 C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->29/12/2007 02:46:24 C:\WINDOWS\prefetch\RUNDLL32.EXE-1495CCA8.pf -->29/12/2007 02:42:12 C:\WINDOWS\prefetch\RUNDLL32.EXE-1666F1EA.pf -->29/12/2007 02:36:54 C:\WINDOWS\prefetch\RUNDLL32.EXE-343CB30A.pf -->29/12/2007 02:30:58 C:\WINDOWS\prefetch\RUNDLL32.EXE-1220922E.pf -->29/12/2007 02:30:50 C:\WINDOWS\prefetch\RUNDLL32.EXE-34E7A88B.pf -->29/12/2007 02:25:36 C:\WINDOWS\prefetch\RUNDLL32.EXE-1A8D676D.pf -->29/12/2007 02:22:10 C:\WINDOWS\prefetch\RUNDLL32.EXE-1AB3D28E.pf -->29/12/2007 02:21:20 C:\WINDOWS\System32\drivers\fidbox2.dat -->29/12/2007 18:11:26 C:\WINDOWS\System32\drivers\fidbox2.idx -->29/12/2007 18:11:26 C:\WINDOWS\System32\drivers\fidbox.dat -->29/12/2007 18:11:26 C:\WINDOWS\System32\drivers\fidbox.idx -->29/12/2007 18:11:26 C:\WINDOWS\System32\drivers\gmer.sys -->24/12/2007 14:20:46 C:\WINDOWS\System32\drivers\klif.sys -->24/12/2007 13:22:26 C:\WINDOWS\System32\drivers\klin.dat -->24/12/2007 13:21:48 C:\WINDOWS\System32\PerfStringBackup.INI -->28/12/2007 23:12:00 C:\WINDOWS\System32\perfh00C.dat -->28/12/2007 23:12:00 C:\WINDOWS\System32\perfc00C.dat -->28/12/2007 23:12:00 C:\WINDOWS\System32\perfh009.dat -->28/12/2007 23:12:00 C:\WINDOWS\System32\perfc009.dat -->28/12/2007 23:12:00 C:\WINDOWS\System32\wpa.dbl -->28/12/2007 23:07:46 C:\WINDOWS\System32\spupdwxp.log -->28/12/2007 23:07:36 C:\WINDOWS\System32\FNTCACHE.DAT -->28/12/2007 23:06:52 C:\WINDOWS\System32\tmp.txt -->23/11/2007 22:13:20 C:\WINDOWS\System32\tmp.reg -->23/11/2007 22:13:20 C:\WINDOWS\System32\ssldivx.dll -->20/10/2007 01:56:04 C:\WINDOWS\System32\libdivx.dll -->20/10/2007 01:56:04 C:\WINDOWS\System32\WS2Fix.exe -->03/10/2007 23:36:46 C:\WINDOWS\System32\ANIWZCS{760F32C7-A632-48C9-AF80-2BEC79F8AA83} -->16/09/2007 17:04:32 C:\WINDOWS\System32\ANIWZCSUSERNAME{760F32C7-A632-48C9-AF80-2BEC79F8AA83} -->16/09/2007 17:04:28 C:\WINDOWS\System32\ANIWZCSUSERNAME{95046016-24B9-4B00-A528-58AF1E546237} -->15/09/2007 00:02:36 C:\WINDOWS\System32\VCCLSID.exe -->05/09/2007 23:22:24 C:\WINDOWS\System32\DivXCodecVersionChecker.exe -->27/07/2007 01:06:48 C:\WINDOWS\System32\dsm_fr.qm -->27/07/2007 01:06:26 C:\WINDOWS\System32\divxsm.tlb -->27/07/2007 01:06:26 C:\WINDOWS\System32\DivXsm.exe -->27/07/2007 01:06:26 C:\WINDOWS\System32\qt-dx331.dll -->27/07/2007 01:06:22 C:\WINDOWS\System32\dtu100.dll -->27/07/2007 01:03:48 C:\WINDOWS\System32\dpl100.dll -->27/07/2007 01:03:48 C:\WINDOWS\System32\dpuGUI10.dll -->27/07/2007 01:03:42 C:\WINDOWS\wiadebug.log -->29/12/2007 18:13:54 C:\WINDOWS.log -->29/12/2007 18:13:52 C:\WINDOWS\bootstat.dat -->29/12/2007 18:12:00 C:\WINDOWS\wiaservc.log -->29/12/2007 18:11:18 C:\WINDOWS\WindowsUpdate.log -->29/12/2007 18:11:08 C:\WINDOWS\SchedLgU.Txt -->29/12/2007 02:47:54 C:\WINDOWS\DPINST.LOG -->29/12/2007 00:02:10 C:\WINDOWS\win.ini -->28/12/2007 23:18:26 C:\WINDOWS\system.ini -->28/12/2007 23:18:26 C:\WINDOWS\spupdsvc.log -->28/12/2007 23:12:42 C:\WINDOWS\DtcInstall.log -->28/12/2007 23:12:32 C:\WINDOWS\wmsetup.log -->28/12/2007 23:12:32 C:\WINDOWS\WMSysPr9.prx -->28/12/2007 23:12:12 C:\WINDOWS\ntdtcsetup.log -->28/12/2007 23:12:00 C:\WINDOWS\ocmsn.log -->28/12/2007 23:12:00 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ Explorer.EXE pid: 1412 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:14 2004 *** Loaded image timestamp: Fri Aug 20 01:09:15 2004 *** Loaded C:\WINDOWS\system32\USER32.