Renaud_C

Voici le rapport ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/08/09 22:28 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: a77nbax1.SYS Image Path: C:\WINDOWS\System32\Drivers\a77nbax1.SYS Address: 0xB7119000 Size: 303104 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB420D000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xB85E4000 Size: 8192 File Visible: No Signed: - Status: - Name: mc23.tmp Image Path: C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\mc23.tmp Address: 0xB86D8000 Size: 2560 File Visible: No Signed: - Status: - Name: PCI_PNP8262 Image Path: \Driver\PCI_PNP8262 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB0787000 Size: 49152 File Visible: No Signed: - Status: - Name: spsv.sys Image Path: spsv.sys Address: 0xB7EA9000 Size: 1040384 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\SESSION XP\Cookies\session_xp@cdn5.specificclick[1].txt Status: Invisible to the Windows API! Path: C:\Documents and Settings\SESSION XP\Cookies\session_xp@forum.zebulon[1].txt Status: Invisible to the Windows API! Path: C:\Documents and Settings\SESSION XP\Cookies\adCACOYUUF Status: Locked to the Windows API! Path: C:\Documents and Settings\SESSION XP\Cookies\adserveCAEYNGL3.htm Status: Locked to the Windows API! Path: C:\Documents and Settings\SESSION XP\Cookies\session_xp@www.zebulon[1].txt Status: Invisible to the Windows API! Path: C:\Documents and Settings\SESSION XP\Cookies\session_xp@zebulon[2].txt Status: Invisible to the Windows API! Path: C:\Documents and Settings\SESSION XP\Cookies\session_xp@cdn5.specificclick[2].txt Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\SESSION XP\Cookies\session_xp@forum.zebulon[2].txt Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\SESSION XP\Cookies\session_xp@www.zebulon[2].txt Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\SESSION XP\Cookies\session_xp@zebulon[1].txt Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xb879b6fe #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xb879b6f4 #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xb879b703 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xb879b70d #: 071 Function Name: NtEnumerateKey Status: Hooked by "spsv.sys" at address 0xb7ec7ca2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spsv.sys" at address 0xb7ec8030 #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xb879b712 #: 119 Function Name: NtOpenKey Status: Hooked by "spsv.sys" at address 0xb7eaa0c0 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xb879b6e0 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xb879b6e5 #: 160 Function Name: NtQueryKey Status: Hooked by "spsv.sys" at address 0xb7ec8108 #: 177 Function Name: NtQueryValueKey Status: Hooked by "spsv.sys" at address 0xb7ec7f88 #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xb879b71c #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xb879b717 #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xb879b708 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xb879b6ef Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8ad6f1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x89a8c1f8 Size: 121 Object: Hidden Code [Driver: sys, IRP_MJ_CREATE] Process: System Address: 0x8ad38500 Size: 121 Object: Hidden Code [Driver: sys, IRP_MJ_CLOSE] Process: System Address: 0x8ad38500 Size: 121 Object: Hidden Code [Driver: sys, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ad38500 Size: 121 Object: Hidden Code [Driver: sys, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8ad38500 Size: 121 Object: Hidden Code [Driver: sys, IRP_MJ_POWER] Process: System Address: 0x8ad38500 Size: 121 Object: Hidden Code [Driver: sys, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ad38500 Size: 121 Object: Hidden Code [Driver: sys, IRP_MJ_PNP] Process: System Address: 0x8ad38500 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8ac641f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8addf1f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE] Process: System Address: 0x8ad391f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE] Process: System Address: 0x8ad391f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ad391f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8ad391f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER] Process: System Address: 0x8ad391f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ad391f8 Size: 121 Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP] Process: System Address: 0x8ad391f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8ad711f8 Size: 121 Object: Hidden Code [Driver: a77nbax1ȅఈ浍浓談Ā, IRP_MJ_CREATE] Process: System Address: 0x8ac50500 Size: 121 Object: Hidden Code [Driver: a77nbax1ȅఈ浍浓談Ā, IRP_MJ_CLOSE] Process: System Address: 0x8ac50500 Size: 121 Object: Hidden Code [Driver: a77nbax1ȅఈ浍浓談Ā, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ac50500 Size: 121 Object: Hidden Code [Driver: a77nbax1ȅఈ浍浓談Ā, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8ac50500 Size: 121 Object: Hidden Code [Driver: a77nbax1ȅఈ浍浓談Ā, IRP_MJ_POWER] Process: System Address: 0x8ac50500 Size: 121 Object: Hidden Code [Driver: a77nbax1ȅఈ浍浓談Ā, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ac50500 Size: 121 Object: Hidden Code [Driver: a77nbax1ȅఈ浍浓談Ā, IRP_MJ_PNP] Process: System Address: 0x8ac50500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x89af41f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x89af41f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89af41f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89af41f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x89af41f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x89af41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8ad321f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8ad321f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ad321f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8ad321f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8ad321f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ad321f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8ad321f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_CREATE] Process: System Address: 0x8addd1f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_CLOSE] Process: System Address: 0x8addd1f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8addd1f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8addd1f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_POWER] Process: System Address: 0x8addd1f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8addd1f8 Size: 121 Object: Hidden Code [Driver: sbp2port, IRP_MJ_PNP] Process: System Address: 0x8addd1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x89aee1f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_CREATE] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_CLOSE] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_READ] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_SHUTDOWN] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_CLEANUP] Process: System Address: 0x89ac21f8 Size: 121 Object: Hidden Code [Driver: Program Fil, IRP_MJ_PNP] Process: System Address: 0x89ac21f8 Size: 121 ==EOF==

