infection: Rootkit.Win32.Agent.eg

surfactory83

1 Mai 2007 17:37:43

Bonjour à tous je dispose de l'antivirus kaspersky et lorsqu'il analyse mon ordinateur il trouve un rootkit nommé:
Rootkit.Win32.Agent.eg
l'antivirus me dit qu'il est supprimé cependant lorsqu'il analyse
après il le trouve encore. Donc je ne sais pas quoi faire pour l'éradiquer. Quelqu'un aurait il une solution à mon problème?
c'est le fichier:
c:\windows\system32\drivers\fbapi.sys

Autres pages sur : infection rootkit win32 agent

| Etre averti des réponses
| Alerter

Répondre à surfactory83

surfactory83

1 Mai 2007 17:55:11

Personne ne veut m'aider???
s'il vous plait c'est hyper important!!

| Alerter

Répondre à surfactory83

Angeldark

1 Mai 2007 17:55:59

Tu peux patienter ?

Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

AIDE : Tuto en vidéo sur Hijackthis

| Alerter

Répondre à Angeldark

surfactory83

2 Mai 2007 18:42:43

Merci voici mon scan:

Logfile of HijackThis v1.99.1
Scan saved at 20:41:38, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\AMBIANCE\Application Data\SopCast\adv\SopAdver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AMBIANCE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVStation Premium 3.7] "C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe"
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{382A3342-6A97-483D-B7F1-03BB029AA6F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEF8D3-A85E-4E06-BEA0-B9E03A7D8058}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

| Alerter

Répondre à surfactory83

Angeldark

2 Mai 2007 18:52:38

Que donne le scan en mode sans échec ?

| Alerter

Répondre à Angeldark

surfactory83

5 Mai 2007 12:18:38

voici le nouveau scan en mode sans echec:

Logfile of HijackThis v1.99.1
Scan saved at 14:17:04, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\AMBIANCE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVStation Premium 3.7] "C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe"
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{382A3342-6A97-483D-B7F1-03BB029AA6F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEF8D3-A85E-4E06-BEA0-B9E03A7D8058}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

| Alerter

Répondre à surfactory83

Angeldark

5 Mai 2007 12:23:39

Pas Hijackthis, Kaspersky.

| Alerter

Répondre à Angeldark

surfactory83

5 Mai 2007 17:04:21

même en mode sans échec kasperky trouve le rootkit:voici le résultat:

supprimé : cheval de Troie Rootkit.Win32.Agent.eg Le fichier: c:\windows\system32\drivers\fbapi.sys

| Alerter

Répondre à surfactory83

Darkparadise

5 Mai 2007 17:11:51

Excusez-moi mais pouvez vous me dire si winpatch.exe dans System32 est dangeureux ? car je viens de m'apercevoir qu'il s'est crée tout seul.

| Alerter

Répondre à Darkparadise

surfactory83

5 Mai 2007 17:50:37

Je ne voit pas de quoi vous voulez parlez. Vous ne vous etes pas trompé de sujet.?

| Alerter

Répondre à surfactory83

Angeldark

6 Mai 2007 10:41:05

Citation :

supprimé : cheval de Troie Rootkit.Win32.Agent.eg Le fichier: c:\windows\system32\drivers\fbapi.sys

Il ne doit plus être présent, non ?

| Alerter

Répondre à Angeldark

surfactory83

6 Mai 2007 16:50:43

je suis d'accord mais pourquoi a chaque analyse il apparait de nouveau.

| Alerter

Répondre à surfactory83

Angeldark

6 Mai 2007 16:52:01

Il apparait encore ?

Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.

A la fin du scan, NE TOUCHE A RIEN !

Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.

Poste le rapport sur le forum.

AIDE : Tuto sur BlackLight (Malekal)

| Alerter

Répondre à Angeldark

surfactory83

7 Mai 2007 21:36:56

voici mon scan f-secure:

05/07/07 21:31:28 [Info]: BlackLight Engine 1.0.61 initialized
05/07/07 21:31:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/07/07 21:31:28 [Note]: 7019 4
05/07/07 21:31:28 [Note]: 7005 0
05/07/07 21:31:39 [Note]: 7006 0
05/07/07 21:31:39 [Note]: 7011 472
05/07/07 21:31:40 [Note]: 7026 0
05/07/07 21:31:40 [Note]: 7026 0
05/07/07 21:31:44 [Note]: FSRAW library version 1.7.1021
05/07/07 21:38:17 [Note]: 2000 1012

| Alerter

Répondre à surfactory83

Angeldark

8 Mai 2007 13:49:35

Le fichier est toujours présent ?
Reposte un rapport Hijackthis.