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:10 2004 *** Loaded image timestamp: Fri Aug 20 01:21:22 2004 *** Loaded C:\WINDOWS\system32\SHELL32.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:03 2004 *** Loaded image timestamp: Fri Aug 20 01:21:38 2004 *** Loaded C:\WINDOWS\system32\SHDOCVW.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:02 2004 *** Loaded image timestamp: Fri Aug 20 01:11:16 2004 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x10000000 0x17000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll 0x00e00000 0x28000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x01500000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll 0x00ec0000 0x13000 2.00.0000.1184 C:\PROGRA~1\INCRED~1\bin\ImHook.dll 0x6d610000 0x6a000 5.00.0110.0003 C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x02a00000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x02390000 0x2b000 C:\Program Files\WinRAR\rarext.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 648 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:14 2004 *** Loaded image timestamp: Fri Aug 20 01:09:15 2004 *** Loaded C:\WINDOWS\system32\USER32.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:10 2004 *** Loaded image timestamp: Fri Aug 20 01:21:22 2004 *** Loaded C:\WINDOWS\system32\SHELL32.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:03 2004 *** Loaded image timestamp: Fri Aug 20 01:21:38 2004 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x17000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll 0x011c0000 0x33000 7.00.0000.0125 C:\WINDOWS\System32\klogon.dll 0x01cf0000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FCAE-7CD6 Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 3 843 129 344 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FCAE-7CD6 Répertoire de C:\WINDOWS\system32 29/08/2003 11:44 1 323 008 dmcpl.exe 1 fichier(s) 1 323 008 octets 0 Rép(s) 3 843 129 344 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FCAE-7CD6 Répertoire de C:\WINDOWS\Downloaded Program Files 27/11/2005 11:06 <REP> . 27/11/2005 11:06 <REP> .. 27/11/2005 11:06 65 desktop.ini 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 27/01/2004 18:14 2 299 mp43dmo.inf 25/07/2002 17:05 172 032 isusweb.dll 25/07/2002 17:13 196 608 dwusplay.exe 25/07/2002 17:13 24 576 dwusplay.dll 22/06/2006 11:41 5 032 swflash.inf 31/05/2006 04:15 10 oscan81.ocx_x 14/03/2005 14:38 126 live.ini 14/03/2005 14:58 7 073 scanoptions.tsi 16/03/2005 12:34 7 407 lang.ini 25/05/2006 01:21 53 248 ipsupd.dll 25/05/2006 01:21 118 784 bdupd.dll 07/12/2004 17:07 32 libfn.dll 07/12/2004 17:07 32 bdcore.dll 01/06/2006 02:54 471 040 oscan8.ocx 01/06/2006 02:57 1 331 oscan8.inf 02/09/2005 10:05 578 kavwebscan.inf 19 fichier(s) 1 062 132 octets Total des fichiers