bonsoir pear, et merci je lance rootrepeal.

Après un boot réussi, je vous transmets le rapport sysprot en rouge les lignes hidden SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: spsv.sys Service Name: --- Module Base: B7EA9000 Module End: B7FA7000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\azv8tf0l.SYS Service Name: --- Module Base: B7163000 Module End: B71CA000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\a77nbax1.SYS Service Name: --- Module Base: B7119000 Module End: B7163000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: B420D000 Module End: B4225000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: B85E4000 Module End: B85E6000 Hidden: Yes Module Name: \??\C:\DOCUME~1\SESSIO~1\LOCALS~1\Temp\mc23.tmp Service Name: mchInjDrv Module Base: B86D8000 Module End: B86D9000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwCreateKey Address: B879B6FE Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateThread Address: B879B6F4 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwDeleteKey Address: B879B703 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwDeleteValueKey Address: B879B70D Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwEnumerateKey Address: B7EC7CA2 Driver Base: B7EA9000 Driver End: B7FA7000 Driver Name: spsv.sys Function Name: ZwEnumerateValueKey Address: B7EC8030 Driver Base: B7EA9000 Driver End: B7FA7000 Driver Name: spsv.sys Function Name: ZwLoadKey Address: B879B712 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenKey Address: B7EAA0C0 Driver Base: B7EA9000 Driver End: B7FA7000 Driver Name: spsv.sys Function Name: ZwOpenProcess Address: B879B6E0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenThread Address: B879B6E5 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwQueryKey Address: B7EC8108 Driver Base: B7EA9000 Driver End: B7FA7000 Driver Name: spsv.sys Function Name: ZwQueryValueKey Address: B7EC7F88 Driver Base: B7EA9000 Driver End: B7FA7000 Driver Name: spsv.sys Function Name: ZwReplaceKey Address: B879B71C Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwRestoreKey Address: B879B717 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwSetValueKey Address: B879B708 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwTerminateProcess Address: B879B6EF Driver Base: 0 Driver End: 0 Driver Name: _unknown_ ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** IRP Hooks: Hooked Module: \SystemRoot\System32\Drivers\azv8tf0l.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 8AD38500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\azv8tf0l.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 8AD38500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\azv8tf0l.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8AD38500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\azv8tf0l.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8AD38500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\azv8tf0l.SYS Hooked IRP: IRP_MJ_POWER Jump To: 8AD38500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\azv8tf0l.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8AD38500 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_READ Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_WRITE Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_POWER Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8ADDF1F8 Hooking Module: _unknown_ Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CLOSE Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_READ Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_WRITE Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_EA Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_EA Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SHUTDOWN Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CLEANUP Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_SECURITY Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_POWER Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_QUOTA Jump To: B7EAA000 Hooking Module: spsv.sys Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8AD391F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8AD391F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8AD391F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8AD391F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_POWER Jump To: 8AD391F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8AD391F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_READ Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_WRITE Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_POWER Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8AD711F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\a77nbax1.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 8AC50500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\a77nbax1.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 8AC50500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\a77nbax1.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8AC50500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\a77nbax1.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8AC50500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\a77nbax1.SYS Hooked IRP: IRP_MJ_POWER Jump To: 8AC50500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\a77nbax1.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8AC50500 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CREATE Jump To: 89AF41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 89AF41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 89AF41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 89AF41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 89AF41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_READ Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_WRITE Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_POWER Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8AC641F8 Hooking Module: _unknown_ Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_CREATE Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_CLOSE Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_READ Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_WRITE Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_QUERY_EA Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_SET_EA Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_SHUTDOWN Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_CLEANUP Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_SET_SECURITY Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_POWER Jump To: B7EB3A1A Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: B7EC5514 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: \Driver\PCI_PNP8262 Hooked IRP: IRP_MJ_SET_QUOTA Jump To: B7EECAD2 Hooking Module: spsv.sys Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8AD321F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8AD321F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8AD321F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8AD321F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_POWER Jump To: 8AD321F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8AD321F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\sbp2port.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8ADDD1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\sbp2port.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8ADDD1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\sbp2port.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8ADDD1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\sbp2port.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8ADDD1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\sbp2port.sys Hooked IRP: IRP_MJ_POWER Jump To: 8ADDD1F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\sbp2port.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8ADDD1F8 Hooking Module: _unknown_ ****************************************************************************************** ****************************************************************************************** Ports: Local Address: VENTO:1050 Remote Address: STATIC-IP-62-41.EURORINGS.NET:HTTP Type: TCP Process: C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe State: ESTABLISHED Local Address: VENTO:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: SYSTEM State: LISTENING Local Address: VENTO:5354 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: LISTENING Local Address: VENTO:5152 Remote Address: LOCALHOST:1201 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: CLOSE_WAIT Local Address: VENTO:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: VENTO:1200 Remote Address: LOCALHOST:5152 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: VENTO:1031 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: VENTO:3261 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe State: LISTENING Local Address: VENTO:3260 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe State: LISTENING Local Address: VENTO:2869 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: VENTO:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: SYSTEM State: LISTENING Local Address: VENTO:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: VENTO:5353 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: VENTO:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: VENTO:138 Remote Address: NA Type: UDP Process: SYSTEM State: NA Local Address: VENTO:NETBIOS-NS Remote Address: NA Type: UDP Process: SYSTEM State: NA Local Address: VENTO:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: VENTO:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: VENTO:1202 Remote Address: NA Type: UDP Process: C:\Program Files\Internet Explorer\iexplore.exe State: NA Local Address: VENTO:1053 Remote Address: NA Type: UDP Process: C:\Program Files\Internet Explorer\iexplore.exe State: NA Local Address: VENTO:1036 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: VENTO:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: VENTO:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: VENTO:1025 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: VENTO:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: VENTO:MICROSOFT-DS Remote Address: NA Type: UDP Process: SYSTEM State: NA ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\GameExplorer\{F248ADFA-64E0-4B03-8A83-059078BED6A0}\PlayTasks\1\Les Sims™ 2 Status: Hidden Object: C:\Documents and Settings\SESSION XP\Application Data\SecuROM\UserData\???????????p????????? Status: Hidden Object: C:\Documents and Settings\SESSION XP\Application Data\SecuROM\UserData\???????????p????????? Status: Hidden Object: C:\Documents and Settings\SESSION XP\Favoris\YouTube zoé\YouTube - Barbapapa 10 - Le cha^teau HQ.URL Status: Hidden Object: C:\Documents and Settings\SESSION XP\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 Status: Hidden Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\_restore{FD7007FD-6E61-4B86-85CB-4E7EEC6DD628} Status: Access denied

