Hishiro

Oui effectivement ! Je suis donc débarrassé de l'infection ? Je vous remercie

Merci !Voici les rapports : 17:56:46:000 5200 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 17:56:46:000 5200 ================================================================================ 17:56:46:000 5200 SystemInfo: 17:56:46:000 5200 OS Version: 5.1.2600 ServicePack: 3.0 17:56:46:000 5200 Product type: Workstation 17:56:46:000 5200 ComputerName: MIKE 17:56:46:000 5200 UserName: Hishiro 17:56:46:000 5200 Windows directory: C:\WINDOWS 17:56:46:000 5200 Processor architecture: Intel x86 17:56:46:000 5200 Number of processors: 1 17:56:46:000 5200 Page size: 0x1000 17:56:46:015 5200 Boot type: Normal boot 17:56:46:015 5200 ================================================================================ 17:56:46:015 5200 main: Driver KLMD successfully unloaded 17:56:46:515 5200 ForceUnloadDriver: NtUnloadDriver error 2 17:56:46:515 5200 ForceUnloadDriver: NtUnloadDriver error 2 17:56:46:515 5200 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 17:56:46:515 5200 main: Driver KLMD successfully dropped 17:56:46:515 5200 main: Driver KLMD successfully loaded 17:56:46:515 5200 Scanning Registry ... 17:56:46:515 5200 ScanServices: Searching service UACd.sys 17:56:46:515 5200 ScanServices: Open/Create key error 2 17:56:46:515 5200 ScanServices: Searching service TDSSserv.sys 17:56:46:515 5200 ScanServices: Open/Create key error 2 17:56:46:515 5200 ScanServices: Searching service gaopdxserv.sys 17:56:46:515 5200 ScanServices: Open/Create key error 2 17:56:46:515 5200 ScanServices: Searching service gxvxcserv.sys 17:56:46:515 5200 ScanServices: Open/Create key error 2 17:56:46:515 5200 ScanServices: Searching service MSIVXserv.sys 17:56:46:515 5200 ScanServices: Open/Create key error 2 17:56:46:515 5200 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000 17:56:46:515 5200 UnhookRegistry: Kernel local addr: DF0000 17:56:46:515 5200 UnhookRegistry: KeServiceDescriptorTable addr: E6C020 17:56:46:515 5200 UnhookRegistry: KiServiceTable addr: E1AB9C 17:56:46:515 5200 UnhookRegistry: NtEnumerateKey service number (local): 47 17:56:46:515 5200 UnhookRegistry: NtEnumerateKey local addr: F33B70 17:56:46:531 5200 KLMD_OpenDevice: Trying to open KLMD device 17:56:46:531 5200 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 17:56:46:531 5200 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 17:56:46:531 5200 KLMD_ReadMem: Trying to ReadMemory 0x804FE335[0x4] 17:56:46:531 5200 UnhookRegistry: NtEnumerateKey service number (kernel): 47 17:56:46:531 5200 KLMD_ReadMem: Trying to ReadMemory 0x80501CB8[0x4] 17:56:46:531 5200 UnhookRegistry: NtEnumerateKey real addr: 8061AB70 17:56:46:531 5200 UnhookRegistry: NtEnumerateKey calc addr: 8061AB70 17:56:46:531 5200 UnhookRegistry: No SDT hooks found on NtEnumerateKey 17:56:46:531 5200 KLMD_ReadMem: Trying to ReadMemory 0x8061AB70[0xA] 17:56:46:531 5200 UnhookRegistry: No splicing found on NtEnumerateKey 17:56:46:531 5200 Scanning Kernel memory ... 17:56:46:531 5200 KLMD_OpenDevice: Trying to open KLMD device 17:56:46:531 5200 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 17:56:46:531 5200 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 17:56:46:531 5200 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 868FB230 17:56:46:531 5200 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects 17:56:46:531 5200 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8690C030 17:56:46:531 5200 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8690C030 17:56:46:531 5200 KLMD_ReadMem: Trying to ReadMemory 0x8690C030[0x38] 17:56:46:531 5200 DetectCureTDL3: DRIVER_OBJECT addr: 868FB230 17:56:46:531 5200 KLMD_ReadMem: Trying to ReadMemory 0x868FB230[0xA8] 17:56:46:531 5200 KLMD_ReadMem: Trying to ReadMemory 0xE1012370[0x208] 17:56:46:531 5200 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 17:56:46:531 5200 DetectCureTDL3: IrpHandler (0) addr: F764EBB0 17:56:46:531 5200 DetectCureTDL3: IrpHandler (1) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (2) addr: F764EBB0 17:56:46:531 5200 DetectCureTDL3: IrpHandler (3) addr: F7648D1F 17:56:46:531 5200 DetectCureTDL3: IrpHandler (4) addr: F7648D1F 17:56:46:531 5200 DetectCureTDL3: IrpHandler (5) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (6) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (7) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler ( addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (9) addr: F76492E2 17:56:46:531 5200 DetectCureTDL3: IrpHandler (10) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (11) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (12) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (13) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (14) addr: F76493BB 17:56:46:531 5200 