olivier092

Bonjour Wawaseb, Encore merci beaucoup pour ton aide sans toi je n'y serais jamais arrivé J'ai dénoncé mon infection sur Malware Complaints Bonne continuation et merci pour les derniers conseils.

Bonsoir, Voici le rapport ce Check.bat : V‚rification des tƒches planifi‚es pr‚sentes sur le systŠme 17:03:56.75 sam. 08/23/2008 Nom de tƒche Heure de la prochaine ex tat ==================================== ======================== =============== Maintenance en 1 clic 18:00:00, 8/23/2008 N'a pas pu d‚ma Maintenance en 1 clic 18:00:00, 8/23/2008 N'a pas pu d‚ma Maintenance en 1 clic · l'ouverture de session N'a pas pu d‚ma ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Pré-chargeur Browseui {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Démon de cache des catégories de composant Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 8CB5-421F R‚pertoire de C:\Documents and Settings\Administrateur\Bureau - Non je n'ai plus de problèmes pour l'instant Bonne nuit à toi aussi.

Bonjour, - Pour le fichier a84wezfa.SYS j'ai bien accès aux fichiers cachés et protégés et toujours pas ce fichier présent - Voici le rapport demandé : Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1080 Windows 5.1.2600 Service Pack 3 8:42:32 8/24/2008 mbam-log-08-24-2008 (08-42-32).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 96733 Temps écoulé: 16 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Administrateur\Bureau\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Désolé mais je n'ai plus le lien ni les outils utilisés Rapport de OTMoveIt : Explorer killed successfully DllUnregisterServer procedure not found in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll NOT unregistered. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll moved successfully. C:\Documents and Settings\Administrateur\Bureau\explorer.exe moved successfully. c:\Documents and Settings\Administrateur\Local Settings\Temp\GLB1A2B.EXE moved successfully. < purity > Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08232008_165156 Pour l'opération No 2 je n'ai pas le fichier dans : C:\Windows\System32\Drivers\a84wezfa.SYS Rapport de tasks.bat Vérification des tâches planifiées présentes sur le système 17:03:56.75 sam. 08/23/2008 Nom de tƒche Heure de la prochaine ex tat ==================================== ======================== =============== Maintenance en 1 clic 18:00:00, 8/23/2008 N'a pas pu déma Maintenance en 1 clic 18:00:00, 8/23/2008 N'a pas pu déma Maintenance en 1 clic · l'ouverture de session N'a pas pu déma ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Pré-chargeur Browseui {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Démon de cache des catégories de composant Voili Voilou.

ok c'est déjà très sympa de ta part de me filer un coup de main.... J'ai nettoyé ma machine avec l'aide d'une personne sur un forum. Malheureusement les logiciels utilisés ont été enlevés de mon PC et je n'ai plus les rapports. Plus de fenêtres intempestives qui s'ouvrent en me demandant d'acheter l'anti-virus proposé. Emule et incredimail ont été supprimés. Je possède déjà ATF Cleaner et fais le ménage de en temps. Plus de fenêtres de Firefox qui s'ouvrent en masse sur le PC pendant la navigation. Voilà, j'attends de tes nouvelles au sujet du rapport de DiagHelp Encore Merci et bonne soirée à toi aussi.

Voici le rapport de DiagHelp : DiagHelp version v1.4 - http://www.malekal.com excute le jeu. 08/21/2008 à 23:44:04.73 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->8/21/2008 19:17:52 C:\WINDOWS\prefetch\layout.ini -->8/20/2008 4:27:13 C:\WINDOWS\System32\drivers\fidbox2.dat -->8/21/2008 23:42:31 C:\WINDOWS\System32\drivers\fidbox.dat -->8/21/2008 23:38:42 C:\WINDOWS\System32\drivers\fidbox2.idx -->8/21/2008 18:59:56 C:\WINDOWS\System32\drivers\fidbox.idx -->8/21/2008 18:59:56 C:\WINDOWS\System32\drivers\klin.dat -->8/6/2008 20:34:13 C:\WINDOWS\System32\drivers\klick.dat -->7/24/2008 13:12:06 C:\WINDOWS\System32\drivers\tcpip.sys -->6/20/2008 13:51:12 C:\WINDOWS\System32\tmp.txt -->8/21/2008 19:21:39 C:\WINDOWS\System32\tmp.reg -->8/21/2008 19:21:39 C:\WINDOWS\System32\wpa.dbl -->8/21/2008 19:19:07 C:\WINDOWS\System32\PerfStringBackup.INI -->8/13/2008 6:28:08 C:\WINDOWS\System32\perfh00C.dat -->8/13/2008 6:28:08 C:\WINDOWS\System32\perfh009.dat -->8/13/2008 6:28:08 C:\WINDOWS\System32\perfc00C.dat -->8/13/2008 6:28:08 C:\WINDOWS\System32\perfc009.dat -->8/13/2008 6:28:08 C:\WINDOWS\System32\spupdwxp.log -->8/13/2008 6:26:40 C:\WINDOWS\System32\FNTCACHE.DAT -->8/13/2008 6:26:04 C:\WINDOWS\System32\TZLog.log -->8/13/2008 5:39:40 C:\WINDOWS\System32\lvcoinst.log -->8/10/2008 14:39:45 C:\WINDOWS\System32\404Fix.exe -->8/9/2008 15:37:58 C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->8/7/2008 18:21:38 C:\WINDOWS\System32\MRT.exe -->8/5/2008 