listés : 19 fichier(s) 1 062 132 octets 2 Rép(s) 3 842 867 200 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\WINDOWS\\System32\\wbem\\scrcons32.exe"="C:\\WINDOWS\\System32\\wbem\\scrcons32.exe:*:Enabled:WMI Standard Event Consumer - Scripting" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" "{35a88e51-b53d-43e9-b8a7-75d4c31b4676}"="Register LogWare" "{b0883848-1466-4470-a418-3fe7d36694b9}"="bemocked" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableTaskMgr"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 18:46:09 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... IPC error: 2 Le fichier spécifié est introuvable. scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 624 - csrss.exe 648 - winlogon.exe 692 - services.exe 704 - lsass.exe 752 - gwum.exe 836 - svchost.exe 928 - svchost.exe 1020 - svchost.exe 1092 - svchost.exe 1192 - spoolsv.exe 1412 - Explorer.EXE 1420 - avp.exe 1532 - avp.exe 1556 - dllhost.exe 1576 - IMAPP.EXE 1604 - inetinfo.exe 1636 - kpf4ss.exe 1784 - nvsvc32.exe 1812 - RUNDLL32.EXE 1884 - svchost.exe 1988 - kpf4gui.exe 2224 - firefox.exe 3364 - alg.exe 3540 - kpf4gui.exe 3968 - avp.exe 4016 - svchost.exe Total number of processes = 27 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F9E32000 - \WINDOWS\system32\KDCOM.DLL F9D42000 - \WINDOWS\system32\BOOTVID.dll F98E9000 - a347bus.sys F98BA000 - ACPI.sys F9E34000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F98A9000 - pci.sys F9932000 - isapnp.sys F9E36000 - viaide.sys F9BB2000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F9942000 - MountMgr.sys F988A000 - ftdisk.sys F9E38000 - dmload.sys F9864000 - dmio.sys F9BBA000 - PartMgr.sys F9952000 - VolSnap.sys F984C000 - F9E3A000 - a347scsi.sys F9834000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F9962000 - disk.sys F9972000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F9815000 - fltmgr.sys F9803000 - sr.sys F97E0000 - Fastfat.sys F97C9000 - KSecDD.sys F979C000 - NDIS.sys F9BC2000 - viaagp1.sys F9781000 - Mup.sys F9765000 - kl1.sys F9BCA000 - \WINDOWS\System32\drivers\TDI.SYS F99A2000 - \SystemRoot\System32\DRIVERS\amdk7.sys F95BD000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys F95A9000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F9BEA000 - \SystemRoot\System32\DRIVERS\RTL8139.SYS F9BF2000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F9586000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F9BFA000 - \SystemRoot\System32\DRIVERS\usbehci.sys F9C02000 - \SystemRoot\System32\Drivers\MxlW2k.SYS F99B2000 - \SystemRoot\System32\DRIVERS\cdrom.sys F99C2000 - \SystemRoot\System32\DRIVERS\redbook.sys F9563000 - \SystemRoot\System32\DRIVERS\ks.sys F99D2000 - \SystemRoot\System32\DRIVERS\imapi.sys F94C6000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F94A2000 - \SystemRoot\system32\drivers\portcls.sys F99E2000 - \SystemRoot\system32\drivers\drmk.sys F9C0A000 - \SystemRoot\System32\DRIVERS\fdc.sys F9491000 - \SystemRoot\System32\DRIVERS\serial.sys F9DFA000 - \SystemRoot\System32\DRIVERS\serenum.sys F947D000 - \SystemRoot\System32\DRIVERS\parport.sys