DetectCureTDL3: IrpHandler (15) addr: F764CF28 17:56:46:531 5200 DetectCureTDL3: IrpHandler (16) addr: F76492E2 17:56:46:531 5200 DetectCureTDL3: IrpHandler (17) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (18) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (19) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (20) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (21) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (22) addr: F764AC82 17:56:46:531 5200 DetectCureTDL3: IrpHandler (23) addr: F764F99E 17:56:46:531 5200 DetectCureTDL3: IrpHandler (24) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (25) addr: 804F355A 17:56:46:531 5200 DetectCureTDL3: IrpHandler (26) addr: 804F355A 17:56:46:531 5200 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 17:56:46:531 5200 KLMD_ReadMem: DeviceIoControl error 1 17:56:46:531 5200 TDL3_StartIoHookDetect: Unable to get StartIo handler code 17:56:46:531 5200 TDL3_FileDetect: Processing driver: Disk 17:56:46:531 5200 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 17:56:46:531 5200 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 17:56:46:531 5200 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 17:56:46:562 5200 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8690D548 17:56:46:562 5200 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8690D548 17:56:46:562 5200 KLMD_ReadMem: Trying to ReadMemory 0x8690D548[0x38] 17:56:46:562 5200 DetectCureTDL3: DRIVER_OBJECT addr: 868FB230 17:56:46:562 5200 KLMD_ReadMem: Trying to ReadMemory 0x868FB230[0xA8] 17:56:46:562 5200 KLMD_ReadMem: Trying to ReadMemory 0xE1012370[0x208] 17:56:46:562 5200 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 17:56:46:562 5200 DetectCureTDL3: IrpHandler (0) addr: F764EBB0 17:56:46:562 5200 DetectCureTDL3: IrpHandler (1) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (2) addr: F764EBB0 17:56:46:562 5200 DetectCureTDL3: IrpHandler (3) addr: F7648D1F 17:56:46:562 5200 DetectCureTDL3: IrpHandler (4) addr: F7648D1F 17:56:46:562 5200 DetectCureTDL3: IrpHandler (5) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (6) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (7) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler ( addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (9) addr: F76492E2 17:56:46:562 5200 DetectCureTDL3: IrpHandler (10) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (11) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (12) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (13) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (14) addr: F76493BB 17:56:46:562 5200 DetectCureTDL3: IrpHandler (15) addr: F764CF28 17:56:46:562 5200 DetectCureTDL3: IrpHandler (16) addr: F76492E2 17:56:46:562 5200 DetectCureTDL3: IrpHandler (17) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (18) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (19) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (20) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (21) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (22) addr: F764AC82 17:56:46:562 5200 DetectCureTDL3: IrpHandler (23) addr: F764F99E 17:56:46:562 5200 DetectCureTDL3: IrpHandler (24) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (25) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (26) addr: 804F355A 17:56:46:562 5200 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 17:56:46:562 5200 KLMD_ReadMem: DeviceIoControl error 1 17:56:46:562 5200 TDL3_StartIoHookDetect: Unable to get StartIo handler code 17:56:46:562 5200 TDL3_FileDetect: Processing driver: Disk 17:56:46:562 5200 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 17:56:46:562 5200 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 17:56:46:562 5200 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 17:56:46:562 5200 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 868FF388 17:56:46:562 5200 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868FF388 17:56:46:562 5200 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 868FC3B8 17:56:46:562 5200 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868FC3B8 17:56:46:562 5200 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 868FBD98 17:56:46:562 5200 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868FBD98 17:56:46:562 5200 KLMD_ReadMem: Trying to ReadMemory 0x868FBD98[0x38] 17:56:46:562 5200 DetectCureTDL3: DRIVER_OBJECT addr: 869A5868 17:56:46:562 5200 KLMD_ReadMem: Trying to ReadMemory 0x869A5868[0xA8] 17:56:46:562 5200 KLMD_ReadMem: Trying to ReadMemory 0xE1011FE0[0x208] 17:56:46:562 5200 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 17:56:46:562 5200 DetectCureTDL3: IrpHandler (0) addr: F7317B40 17:56:46:562 5200 DetectCureTDL3: IrpHandler (1) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (2) addr: F7317B40 17:56:46:562 