11:11:02 C:\WINDOWS\System32\cdm.dll -->7/18/2008 22:10:48 C:\WINDOWS\System32\wuauclt.exe -->7/18/2008 22:10:42 C:\WINDOWS\System32\wups2.dll -->7/18/2008 22:10:40 C:\WINDOWS\System32\wucltui.dll.mui -->7/18/2008 22:10:36 C:\WINDOWS\System32\wups.dll -->7/18/2008 22:10:20 C:\WINDOWS\System32\wuaucpl.cpl.mui -->7/18/2008 22:09:56 C:\WINDOWS\System32\wucltui.dll -->7/18/2008 22:09:46 C:\WINDOWS\System32\wuaucpl.cpl -->7/18/2008 22:09:46 C:\WINDOWS\System32\wuweb.dll -->7/18/2008 22:09:44 C:\WINDOWS\System32\wuapi.dll -->7/18/2008 22:09:44 C:\WINDOWS\WindowsUpdate.log -->8/21/2008 23:33:59 C:\WINDOWS\setupapi.log -->8/21/2008 19:19:49 C:\WINDOWS\0.log -->8/21/2008 19:18:31 C:\WINDOWS\wiadebug.log -->8/21/2008 19:18:18 C:\WINDOWS\wiaservc.log -->8/21/2008 19:18:17 C:\WINDOWS\bootstat.dat -->8/21/2008 19:16:58 C:\WINDOWS\ntbtlog.txt -->8/21/2008 19:14:58 C:\WINDOWS\SchedLgU.Txt -->8/21/2008 18:59:53 C:\WINDOWS\wmsetup.log -->8/20/2008 4:08:39 C:\WINDOWS\ocgen.log -->8/20/2008 2:44:05 C:\WINDOWS\KB946648.log -->8/20/2008 2:44:05 C:\WINDOWS\FaxSetup.log -->8/20/2008 2:44:05 C:\WINDOWS\KB951978.log -->8/20/2008 2:44:01 C:\WINDOWS\updspapi.log -->8/20/2008 2:43:59 C:\WINDOWS\setupact.log -->8/20/2008 2:15:36 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1948 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Mon Apr 14 04:33:02 2008 *** Loaded image timestamp: Mon Apr 14 04:33:03 2008 *** Loaded C:\WINDOWS\system32\USER32.dll differs from file image: *** File timestamp: Mon Apr 14 04:32:50 2008 *** Loaded image timestamp: Mon Apr 14 04:45:02 2008 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll *** Loaded C:\WINDOWS\system32\SHDOCVW.dll differs from file image: *** File timestamp: Mon Apr 14 04:32:36 2008 *** Loaded image timestamp: Mon Apr 14 04:34:50 2008 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x44080000 0xd0000 7.00.6000.20861 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.20861 C:\WINDOWS\system32\iertutil.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll *** Loaded C:\WINDOWS\system32\SHELL32.dll differs from file image: *** File timestamp: Mon Apr 14 04:32:37 2008 *** Loaded image timestamp: Mon Apr 14 04:45:12 2008 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x10000000 0x17000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll 0x00e10000 0x28000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll 0x44360000 0x5cd000 7.00.6000.20861 C:\WINDOWS\system32\ieframe.dll 0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x01590000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll 0x44160000 0x127000 7.00.6000.20861 C:\WINDOWS\system32\urlmon.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.DLL 0x442b0000 0x3c000 7.00.6000.20861 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\wpdshserviceobj.dll 0x01d30000 0x11000 4.00.0001.3500 C:\WINDOWS\system32\btncopy.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\portabledevicetypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\portabledeviceapi.dll 0x10100000 0xe000 4.60.0122.0000 C:\Program Files\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x02460000 0x6000 6.01.0004.0068 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll 0x02bc0000 0x29000 C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll 0x02c50000 0xb000 C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll 0x02fe0000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll 0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL 0x02ca0000 0x5b000 9.00.0000.0332 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02d10000 0x4c000 9.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x02d70000 0x1d000 6.04.0000.0001 C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll 0x00f80000 0x2d000 C:\Program Files\WinRAR\rarext.dll 0x02db0000 0x76000 11.00.0000.8041 C:\Program Files\Acronis\TrueImageHome\tishell.dll 0x01930000 0x1f000 4.00.0000.0469 C:\Program Files\Acronis\TrueImageHome\timounter.dll 0x02480000 0x43000 2.06.0000.0000 C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\DxShImgFile.dll 0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x02f10000 0x83000 2.06.0000.0000 C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\Languages\French.dll 0x01f00000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll 0x02e30000 0xc000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll 0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll ------------------------------------------------------------------------------ explorer.exe pid: 2236 Command line: "C:\Documents and Settings\Administrateur\Bureau\explorer.exe" Base Size Version Path *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Mon Apr 14 04:33:02 2008 *** Loaded image timestamp: Mon Apr 14 04:33:03 2008 *** Loaded C:\WINDOWS\system32\USER32.dll differs from file image: *** File timestamp: Mon Apr 14 04:32:50 2008 *** Loaded image timestamp: Mon Apr 14 04:45:02 2008 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll *** Loaded C:\WINDOWS\system32\SHDOCVW.dll differs from file image: *** File timestamp: Mon Apr 14 04:32:36 2008 *** Loaded image timestamp: Mon Apr 14 04:34:50 2008 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x44080000 0xd0000 7.00.6000.20861 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.20861 C:\WINDOWS\system32\iertutil.