F99F2000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F9C12000 - \SystemRoot\System32\DRIVERS\mouclass.sys F9C1A000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F9F94000 - \SystemRoot\system32\drivers\msmpu401.sys F9DFE000 - \SystemRoot\System32\DRIVERS\gameenum.sys F9F96000 - \SystemRoot\System32\DRIVERS\audstub.sys F9A02000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F9E02000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F9466000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F9A12000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F9A22000 - \SystemRoot\System32\DRIVERS\raspptp.sys F9455000 - \SystemRoot\System32\DRIVERS\psched.sys F9A32000 - \SystemRoot\System32\DRIVERS\msgpc.sys F9C22000 - \SystemRoot\System32\DRIVERS\ptilink.sys F9C2A000 - \SystemRoot\System32\DRIVERS\raspti.sys F9424000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F9A42000 - \SystemRoot\System32\DRIVERS\termdd.sys F9E3E000 - \SystemRoot\System32\DRIVERS\swenum.sys F93C8000 - \SystemRoot\System32\DRIVERS\update.sys F9E1E000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F9A52000 - \SystemRoot\System32\Drivers\NDProxy.SYS F9A62000 - \SystemRoot\System32\DRIVERS\usbhub.sys F9E46000 - \SystemRoot\System32\DRIVERS\USBD.SYS F9C32000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F9E48000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F9F2F000 - \SystemRoot\System32\Drivers\Null.SYS F9E4A000 - \SystemRoot\System32\Drivers\Beep.SYS F9F32000 - \SystemRoot\System32\Drivers\VIAPFD.SYS F9C42000 - \SystemRoot\System32\drivers\vga.sys F9E4C000 - \SystemRoot\System32\Drivers\mnmdd.SYS F9E4E000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F40CF000 - \SystemRoot\system32\drivers\fwdrv.sys F9C4A000 - \SystemRoot\System32\Drivers\Msfs.SYS F9C52000 - \SystemRoot\System32\Drivers\Npfs.SYS F9721000 - \SystemRoot\System32\DRIVERS\rasacd.sys F40BC000 - \SystemRoot\System32\DRIVERS\ipsec.sys F4064000 - \SystemRoot\System32\DRIVERS\tcpip.sys F4014000 - \SystemRoot\System32\DRIVERS\netbt.sys F3FF3000 - \SystemRoot\System32\DRIVERS\ipnat.sys F9A82000 - \SystemRoot\System32\DRIVERS\wanarp.sys F3FD1000 - \SystemRoot\System32\drivers\afd.sys F9A92000 - \SystemRoot\System32\DRIVERS\netbios.sys F3FA5000 - \SystemRoot\System32\DRIVERS\rdbss.sys F9F4E000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS F9AA2000 - \??\C:\WINDOWS\system32\drivers\oreans32.sys F3F36000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F3F03000 - \??\C:\WINDOWS\System32\drivers\klif.sys F3EEF000 - \SystemRoot\system32\drivers\khips.sys F9AC2000 - \SystemRoot\System32\Drivers\Fips.SYS F3E62000 - \SystemRoot\System32\Drivers\Ntfs.SYS F9AE2000 - \SystemRoot\System32\Drivers\Cdfs.SYS F3E22000 - \SystemRoot\System32\Drivers\dump_atapi.sys F9E50000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F9C62000 - \SystemRoot\System32\watchdog.sys F9400000 - \SystemRoot\System32\drivers\Dxapi.sys BF9C1000 - \SystemRoot\System32\drivers\dxg.sys F9FC7000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D3000 - \SystemRoot\System32\nv4_disp.dll F3A0C000 - \SystemRoot\system32\drivers\wdmaud.sys F4230000 - \SystemRoot\system32\drivers\sysaudio.sys F9E60000 - \SystemRoot\System32\Drivers\ParVdm.SYS F9C6A000 - \??