| Alerter

Répondre à Angeldark

surfactory83

8 Mai 2007 18:49:47

Je ne sais pas si il est toujours présent quand je le cherche avec l'explorateur windows je ne le trouve pas. Mais il est peut être caché.

voici le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:48:47, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AMBIANCE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVStation Premium 3.7] "C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe"
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{382A3342-6A97-483D-B7F1-03BB029AA6F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEF8D3-A85E-4E06-BEA0-B9E03A7D8058}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

| Alerter

Répondre à surfactory83

Angeldark

8 Mai 2007 18:50:59

Kaspersky le détecte ?

| Alerter

Répondre à Angeldark

surfactory83

12 Mai 2007 20:27:56

Oui kaspersky trouve toujours le fichier mais je ne sais pas si il l'a supprimé?

| Alerter

Répondre à surfactory83

Angeldark

12 Mai 2007 21:46:04

J'aimerais vérifier qq chose.

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

| Alerter

Répondre à Angeldark

surfactory83

13 Mai 2007 16:06:38

voici le rapport:

"AMBIANCE" - 2007-05-13 18:02:09 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Program Files\Mozilla Firefox\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))

2007-05-02 16:04 <REP> d-------- C:\Program Files\SopCast
2007-05-02 16:04 <REP> d-------- C:\DOCUME~1\AMBIANCE\APPLIC~1\SopCast
2007-04-22 19:20 <REP> d-------- C:\Program Files\PiMPWare
2007-04-22 12:42 <REP> d-------- C:\Program Files\Red Kawa
2007-04-14 21:15 <REP> d-------- C:\Program Files\ToniArts
2007-04-14 00:23 <REP> d-------- C:\Program Files\iTunes
2007-04-14 00:10 <REP> d-------- C:\Program Files\yam-win