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll *** Loaded C:\WINDOWS\system32\SHELL32.dll differs from file image: *** File timestamp: Mon Apr 14 04:32:37 2008 *** Loaded image timestamp: Mon Apr 14 04:45:12 2008 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x10000000 0x17000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll 0x00bc0000 0x6000 6.01.0004.0068 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll 0x10100000 0xe000 4.60.0122.0000 C:\Program Files\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x00c70000 0x28000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x44360000 0x5cd000 7.00.6000.20861 C:\WINDOWS\system32\ieframe.dll 0x011c0000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll 0x44160000 0x127000 7.00.6000.20861 C:\WINDOWS\system32\urlmon.dll 0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x01b50000 0x29000 C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll 0x01b80000 0xb000 C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x01e60000 0x4c000 9.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x02820000 0x76000 11.00.0000.8041 C:\Program Files\Acronis\TrueImageHome\tishell.dll 0x01a10000 0x1f000 4.00.0000.0469 C:\Program Files\Acronis\TrueImageHome\timounter.dll 0x01f60000 0x43000 2.06.0000.0000 C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\DxShImgFile.dll 0x02ef0000 0x83000 2.06.0000.0000 C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\Languages\French.dll 0x01a30000 0xf000 C:\Program Files\WIDCOMM\Logiciel Bluetooth\btkeyind.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\portabledeviceapi.dll 0x02b90000 0x3000 6.14.0010.2001 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamFRA.dll 0x01630000 0x11000 4.00.0001.3500 C:\WINDOWS\system32\btncopy.dll 0x01ba0000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll 0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL 0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL 0x01df0000 0x5b000 9.00.0000.0332 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x01db0000 0x1d000 6.04.0000.0001 C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll 0x01e50000 0xc000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll 0x03d60000 0x16000 8.04.0007.1034 C:\WINDOWS\system32\LQCUI2.dll 0x022a0000 0x2d000 C:\Program Files\WinRAR\rarext.dll 0x00990000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll 0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 1348 Command line: winlogon.exe Base Size Version Path 0x01000000 0x82000 \??\C:\WINDOWS\SYSTEM32\winlogon.exe *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Mon Apr 14 04:33:02 2008 *** Loaded image timestamp: Mon Apr 14 04:33:03 2008 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll *** Loaded C:\WINDOWS\system32\USER32.dll differs from file image: *** File timestamp: Mon Apr 14 04:32:50 2008 *** Loaded image timestamp: Mon Apr 14 04:45:02 2008 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\SYSTEM32\ODBC32.dll *** Loaded C:\WINDOWS\system32\SHELL32.dll differs from file image: *** File timestamp: Mon Apr 14 04:32:37 2008 *** Loaded image timestamp: Mon Apr 14 04:45:12 2008 0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\SYSTEM32\odbcint.dll 0x10000000 0x17000 7.00.0000.0125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll 0x011a0000 0x20000 6.14.0010.4176 C:\WINDOWS\SYSTEM32\Ati2evxx.dll 0x01300000 0x33000 7.00.0000.0125 C:\WINDOWS\system32\klogon.dll 0x01390000 0x12000 4.60.0122.0000 c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 0x012d0000 0x24000 4.60.0122.0000 c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll 0x01770000 0x3b000 1.07.0018.0007 C:\WINDOWS\SYSTEM32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\SYSTEM32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\SYSTEM32\COMRes.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 8CB5-421F Répertoire de C:\WINDOWS\system32 04/14/2008 04:33 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 12,793,262,080 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 8CB5-421F Répertoire de C:\WINDOWS\Downloaded Program Files 08/19/2008 23:14 <REP> . 08/19/2008 23:14 <REP> .. 