Bonsoir, J'ai telecharger Sysprot mais il m'affiche un message d'erreur : Fail to start service.Sysprot antirookit needs to be run with Admin privileges. Sachant que je suis avec ma session Administrateur en mode sans echec. Il m'a toutefois fourni un log mais ne me montre aucune ligne rouge. ----- SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** No Hidden Kernel Modules found ****************************************************************************************** ****************************************************************************************** No SSDT Hooks found ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** No IRP Hooks found ****************************************************************************************** ****************************************************************************************** Ports: Local Address: VENTO:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: 4 (PID) State: LISTENING Local Address: VENTO:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: 4 (PID) State: LISTENING Local Address: VENTO:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: 1300 (PID) State: LISTENING Local Address: VENTO:138 Remote Address: NA Type: UDP Process: 4 (PID) State: NA Local Address: VENTO:NETBIOS-NS Remote Address: NA Type: UDP Process: 4 (PID) State: NA Local Address: VENTO:1324 Remote Address: NA Type: UDP Process: 384 (PID) State: NA Local Address: VENTO:MICROSOFT-DS Remote Address: NA Type: UDP Process: 4 (PID) State: NA ****************************************************************************************** ****************************************************************************************** No hidden files/folders found Je viens de tester clic droit executer en tant que... et il me signale que ce service ne peut être démarrer en mode sans echec.

et voici le rapport de ma seconde session ---- Fix Navipromo version 4.0.9 commencé le 08/08/2010 22:13:20,54 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\navilog1 Mise à jour le 21.06.2010 à 18h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3800+ ) BIOS : Award Modular BIOS v6.00PG USER : SESSION XP ( Administrator ) BOOT : Fail-safe with network boot Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:48 Go (Free:16 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:368 Go (Free:59 Go) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (Local Disk) - NTFS - Total:149 Go (Free:148 Go) R:\ (Local Disk) - NTFS - Total:48 Go (Free:48 Go) Recherche executée en mode sans échec Aucune Infection Navipromo/Egdaccess trouvée