\C:\WINDOWS\System32\ANIO.SYS F37B8000 - \SystemRoot\System32\DRIVERS\HSF_FALL.sys F379B000 - \SystemRoot\System32\DRIVERS\HSF_FSKS.sys F373B000 - \SystemRoot\System32\DRIVERS\HSF_K56K.sys F3827000 - \SystemRoot\System32\DRIVERS\mdmxsdk.sys F35F2000 - \SystemRoot\System32\DRIVERS\HSF_FAXX.sys F389F000 - \SystemRoot\System32\DRIVERS\HSF_TONE.sys F348A000 - \SystemRoot\System32\DRIVERS\HSF_V124.sys F336F000 - \SystemRoot\System32\DRIVERS\srv.sys F300E000 - \SystemRoot\System32\Drivers\HTTP.sys F266A000 - \SystemRoot\system32\drivers\kmixer.sys F9FBE000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 124 Liste des programmes installes Ad-aware 6 Personal Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Photoshop 7.0 ANIO Service Archiveur WinRAR µTorrent AutoUpdate Avance AC'97 Audio CCleaner (remove only) Commande ECHO désactivée. Deutz Engine DIABASS4 DivX Codec DivX Player DivX Web Player eMule Enable S3 for USB Device Enigma EVEREST Home Edition v1.10 FileZilla (remove only) FlashGet(JetCar) Gigabyte Windows Utility Manager GoldWave v5.13 Google Toolbar for Internet Explorer HijackThis 1.99.1 IncrediMail Xe J2SE Runtime Environment 5.0 Update 11 Kaspersky Internet Security 7.0 Kaspersky Internet Security 7.0 Kaspersky On-line Scanner Kerio Personal Firewall L'Internet ADSL de Cegetel LedConsommation 4.0.5 livebox Microsoft Office Visio Professional 2003 Microsoft Office XP Professional avec FrontPage Microsoft Visual C++ 2005 Redistributable Microsoft Visual Studio 6.0 Édition Entreprise (Français) Mise à jour pour Windows XP (KB898461) Mozilla Firefox (2.0.0.11) MUSICMATCH® Jukebox Need for Speed Underground 2 Nero - Burning Rom (Web installer) PartitionMagic Picture Ripper 3: Fast Media Downloader And Viewer PowerDyn 2.72 PowerQuest PartitionMagic 8.0 QuickTime QuickTime RealPlayer SAGEM F@st 800-840 Spybot - Search & Destroy 1.3 Spyware Doctor 3.2 Ulead MediaStudio Pro 8.0 Uniblue RegistryBooster 2 VideoLAN VLC media player 0.8.1 WebFldrs XP Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 2 WinFast® Display Driver WinHTTrack Website Copier 3.30 WinOscillo 0.85 XnView 1.82.4 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FCAE-7CD6 Répertoire de C:\Program Files 27/11/2005 10:58 <REP> . 27/11/2005 10:58 <REP> .. 04/12/2005 14:09 <REP> Adobe 27/12/2005 20:34 <REP> ahead 17/12/2005 18:29 <REP> Alcohol Soft 15/09/2007 00:10 <REP> ANI 11/09/2007 11:24 <REP> AVS4YOU 10/11/2006 21:58 <REP> Azureus 24/12/2005 18:35 <REP> CCleaner 25/11/2007 03:37 <REP> Cegetel 27/11/2005 11:43 <REP> Common files 27/11/2005 11:04 <REP> ComPlus Applications 21/04/2006 18:51 <REP> DIABASS4 03/12/2005 21:10 <REP> DivX 14/09/2007 23:47 <REP> D-Link 08/07/2006 12:38 <REP> Elaborate Bytes 10/02/2006 22:50 <REP> eMule 23/12/2007 22:08 <REP> Enigma 27/11/2005 10:58 <REP> Fichiers communs 07/08/2006 19:06 <REP> FileZilla 17/12/2005 22:28 <REP> FlashGet 27/11/2005 11:31 <REP> Gigabyte 28/04/2006 15:35 <REP> GoldWave 