08/13/2008 04:31 65 desktop.ini 04/10/2000 18:12 1,765 fhg.inf 06/30/2003 22:41 1,689 WMV9VCM.inf 3 fichier(s) 3,519 octets Total des fichiers listés : 3 fichier(s) 3,519 octets 2 Rép(s) 12,793,262,080 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "legalnoticecaption"="" "legalnoticetext"="" Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-21 23:44:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:59345fc6 "s2"=dword:194fa5f1 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,fa,6a,73,de,ee,8c,2b,cb,fb,8b,ac,e0,ca,8e,e9,4a,25,5b,a1,f4,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ca,1a,74,ad,92,8f,5e,1f,96,2b,c7,b8,ba,28,05,7e,ec,.. "khjeh"=hex:49,73,6c,4e,b3,93,6f,42,55,eb,51,83,01,80,d2,9b,43,d9,2b,98,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b9,c3,c9,9a,c3,cf,34,76,ab,4e,01,19,3d,03,71,77,50,d5,e7,b8,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,fa,6a,73,de,ee,8c,2b,cb,fb,8b,ac,e0,ca,8e,e9,4a,25,5b,a1,f4,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ca,1a,74,ad,92,8f,5e,1f,96,2b,c7,b8,ba,28,05,7e,ec,.. "khjeh"=hex:49,73,6c,4e,b3,93,6f,42,55,eb,51,83,01,80,d2,9b,43,d9,2b,98,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b9,c3,c9,9a,c3,cf,34,76,ab,4e,01,19,3d,03,71,77,50,d5,e7,b8,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,fa,6a,73,de,ee,8c,2b,cb,fb,8b,ac,e0,ca,8e,e9,4a,25,5b,a1,f4,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ca,1a,74,ad,92,8f,5e,1f,96,2b,c7,b8,ba,28,05,7e,ec,.. "khjeh"=hex:49,73,6c,4e,b3,93,6f,42,55,eb,51,83,01,80,d2,9b,43,d9,2b,98,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b9,c3,c9,9a,c3,cf,34,76,ab,4e,01,19,3d,03,71,77,50,d5,e7,b8,1b,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 288 - svchost.exe 376 - svchost.exe 840 - ati2evxx.exe 928 - spoolsv.exe 1312 - csrss.exe 1348 - winlogon.exe 1392 - services.exe 1404 - lsass.exe 1608 - ati2evxx.exe 1624 - svchost.exe 1724 - svchost.exe 1812 - avp.exe 1824 - TrueImageTrySta 1896 - btwdins.exe 1912 - svchost.exe 1948 - explorer.exe 1968 - svchost.exe 2020 - svchost.exe 2028 - PnkBstrA.exe 2136 - KHALMNPR.exe 2180 - firefox.exe 2236 - explorer.exe 2248 - alg.exe 2824 - svchost.exe 3452 - hpwuSchd2.exe 3484 - LVCOMSX.EXE 3492 - LogiTray.exe 3504 - HpqSRmon.exe 3512 - TrueImageMonito 3520 - TimounterMonito 3536 - schedhlp.exe 3548 - PDVD8Serv.exe 3584 - brs.exe 3616 - RTHDCPL.exe 3680 - MOM.exe 3696 - avp.exe 3712 - ctfmon.exe 3804 - backWeb-8876480 3820 - daemon.exe 3872 - FxSvr2.exe 3904 - BTTray.exe 3940 - cmd.exe 4024 - SetPoint.exe 4040 - CCC.exe Total number of processes = 45 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E4000 - \WINDOWS\system32\hal.dll BA5A8000 - \WINDOWS\system32\KDCOM.DLL BA4B8000 - \WINDOWS\system32\BOOTVID.dll B9EA7000 - spgl.sys BA5AA000 - \WINDOWS\System32\Drivers\WMILIB.SYS B9E8F000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS B9E60000 - ACPI.sys B9E4F000 - pci.sys BA0A8000 - isapnp.sys BA0B8000 - ohci1394.sys BA0C8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS BA670000 - pciide.sys BA328000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BA0D8000 - MountMgr.sys B9E30000 - ftdisk.sys BA5AC000 - dmload.sys B9E0A000 - dmio.sys BA330000 - PartMgr.sys BA0E8000 - VolSnap.sys B9DF2000 - atapi.sys BA0F8000 - disk.sys BA108000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS B9DD2000 - fltmgr.sys B9DC0000 - sr.sys BA118000 - PxHelp20.sys B9DA9000 - KSecDD.sys B9D96000 - WudfPf.sys B9D09000 - Ntfs.sys B9CDC000 - NDIS.sys B9C71000 - timntr.sys B9C18000 - tdrpman.sys B9BFA000 - snapman.sys B9BE0000 - Mup.sys B9BC3000 - kl1.sys BA338000 - \WINDOWS\system32\drivers\TDI.SYS BA2F8000 - \SystemRoot\system32\DRIVERS\AmdK8.sys B76FB000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys B76E7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS B76BF000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys B76A5000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys BA408000 - \SystemRoot\system32\DRIVERS\usbohci.sys B7681000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BA410000 - \SystemRoot\system32\DRIVERS\usbehci.sys BA308000 - \SystemRoot\system32\DRIVERS\imapi.sys BA318000 - \SystemRoot\system32\DRIVERS\cdrom.sys BA148000 - \SystemRoot\system32\DRIVERS\redbook.sys B765E000 - \SystemRoot\system32\DRIVERS\ks.sys B764D000 - \SystemRoot\system32\DRIVERS\serial.sys B7B57000 - \SystemRoot\system32\DRIVERS\serenum.sys BA418000 - \SystemRoot\system32\DRIVERS\fdc.sys BA158000 - \SystemRoot\system32\DRIVERS\i8042prt.sys B7B53000 - \SystemRoot\system32\DRIVERS\L8042Kbd.sys BA420000 - \SystemRoot\system32\DRIVERS\kbdclass.sys BA168000 - \SystemRoot\system32\DRIVERS\DLKRTL.SYS BA178000 - \SystemRoot\system32\DRIVERS\nic1394.sys B75E8000 - \SystemRoot\System32\Drivers\a84wezfa.SYS B7482000 - \SystemRoot\system32\DRIVERS\btkrnl.sys BA470000 - \SystemRoot\system32\DRIVERS\klim5.sys BA7A8000 - \SystemRoot\system32\DRIVERS\audstub.sys BA1D8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys B7B13000 - \SystemRoot\system32\DRIVERS\ndistapi.sys B7170000 - \SystemRoot\system32\DRIVERS\ndiswan.sys BA1E8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys BA1F8000 - \SystemRoot\system32\DRIVERS\raspptp.sys B715F000 - \SystemRoot\system32\DRIVERS\psched.sys BA208000 - \SystemRoot\system32\DRIVERS\msgpc.sys BA478000 - \SystemRoot\system32\DRIVERS\ptilink.sys BA480000 - \SystemRoot\system32\DRIVERS\raspti.sys B708F000 - \SystemRoot\system32\DRIVERS\rdpdr.sys BA218000 - \SystemRoot\system32\DRIVERS\termdd.sys BA488000 - \SystemRoot\system32\DRIVERS\mouclass.sys BA5E8000 - \SystemRoot\system32\DRIVERS\swenum.sys B7009000 - \SystemRoot\system32\DRIVERS\update.sys B9B97000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BA228000 - \SystemRoot\System32\Drivers\NDProxy.SYS AEB61000 - \SystemRoot\system32\drivers\RtHDMI.sys AEB3D000 - \SystemRoot\system32\drivers\portcls.sys BA268000 - \SystemRoot\system32\drivers\drmk.sys BA278000 - \SystemRoot\system32\DRIVERS\usbhub.sys BA5F2000 - \SystemRoot\system32\DRIVERS\USBD.SYS AE66F000 - \SystemRoot\system32\drivers\RtkHDAud.sys BA498000 - \SystemRoot\system32\DRIVERS\flpydisk.sys BA5F6000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BA6F0000 - \SystemRoot\System32\Drivers\Null.SYS BA5F8000 - \SystemRoot\System32\Drivers\Beep.SYS BA4A8000 - \SystemRoot\System32\drivers\vga.sys BA5FA000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys BA4B0000 - \SystemRoot\System32\Drivers\Msfs.SYS BA348000 - \SystemRoot\System32\Drivers\Npfs.SYS B7B1F000 - \SystemRoot\system32\DRIVERS\rasacd.sys AE614000 - \SystemRoot\system32\DRIVERS\ipsec.sys AE593000 - \SystemRoot\system32\DRIVERS\tcpip.sys B7073000 - \SystemRoot\System32\drivers\ws2ifsl.sys AE56D000 - \SystemRoot\system32\DRIVERS\ipnat.sys AE54B000 - \SystemRoot\System32\drivers\afd.sys BA2A8000 - \SystemRoot\system32\DRIVERS\netbios.sys BA2B8000 - \SystemRoot\system32\DRIVERS\wanarp.sys BA350000 - \SystemRoot\System32\Drivers\StarOpen.SYS AE480000 - \SystemRoot\system32\DRIVERS\rdbss.sys BA2D8000 - \SystemRoot\system32\DRIVERS\arp1394.sys BA706000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS AE3E8000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys AE3B5000 - \??\C:\WINDOWS\system32\drivers\klif.sys BA188000 - \SystemRoot\System32\Drivers\Fips.SYS BA380000 - \SystemRoot\System32\Drivers\LUsbFilt.Sys BA1A8000 - \SystemRoot\System32\Drivers\WDFLDR.SYS AE33A000 - \SystemRoot\system32\DRIVERS\Wdf01000.sys AEB29000 - \SystemRoot\system32\DRIVERS\hidusb.sys BA1B8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS BA388000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS BA390000 - \SystemRoot\system32\DRIVERS\LHidFilt.Sys AEB25000 - \SystemRoot\system32\DRIVERS\mouhid.sys BA398000 - \SystemRoot\system32\DRIVERS\LMouFilt.Sys BA3A0000 - \SystemRoot\system32\DRIVERS\usbccgp.sys BA1C8000 - \SystemRoot\system32\drivers\lvusbsta.sys AEB1D000 - \SystemRoot\system32\DRIVERS\usbscan.sys BA3B0000 - \SystemRoot\system32\DRIVERS\usbprint.sys BA3C0000 - \SystemRoot\system32\DRIVERS\HPZius12.sys AE1A8000 - \SystemRoot\system32\DRIVERS\LVCM.sys ADF8D000 - \SystemRoot\system32\DRIVERS\lvsvf2.sys B712F000 - \SystemRoot\system32\DRIVERS\STREAM.SYS B710F000 - \SystemRoot\system32\drivers\usbaudio.sys B70FF000 - \SystemRoot\system32\DRIVERS\HPZid412.sys AEB19000 - \SystemRoot\system32\DRIVERS\HPZipr12.sys B70BF000 - \SystemRoot\System32\Drivers\Cdfs.SYS ADF75000 - \SystemRoot\System32\Drivers\dump_atapi.sys BA610000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys AE65B000 - \SystemRoot\System32\drivers\Dxapi.sys BA3E8000 - \SystemRoot\System32\watchdog.sys BF000000 - \SystemRoot\System32\drivers\dxg.sys BA671000 - \SystemRoot\System32\drivers\dxgthk.sys BF012000 - \SystemRoot\System32\ati2dvag.dll BF058000 - \SystemRoot\System32\ati2cqag.dll BF0D2000 - \SystemRoot\System32\atikvmag.dll BF140000 - \SystemRoot\System32\atiok3x2.dll BF16B000 - \SystemRoot\System32\ati3duag.dll BF466000 - \SystemRoot\System32\ativvaxx.dll B713F000 - \SystemRoot\system32\DRIVERS\tifsfilt.sys ABB24000 - \SystemRoot\system32\DRIVERS\thdudf.sys ABB13000 - \SystemRoot\System32\Drivers\Udfs.SYS AB9D3000 - \SystemRoot\system32\DRIVERS\netbt.sys ABB39000 - \SystemRoot\system32\DRIVERS\ndisuio.sys AB7B6000 - \SystemRoot\system32\drivers\wdmaud.sys AB87B000 - \SystemRoot\system32\drivers\sysaudio.sys AE2FA000 - \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys BA3E0000 - \??\C:\WINDOWS\system32\drivers\btserial.sys AB5A6000 - \??