Désolé je n'ai pas vu votre précédent message. Voila le résulat de cleannavi ---- Outil exécuté depuis C:\navilog1 Mise à jour le 21.06.2010 à 18h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3800+ ) BIOS : Award Modular BIOS v6.00PG USER : Administrateur ( Administrator ) BOOT : Fail-safe with network boot Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:48 Go (Free:16 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:368 Go (Free:59 Go) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (Local Disk) - NTFS - Total:149 Go (Free:148 Go) R:\ (Local Disk) - NTFS - Total:48 Go (Free:48 Go) Recherche executée en mode sans échec Aucune Infection Navipromo/Egdaccess trouvée *** Scan terminé 08/08/2010 22:00:16,06 ***

voila le résultat ---- ############################## | UsbFix 7.019 | [Recherche] Utilisateur: Administrateur (Administrateur) # VENTO [ ] Mis à jour le 03/08/10 par El Desaparecido / C_XX Lancé à 21:30:56 | 08/08/2010 Site Web: Bienvenue dans nos Pages Persos Contact: FindyKill.Contact@gmail.com CPU: AMD Athlon 64 Processor 3800+ Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Activé Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | (!) Outdated] RAM -> 3071 Mo C:\ (%systemdrive%) -> Disque fixe # 49 Go (15 Go libre(s) - 30%) [sYSTEM XP] # NTFS D:\ -> CD-ROM E:\ -> Disque fixe # 368 Go (60 Go libre(s) - 16%) [DATA] # NTFS F:\ -> CD-ROM G:\ -> CD-ROM H:\ -> Disque fixe # 149 Go (149 Go libre(s) - 100%) [sGT149Go] # NTFS I:\ -> Disque amovible # 7 Go (3 Go libre(s) - 40%) [TRANSCEND] # FAT32 J:\ -> Disque amovible # 2 Go (2 Go libre(s) - 100%) [] # FAT R:\ -> Disque fixe # 49 Go (49 Go libre(s) - 100%) [sAVE SYSTEM] # NTFS Z:\ -> Disque fixe # 931 Go (461 Go libre(s) - 49%) [MEMUP1TB] # FAT32 ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | je vaccine et je desinstalle usbfix

J'ai rebooter et toujours pas d'amélioration. Je suis obligé de rester en modes sans echec. J'effectue ton test avec USBFIX.

Merci pear, j'ai essayé de suivre ton descriptif voila le résultat de test mbam Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4406 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 08/08/2010 17:08:47 mbam-log-2010-08-08 (17-08-47).txt Type d'examen: Examen rapide Elément(s) analysé(s): 151618 Temps écoulé: 4 minute(s), 57 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\SESSION XP\Local Settings\Application Data\hjtvwybc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\SESSION XP\Local Settings\Application Data\hjtvwybc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\SESSION XP\Local Settings\Application Data\hjtvwybc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\SESSION XP\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully. ---- Il me demande de rebooter... je m'execute

Bonjour à tous, C'est, comme sans doute la pluspart d'entre vous, la nécessité qui m'a fait trouver ce forum sur le web. Et j'en suis ravi. J'ai depuis 3 jours un problème avec un rootkit. Sur une mise à jour de firefox l'affichage "sauté", des écrans noirs par intermittences. j'ai rebooter et là même lors des lignes d'affichages de la detection des disques, certains caractères apparaissaient colorés curieusement. Puis lors du boot de Windows les graphismes étaient épouvantables voir incompréhensibles ( lignes horizontales hachurées ) Ma première démarche fut d'effecter un restauration de système. Ce qui a très bien fonctionné...pendant une journée ! Hier, le même problème est survenu de nouveau. J'ai hésite avant de rechercher un virus car j'ai cru à un pépin de carte video, la mienne aura bientôt 4 ans, mais en fouillant sur les forum, vos propos sur les "malwares" m'ont interpellés, car mon antivirus est avast et après un scan minutieux il m'a détecté ceci : win32:Rootkit-gen[RTK] 1 fois win32:Trojan-gen {OTHER} 3 fois VBS:Malware-gen 2 fois dans des fichiers autorun.inf Win32:Adware-gen 1 fois Je sollicite aujourd'hui votre aide en toute humilité. Je suis maintenant en mode sans échec j'ai installé Hijackthis et ai renommé le fichier exe ( j'ai lu ça qqlpart) et je vous transmets son rapport : ---- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:51:13, on 08/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Documents and Settings\Administrateur.VENTO.000\Bureau\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [uSBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet] nwiz.exe /installquiet O4 - HKLM\..\RunOnce: [NvRegisterMCTrayNview] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp c:\progra~1\NVIDIA~1\nview\nView.dll O4 - HKLM\..\RunOnce: [NvRegisterMCTray] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvMCRegisterApp C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\RunOnce: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235583541546 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237623531359 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9676 bytes Merci d'avance