03/12/2005 21:11 <REP> Google 27/11/2005 11:43 <REP> IncrediMail 27/11/2005 11:05 <REP> Internet Explorer 03/12/2005 21:17 <REP> Java 17/12/2006 15:03 <REP> Kaspersky Lab 04/12/2005 14:33 <REP> Kerio 08/12/2007 19:43 <REP> Lavalys 03/12/2005 13:52 <REP> Lavasoft 31/07/2006 19:56 <REP> LED 27/11/2005 11:04 <REP> Messenger 23/09/2007 13:11 <REP> Microsoft ActiveSync 27/11/2005 11:07 <REP> microsoft frontpage 27/11/2005 11:14 <REP> Microsoft Office 05/05/2006 13:16 <REP> Microsoft Visual Studio 27/11/2005 11:05 <REP> Movie Maker 31/12/2006 00:07 <REP> Mozilla Firefox 27/11/2005 11:04 <REP> MSN Gaming Zone 09/08/2006 19:22 <REP> MSN Messenger 26/12/2005 16:20 <REP> MUSICMATCH 27/11/2005 11:05 <REP> NetMeeting 04/12/2007 15:02 <REP> Orange HSS 27/11/2005 11:05 <REP> Outlook Express 13/10/2006 21:52 <REP> PictureRipper 3 11/02/2006 12:55 <REP> PowerDyn 01/02/2007 12:16 <REP> PowerQuest 05/05/2006 13:26 <REP> Publication Web 01/02/2007 22:26 <REP> QuickTime 12/05/2007 23:51 <REP> Real 08/07/2006 12:37 <REP> Real Clone DVD 04/12/2007 15:18 <REP> SAGEM 04/12/2007 15:18 <REP> Securitoo 27/11/2005 11:04 <REP> Services en ligne 03/12/2005 13:50 <REP> Spybot - Search & Destroy 03/12/2005 13:53 <REP> Spyware Doctor 22/09/2007 23:33 <REP> TomTom DesktopSuite 22/09/2007 23:40 <REP> TomTom HOME 04/06/2006 13:11 <REP> Ulead Systems 23/08/2007 22:47 <REP> Uniblue 24/08/2006 13:27 <REP> uTorrent 30/12/2005 13:54 <REP> VIA Technologies, INC 21/12/2005 00:47 <REP> VideoLAN 12/09/2007 22:42 <REP> Virtual 04/06/2006 13:13 <REP> Windows Media Components 27/11/2005 11:04 <REP> Windows Media Player 27/11/2005 11:03 <REP> Windows NT 24/12/2005 17:23 <REP> WinHTTrack 03/05/2006 18:37 <REP> WinOscillo 03/12/2005 20:22 <REP> WinRAR 27/11/2005 11:07 <REP> xerox 26/04/2006 18:29 <REP> Xi 09/08/2006 16:27 <REP> XnView 0 fichier(s) 0 octets 74 Rép(s) 3 834 273 792 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FCAE-7CD6 Répertoire de C:\Program Files\fichiers communs 27/11/2005 10:58 <REP> . 27/11/2005 10:58 <REP> .. 27/11/2005 10:58 <REP> Microsoft Shared 27/11/2005 10:58 <REP> SpeechEngines 27/11/2005 10:58 <REP> ODBC 27/11/2005 11:05 <REP> System 27/11/2005 11:05 <REP> MSSoap 27/11/2005 11:05 <REP> Services 27/11/2005 11:15 <REP> Designer 27/11/2005 11:18 <REP> InstallShield 03/12/2005 19:15 <REP> Agnitum Shared 03/12/2005 21:17 <REP> Java 04/12/2005 14:09 <REP> Adobe 22/12/2005 19:00 <REP> Wise Installation Wizard 21/01/2006 16:16 <REP> BOONTY Shared 05/05/2006 18:48 <REP> Macrovision Shared 04/06/2006 13:11 <REP> Ulead Systems 29/07/2006 18:05 <REP> SONY Digital Images 03/09/2006 18:46 <REP> DirectX 30/12/2006 14:06 278 528 FDEUnInstaller.exe 12/05/2007 23:51 <REP> Real 12/05/2007 23:52 <REP> xing shared 11/09/2007 11:25 <REP> AVSMedia 1 fichier(s) 278 528 octets 22 Rép(s) 3 834 011 648 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FCAE-7CD6 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 27/11/2005 11:11 <REP> . 27/11/2005 11:11 <REP> .. 07/03/2001 09:00 127 033 MSOWS40c.