5200 DetectCureTDL3: IrpHandler (3) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (4) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (5) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (6) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (7) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler ( addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (9) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (10) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (11) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (12) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (13) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (14) addr: F7317B40 17:56:46:562 5200 DetectCureTDL3: IrpHandler (15) addr: F7317B40 17:56:46:562 5200 DetectCureTDL3: IrpHandler (16) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (17) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (18) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (19) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (20) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (21) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (22) addr: F7317B40 17:56:46:562 5200 DetectCureTDL3: IrpHandler (23) addr: F7317B40 17:56:46:562 5200 DetectCureTDL3: IrpHandler (24) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (25) addr: 804F355A 17:56:46:562 5200 DetectCureTDL3: IrpHandler (26) addr: 804F355A 17:56:46:562 5200 KLMD_ReadMem: Trying to ReadMemory 0xF7315864[0x400] 17:56:46:562 5200 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 17:56:46:562 5200 TDL3_FileDetect: Processing driver: atapi 17:56:46:562 5200 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 17:56:46:562 5200 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 17:56:46:562 5200 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 17:56:46:562 5200 Completed Results: 17:56:46:562 5200 Infected objects in memory: 0 17:56:46:562 5200 Cured objects in memory: 0 17:56:46:562 5200 Infected objects on disk: 0 17:56:46:562 5200 Objects on disk cured on reboot: 0 17:56:46:562 5200 Objects on disk deleted on reboot: 0 17:56:46:562 5200 Registry nodes deleted on reboot: 0 17:56:46:562 5200 Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3479 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/01/2010 18:53:26 mbam-log-2010-01-02 (18-53-26).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|) Eléments examinés: 327175 Temps écoulé: 38 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): \\?\globalroot\systemroot\system32\H8SRTumvalkwnke.dll (Rootkit.TDSS) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): \\?\globalroot\systemroot\system32\H8SRTumvalkwnke.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. D:\Documents and Settings\Hishiro\Local Settings\Temp\settdebugx.exe (Rogue.Installer) -> Quarantined and deleted successfully. D:\Documents and Settings\Hishiro\Local Settings\Temporary Internet Files\Content.IE5\BEOSC11I\eH8df1cff7V03006f35002Ra5a024c7102Tc6ca3b85Q0000028b901807F0020000aJ0200050 1l000c317P000000070[1] (Trojan.Downloader) -> Quarantined and deleted successfully. D:\Documents and Settings\Hishiro\Mes documents\Mes fichiers reçus\Axdxoxbxe Axlxl Pxrodxucts Kxexyxmxaker\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. Au rédémarrage apres analyse MBM, j'ai eu une erreur systeme ( écran bleu ). J'ai eteint/rallumer la tour et redémarrage correct.

Tout d'abord bonne année à tous ! Donc voici mon problème, il se retrouve que récemment j'ai été infecté par Malware Defense, j'ai téléchargé Adaware qui dit me l'avoir supprimé ( ce qui semble correct car je ne vois plus de problèmes lié à ce programme ). Cependant mon internet rame et j'ai le processus iexplorer.exe en fonction alors que je n'utilise pas internet explorer. De plus je n'arrive pas à installer des programmes anti-viral/spyware .. Pour Windows defender par exemple, on me dit que je n'ai pas les privilèges et pour MBAM ça bloque à la fin de l'installation. Voici mon rapport Hijack, Merci d'avance Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 16:41:58, on 2/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe D:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\Iexplore.exe D:\Program Files\Hijack\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14978&l=dis R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.be/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.fr/fr.special-uninstallatio...uot;ver=9.0.722 O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [settdebugx.exe] D:\DOCUME~1\Hishiro\LOCALS~1\Temp\settdebugx.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BDARemote.lnk = ? O4 - Global Startup: McAfee Security Scan.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252935447406 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9245 bytes