\C:\WINDOWS\system32\drivers\btslbcsp.sys AB464000 - \SystemRoot\system32\DRIVERS\srv.sys AB3F7000 - \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl AABE3000 - \SystemRoot\System32\Drivers\HTTP.sys AAA2F000 - \SystemRoot\System32\Drivers\Fastfat.SYS AA914000 - \SystemRoot\system32\drivers\kmixer.sys BA735000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 155 Liste des programmes installes 32 Bit HP CIO Components Installer Acronis True Image Home Adobe AIR Adobe AIR Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 9 - Français AGEIA PhysX v2.6.0 AIO_Scan AmiFoot Analyseur et SDK MSXML 4.0 SP2 Archiveur WinRAR ATI - Utilitaire de désinstallation du logiciel ATI AVIVO Codecs ATI Catalyst Control Center ATI Display Driver ATI Parental Control & Encoder BufferChm Call of Duty® 4 - Modern Warfare 1.2 Patch Call of Duty® 4 - Modern Warfare 1.3 Patch Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch Cards_Calendar_OrderGift_DoMorePlugout Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-preinstall ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner (remove only) CDDRV_Installer Copy CoreAVC Professional Edition (remove only) Correctif pour Windows XP (KB952287) CustomerResearchQFolder CyberLink PowerDVD 8 CyberLink PowerDVD 8 dBpowerAMP AAC Codec dBpowerAMP FLAC Codec dBpowerAMP Monkeys Audio Codec dBpowerAMP Mp3 (MPEG Suite 2000 CLI) dBpowerAMP Music Converter dBpowerAMP Ogg Vorbis Codec dBpowerAMP Shorten Codec dBpowerAMP Skin Designer dBpowerAMP Wavpack Codec dBpowerAMP WMA V9.1 Codec Destination Component DeviceDiscovery DeviceManagementQFolder DJ_AIO_ProductContext DJ_AIO_Software DJ_AIO_Software_min dMC Power Pack DMI Browse DriverAgent Plugin for Netscape by TouchStone Software Droppix Recorder 2 DVD Decrypter (Remove Only) DVD X Player 4.1 Professional EasyCleaner eSupportQFolder F4100 F4100_doccd F4100_Help FripTV-Orange Haali Media Splitter High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 HP Customer Participation Program 9.0 HP Deskjet All-In-One Software 9.0 HP Imaging Device Functions 9.0 HP Photosmart Essential 2.5 HP Photosmart Essential 3.0 HP Smart Web Printing HP Solution Center 9.0 HP Update HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply Java 6 Update 7 K-Lite Codec Pack 3.4.5 Standard Kaspersky Anti-Virus 7.0 Kaspersky Anti-Virus 7.0 KC Softwares VideoInspector KhalInstallWrapper Lame ACM MP3 Codec Le journal de votre naissance LimeWire PRO 4.14.0 Logiciel QuickCam de Logitech Logitech Desktop Messenger Logitech Print Service Logitech SetPoint Ma-Config.com MarketResearch Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office XP Professional avec FrontPage Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Mise à jour de logiciel pour les Dossiers Web Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB946648) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB950974) Mise à jour de sécurité pour Windows XP (KB951066) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour de sécurité pour Windows XP (KB951748) Mise à jour de sécurité pour Windows XP (KB952954) Mise à jour de sécurité pour Windows XP (KB953839) Mise à jour pour Windows XP (KB951072-v2) Mise à jour pour Windows XP (KB951978) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Mozilla Firefox (2.0.0.16) MSXML 6.0 Parser (KB933579) Multimedia Mouse Driver Multimedia Mouse Driver Nero 8 Lite 8.1.1.0 oggcodecs Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) PartitionMagic PowerQuest PartitionMagic 8.0 Programme de gestion Camera de Logitech® PSSWCORE REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Reload Post Maker Scan Skins SolutionCenter Sony Picture Utility Sony USB Driver Spybot - Search & Destroy Status System Requirements Lab Toolbox TrayApp TuneUp Utilities 2008 UnloadSupport VideoLAN VLC media player 0.8.6i VideoToolkit01 VirtualDub 1.6.9 Fr WebReg WIDCOMM Bluetooth Software Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Live Messenger Windows Media Player Firefox Plugin Windows XP Service Pack 3 Xvid 1.1.3 final uninstall Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 8CB5-421F Répertoire de C:\Program Files 08/21/2008 23:34 <REP> . 08/21/2008 23:34 <REP> .. 05/06/2008 03:05 <REP> Acronis 08/10/2008 18:14 <REP> Adobe 03/24/2008 16:30 <REP> AGEIA Technologies 01/16/2008 00:06 <REP> Anuman Interactive 06/14/2008 05:20 <REP> ATI Technologies 06/06/2008 00:58 <REP> AviSynth 2.5 05/22/2008 12:09 <REP> Azureus 08/13/2008 03:05 <REP> CCleaner 12/30/2007 03:52 <REP> ComPlus Applications 08/12/2008 17:24 <REP> CoreCodec 05/08/2008 14:24 <REP> CyberLink 05/05/2008 18:08 <REP> DAEMON Tools Lite 12/30/2007 04:04 <REP> DIFX 06/03/2008 17:15 <REP> Droppix 12/30/2007 04:27 <REP> DVD Decrypter 01/20/2008 10:44 <REP> DVD X Studios 06/26/2008 04:47 <REP> Fichiers communs 08/13/2008 20:56 <REP> FripTV-Orange 07/04/2008 07:57 <REP> Haali 01/04/2008 23:16 <REP> Hewlett-Packard 01/04/2008 23:18 <REP> HP 06/03/2008 17:15 <REP> illiminable 12/30/2007 04:43 <REP> Illustrate 08/13/2008 05:42 <REP> Internet Explorer 08/13/2008 03:39 <REP> Java 01/05/2008 00:47 <REP> Kaspersky Lab 12/30/2007 04:26 <REP> KC Softwares 12/30/2007 04:24 <REP> K-Lite