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 13/02/2001 08:23 58 784 MSOSV.DLL 27/11/2005 11:14 <REP> 1036 22/01/2001 03:25 24 576 PKMTRACE.DLL 06/08/2000 09:04 401 462 MSVCP60.DLL 22/01/2001 03:25 69 632 PKMAXCTL.DLL 22/01/2001 03:25 872 448 PKMCDO.DLL 22/01/2001 03:25 159 744 PKMCORE.DLL 07/02/2001 09:59 106 496 PKMFORMS.DLL 12/02/2001 04:03 684 032 PKMRES.DLL 22/01/2001 03:25 28 672 PKMSSTLB.DLL 22/01/2001 03:25 40 960 PKMTEMPL.DLL 22/01/2001 03:25 237 568 PROMDEMO.DLL 22/01/2001 03:25 184 320 SECMGR.DLL 22/01/2001 03:25 323 584 VAIDDMGR.DLL 22/01/2001 03:25 32 768 VAIMEM.DLL 15/08/2006 19:29 <REP> 1033 11/07/2003 10:15 1 292 872 MSONSEXT.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 18 fichier(s) 4 848 336 octets 4 Rép(s) 3 834 265 600 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FCAE-7CD6 Répertoire de C:\Program Files\common files 27/11/2005 11:43 <REP> . 27/11/2005 11:43 <REP> .. 27/11/2005 11:43 <REP> Microsoft Shared 0 fichier(s) 0 octets 3 Rép(s) 3 834 265 600 octets libres c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.0.125\English\setup.exe c:\Documents and Settings\Baque\Local Settings\Temp\AutoRun.exe c:\Documents and Settings\Baque\Local Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe c:\Documents and Settings\Baque\Application Data\setup_en[1].exe c:\Documents and Settings\Baque\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe c:\Documents and Settings\Baque\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\ARPPRODUCTICON.exe c:\Documents and Settings\Baque\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe c:\Documents and Settings\Baque\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\NewShortcut3_8315396A5EA1419DBEC4978284BDF556.exe c:\Documents and Settings\Baque\Application Data\SecondLife\logs\SecondLife.exec_marker c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Baque\Application Data\Azureus\updates\inst_1\swt-awt-win32-3232.dll c:\Documents and Settings\Baque\Application Data\Azureus\updates\inst_1\swt-gdip-win32-3232.dll c:\Documents and Settings\Baque\Application Data\Azureus\updates\inst_1\swt-wgl-win32-3232.dll c:\Documents and Settings\Baque\Application Data\Azureus\updates\inst_1\swt-win32-3232.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_LA-BETE.tar.gz a l'adresse http://upload.malekal.com Encore merci

Bon personne connait la solution à mon problème?

Bonjour, j'ai un soucis depuis un bout de temps déja. Après une infection par un virus (qui se faisait passer pour un anti-virus genre docteur...), j'ai quelques soucis avec le mode sans échec. En fait, mon pc fonctionne normalement mais en mode sans échec j'ai un ecran bleu windows (je vais mettre l'erreur plus tard c'est uun STOP 0x000....). J'ai essayé des scans anti virus on line, off line, anti spyware, etc etc....La réparation de windows chkdsk / F n'a rien donné, fixboot non plus, sfc idem. Je commence a sécher la et j'ai besoin d'aide pour retrouver mon mode sans échec. Voici un rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 23:40:29, on 28/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cegetel.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Merci d'avance