Codec Pack 10/28/2007 23:24 <REP> Lavalys 08/20/2008 03:22 <REP> LimeWire 03/27/2008 20:02 <REP> Logitech 06/10/2008 11:12 <REP> ma-config.com 08/20/2008 02:44 <REP> Messenger 04/03/2008 22:01 <REP> Messenger Plus! Live 12/30/2007 03:58 <REP> microsoft frontpage 12/30/2007 04:51 <REP> Microsoft Office 06/06/2008 00:56 <REP> MKVtoolnix 08/13/2008 06:20 <REP> movie maker 08/21/2008 23:17 <REP> Mozilla Firefox 12/30/2007 04:25 <REP> MP3Gain 06/14/2008 08:25 <REP> MSI 08/13/2008 06:20 <REP> msn 08/13/2008 06:26 <REP> msn gaming zone 08/14/2008 00:41 <REP> MSN Messenger 01/19/2008 14:30 <REP> MSXML 4.0 12/30/2007 03:54 <REP> MSXML 6.0 12/31/2007 02:10 <REP> Multimedia Mouse Driver 12/30/2007 04:47 <REP> Nero 08/13/2008 06:26 <REP> netmeeting 08/13/2008 06:18 <REP> Outlook Express 01/05/2008 10:25 <REP> PowerQuest 01/08/2008 20:59 <REP> Realtek 03/28/2008 22:37 <REP> ReflexiveArcade 06/06/2008 00:56 <REP> Ripp-it_AM 01/15/2008 19:27 <REP> Samsung 06/14/2008 08:26 <REP> Setup Files 12/31/2007 15:23 <REP> Sony 08/09/2008 14:47 <REP> Spybot - Search & Destroy 01/22/2008 00:30 <REP> SystemRequirementsLab 12/30/2007 04:13 <REP> ToniArts 08/20/2008 01:03 <REP> Trend Micro 05/13/2008 20:03 <REP> TryMedia 07/01/2008 21:53 <REP> TuneUp Utilities 2008 12/30/2007 04:39 <REP> uTorrent 08/12/2008 20:25 <REP> VideoLAN 01/18/2008 11:21 <REP> VirtualDub 03/26/2008 21:09 <REP> WIDCOMM 06/14/2008 09:12 <REP> WinCustomize 04/03/2008 22:01 <REP> Windows Live 01/18/2008 20:53 <REP> Windows Media Connect 2 08/13/2008 06:18 <REP> Windows Media Player 12/30/2007 03:51 <REP> Windows NT 12/31/2007 01:33 <REP> WinRAR 08/13/2008 06:26 <REP> xerox 03/02/2008 01:42 <REP> Xvid 0 fichier(s) 0 octets 77 Rép(s) 12,757,573,632 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 8CB5-421F Répertoire de C:\Program Files\fichiers communs 06/26/2008 04:47 <REP> . 06/26/2008 04:47 <REP> .. 05/06/2008 03:05 <REP> Acronis 08/10/2008 18:14 <REP> Adobe 03/12/2008 17:54 <REP> Adobe AIR 06/14/2008 05:18 <REP> ATI Technologies 12/31/2007 02:29 <REP> BitDefender 05/08/2008 14:24 <REP> CyberLink 12/30/2007 04:51 <REP> Designer 06/03/2008 17:15 <REP> Droppix 03/27/2008 20:02 <REP> FotoWire 01/04/2008 23:16 <REP> Hewlett-Packard 01/04/2008 23:16 <REP> HP 12/31/2007 02:10 <REP> InstallShield 12/30/2007 04:40 <REP> Java 06/07/2008 23:10 <REP> LightScribe 04/22/2008 17:57 <REP> Logishrd 04/22/2008 17:57 <REP> Logitech 12/30/2007 04:51 <REP> Microsoft Shared 12/30/2007 03:53 <REP> MSSoap 12/30/2007 04:47 <REP> Nero 12/29/2007 23:48 <REP> ODBC 12/30/2007 03:53 <REP> Services 12/29/2007 23:48 <REP> SpeechEngines 06/26/2008 04:45 <REP> Stardock 08/13/2008 06:18 <REP> System 07/01/2008 21:53 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 27 Rép(s) 12,757,573,632 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 8CB5-421F Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 12/30/2007 03:58 <REP> . 12/30/2007 03:58 <REP> .. 12/30/2007 04:51 <REP> 1033 12/30/2007 03:58 <REP> 1036 09/17/2004 20:43 1,293,008 msonsext.dll 02/13/2001 14:23 58,784 MSOSV.DLL 08/06/2000 15:04 401,462 MSVCP60.DLL 01/22/2001 09:25 69,632 PKMAXCTL.DLL 01/22/2001 09:25 872,448 PKMCDO.DLL 01/22/2001 09:25 159,744 PKMCORE.DLL 02/07/2001 15:59 106,496 PKMFORMS.DLL 02/12/2001 10:03 684,032 PKMRES.DLL 01/22/2001 09:25 28,672 PKMSSTLB.DLL 01/22/2001 09:25 40,960 PKMTEMPL.DLL 01/22/2001 09:25 24,576 PKMTRACE.DLL 09/17/2004 20:43 80,448 pkmws.dll 01/22/2001 09:25 237,568 PROMDEMO.DLL 01/22/2001 09:25 184,320 SECMGR.DLL 01/22/2001 09:25 323,584 VAIDDMGR.DLL 01/22/2001 09:25 32,768 VAIMEM.DLL 16 fichier(s) 4,598,502 octets 4 Rép(s) 12,757,573,632 octets libres c:\Documents and Settings\Administrateur\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{14AD6F0C-6C41-4910-A516-4DDA376149A9}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{14AD6F0C-6C41-4910-A516-4DDA376149A9}\friptv.exe_14AD6F0C6C414910A5164DDA376149A9.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{14AD6F0C-6C41-4910-A516-4DDA376149A9}\FripTVGUI2.exe_14AD6F0C6C414910A5164DDA376149A9.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{14AD6F0C-6C41-4910-A516-4DDA376149A9}\UNINST_Uninstall_F_14AD6F0C6C414910A5164DDA376149A9.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Administrateur\Bureau\explorer.exe c:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe c:\Documents and Settings\Administrateur\Bureau\SDFix.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\404Fix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\IEDFix.C.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\IEDFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\UIFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\VACFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\Administrateur\Local Settings\Temp\GLB1A2B.EXE c:\Documents and Settings\Administrateur\Application Data\HPAppData\RegClean.dll c:\Documents and Settings\Administrateur\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVKO}\xmlparse.dll c:\Documents and Settings\Administrateur\Application Data\Identities\{000HQ7FF-AD7A-3FG4-HE44-22Q2HFA54VUU}\xmlparse.dll c:\Documents and Settings\Administrateur\Application Data\Identities\{000HQ7FF-AD7A-3FG4-SA0C-22B8SP58AVUS}\xmlparse.dll c:\Documents and Settings\Administrateur\Application Data\Identities\{000HQ7FF-AD7A-3FG4-SA0C-22B8SP58AVV3}\xmlparse.dll c:\Documents and Settings\Administrateur\Application Data\Identities\{000HQ7FF-AD7A-3FG4-SA0C-22B8SP58AVVO}\xmlparse.dll c:\Documents and Settings\Administrateur\Application Data\Identities\{000HQ7FF-AD7A-3FG6-5I21-21UMR3484VVA}\xmlparse.dll c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7ot9v5q0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7ot9v5q0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7ot9v5q0.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll c:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxyI.dll c:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxyJ.dll c:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxyK.dll c:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxyL.dll c:\Documents and Settings\Administrateur\Application Data\TaoUSign\jsec.dll c:\Documents and Settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll c:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\Data\hpqd_cul_s.dll c:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\Data\Destination\aiopfl.dll c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\DRWEB32.DLL c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_PC-ADMIN.tar.gz a l'adresse http://upload.malekal.com Concernant le test avec firefox je le ferai peut être plus tard car pour l'instant je n'ai plus le problème

Tout d'abord merci beaucoup de me venir en aide.... Voici les 2 rapports demandés: SDFix: Version 1.218 Run by Administrateur on jeu. 08/21/2008 at 19:15 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-21 19:18:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:59345fc6 "s2"=dword:194fa5f1 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,fa,6a,73,de,ee,8c,2b,cb,fb,8b,ac,e0,ca,8e,e9,4a,25,5b,a1,f4,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ca,1a,74,ad,92,8f,5e,1f,96,2b,c7,b8,ba,28,05,7e,ec,.. "khjeh"=hex:49,73,6c,4e,b3,93,6f,42,55,eb,51,83,01,80,d2,9b,43,d9,2b,98,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b9,c3,c9,9a,c3,cf,34,76,ab,4e,01,19,3d,03,71,77,50,d5,e7,b8,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF409B40-EC84-46DA-BFE2-5D2E0849BA58}] "DhcpRetryTime"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,fa,6a,73,de,ee,8c,2b,cb,fb,8b,ac,e0,ca,8e,e9,4a,25,5b,a1,f4,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ca,1a,74,ad,92,8f,5e,1f,96,2b,c7,b8,ba,28,05,7e,ec,.. "khjeh"=hex:49,73,6c,4e,b3,93,6f,42,55,eb,51,83,01,80,d2,9b,43,d9,2b,98,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b9,c3,c9,9a,c3,cf,34,76,ab,4e,01,19,3d,03,71,77,50,d5,e7,b8,1b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,fa,6a,73,de,ee,8c,2b,cb,fb,8b,ac,e0,ca,8e,e9,4a,25,5b,a1,f4,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ca,1a,74,ad,92,8f,5e,1f,96,2b,c7,b8,ba,28,05,7e,ec,.. "khjeh"=hex:49,73,6c,4e,b3,93,6f,42,55,eb,51,83,01,80,d2,9b,43,d9,2b,98,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b9,c3,c9,9a,c3,cf,34,76,ab,4e,01,19,3d,03,71,77,50,d5,e7,b8,1b,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19] "ProfileLoadTimeLow"=dword:e4633956 "ProfileLoadTimeHigh"=dword:01c90260 "RefCount"=dword:00000001 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"="C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 12 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished! SmitFraudFix v2.338 Rapport fait à 19:21:33.48, jeu. 08/21/2008 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\..\{44A75601-DFAF-4605-8351-2A9BE0D9CA19}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\..\{44A75601-DFAF-4605-8351-2A9BE0D9CA19}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS2\Services\Tcpip\..\{44A75601-DFAF-4605-8351-2A9BE0D9CA19}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS3\Services\Tcpip\..\{44A75601-DFAF-4605-8351-2A9BE0D9CA19}: DhcpNameServer=192.168.1.1 0.0.0.0 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonjour, Suite à une infection (virus alert à côté de l'heure) et nettoyage, j'ai encore des petits soucis sur mon PC : lors de navigation sur le net de temps en temps le pc s'affole et m'ouvre Firefox tout seul (environ 80 fois), je vous transmet le rapport HijackThis et m'indiquer s'il y a des choses anormales. D'avance merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:04:49, on 8/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 8082 bytes