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-13 16:02:21 -------- d-----w C:\Program Files\Kaspersky Lab
2007-05-13 15:26:28 76,582 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-13 15:26:28 471,484 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-02 21:35:09 -------- d-----w C:\Program Files\eMule
2007-05-01 11:45:55 3,084 ----a-w C:\WINDOWS\mozver.dat
2007-04-14 19:22:08 -------- d-----w C:\Program Files\FlashGet
2007-04-14 19:21:25 -------- d-----w C:\Program Files\Dactylo
2007-04-14 19:15:36 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-13 22:23:46 -------- d-----w C:\Program Files\iPod
2007-03-28 17:16:17 -------- d-----w C:\DOCUME~1\AMBIANCE\APPLIC~1\Lavasoft
2007-03-28 17:16:12 -------- d-----w C:\Program Files\Lavasoft
2007-03-22 20:44:29 -------- d-----w C:\Program Files\QuickTime
2007-03-22 20:42:35 -------- d-----w C:\Program Files\Apple Software Update
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-13 18:20:46 -------- d-----w C:\DOCUME~1\AMBIANCE\APPLIC~1\AdobeUM
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 18:04:55 -------- d-----w C:\Program Files\Copernic Desktop Search 2
2007-03-05 19:19:14 -------- d-----w C:\Program Files\DivX
2007-03-05 13:26:00 -------- d-----w C:\Program Files\Spamihilator
2007-02-23 04:29:58 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-02-23 04:29:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 04:29:49 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-02-23 04:29:49 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-02-23 04:25:24 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-02-23 04:25:24 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-02-23 04:25:23 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 04:25:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 04:25:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-02-23 04:25:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 04:25:19 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 04:25:19 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-07 18:12:45 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-02-07 18:12:45 253,952 ------w C:\WINDOWS\Setup1.exe
2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2007-02-05 18:46:35 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 16:19]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 19:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 11:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"AVStation Premium 3.7"="\"C:\\Program Files\\Samsung\\AVStation Premium 3.7\\AVSAgent.exe\""
"MagicKeyboard"="C:\\Program Files\\SAMSUNG\\MagicKBD\\PreMKBD.exe"
"BatteryManager"="C:\\Program Files\\Samsung\\Samsung Battery Manager\\BatteryManager.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"DisplayManager"="C:\\Program Files\\Samsung\\DisplayManager\\DMLoader.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
"kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-14 10:30]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-14 10:31]
"AGRSMMSG"="AGRSMMSG.exe" [])
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"AVStation Premium 3.7"="C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe" [2006-01-09 12:04]
"MagicKeyboard"="C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 14:01]
"BatteryManager"="C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-01-24 10:31]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"DisplayManager"="C:\Program Files\Samsung\DisplayManager\DMLoader.exe" [2005-11-16 12:13]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [])
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 15:43]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 20:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-02-06 14:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning."=dword:00000001
"NoInstrumentation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\copernic desktop search 2
"C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp software update
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpdj taskbar utility
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hphmon05
C:\WINDOWS\system32\hphmon05.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hphupd05
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldm
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltmoh
C:\Program Files\ltmoh\Ltmoh.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opwarese4
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsuitetrayapplication
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realtray
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sidewindertrayv4
C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmax
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmaxpnp
C:\Program Files\Analog Devices\Core\smax4pnp.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ssbkgdupdate
"C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syntpenh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thrusttsr
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatemgr
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
Usnsvc usnsvc\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070414-214756-739
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20070414-214756-729
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
backup-20070414-214756-551
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
backup-20070414-214756-519
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
backup-20070414-214756-416
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20070414-214756-914
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
backup-20070414-214007-672
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
backup-20070414-214007-446
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
backup-20070414-214007-208
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
backup-20070414-214007-408
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
backup-20070414-214007-329
O18 - Protocol: bwz0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-856
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (file missing)
backup-20070414-214007-931
O18 - Protocol: bwz0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-908
O18 - Protocol: bwy0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-175
O18 - Protocol: bwx0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-545
O18 - Protocol: bww0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-528
O18 - Protocol: bwx0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-293
O18 - Protocol: bww0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-470
O18 - Protocol: bwy0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-755
O18 - Protocol: bwu0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-462
O18 - Protocol: bwv0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-214
O18 - Protocol: bwt0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-541
O18 - Protocol: bwv0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-733
O18 - Protocol: bwu0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-754
O18 - Protocol: bws0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-600
O18 - Protocol: bwr0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-870
O18 - Protocol: bwq0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-262
O18 - Protocol: bwr0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-707
O18 - Protocol: bwt0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-277
O18 - Protocol: bws0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-244
O18 - Protocol: bwo0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-603
O18 - Protocol: bwq0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-515
O18 - Protocol: bwp0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-571
O18 - Protocol: bwo0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-966
O18 - Protocol: bwp0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-268
O18 - Protocol: bwm0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-898
O18 - Protocol: bwn0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-748
O18 - Protocol: bwm0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-592
O18 - Protocol: bwn0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-428
O18 - Protocol: bwl0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-113
O18 - Protocol: bwi0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-843
O18 - Protocol: bwl0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-463
O18 - Protocol: bwk0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-478
O18 - Protocol: bwj0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-773
O18 - Protocol: bwk0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-228
O18 - Protocol: bwj0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-618
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
backup-20070414-214007-109
O18 - Protocol: bwh0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-974
O18 - Protocol: bwi0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-302
O18 - Protocol: bwh0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-334
O18 - Protocol: bwg0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-323
O18 - Protocol: bwg0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-621
O18 - Protocol: bwd0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-322
O18 - Protocol: bwf0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-565
O18 - Protocol: bwe0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-952
O18 - Protocol: bwe0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-204
O18 - Protocol: bwd0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-212
O18 - Protocol: bwf0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-784
O18 - Protocol: bwb0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-155
O18 - Protocol: bwc0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-343
O18 - Protocol: bwa0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-965
O18 - Protocol: bwc0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-756
O18 - Protocol: bwb0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-310
O18 - Protocol: bw70s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-341
O18 - Protocol: bw70 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-242
O18 - Protocol: bw90s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-316
O18 - Protocol: bw90 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-730
O18 - Protocol: bw80 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-203
O18 - Protocol: bw80s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-466
O18 - Protocol: bwa0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-333
O18 - Protocol: bw40 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-213
O18 - Protocol: bw50s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-441
O18 - Protocol: bw50 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-163
O18 - Protocol: bw60 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-398
O18 - Protocol: bw60s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-943
O18 - Protocol: bw40s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-990
O18 - Protocol: bw30 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-604
O18 - Protocol: bw30s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-346
O18 - Protocol: bw20s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-400
O18 - Protocol: bw10s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-876
O18 - Protocol: bw10 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-830
O18 - Protocol: bw20 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-854
O18 - Protocol: bw00 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-861
O18 - Protocol: bw-0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-608
O18 - Protocol: bw00s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-993
O18 - Protocol: bw+0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-192
O18 - Protocol: bw-0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214007-153
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070414-214007-195
O18 - Protocol: bw+0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070414-214006-549
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070414-214006-843
O4 - Global Startup: BTTray.lnk = ?
backup-20070414-214006-154
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
backup-20070414-214006-926
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 18:05:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-13 18:05:34
C:\ComboFix-quarantined-files.txt ... 2007-05-13 18:05

| Alerter

Répondre à surfactory83

Angeldark

13 Mai 2007 16:21:39

Reposte un rapport Hijackthis0

| Alerter

Répondre à Angeldark

surfactory83

13 Mai 2007 16:31:31

Logfile of HijackThis v1.99.1
Scan saved at 18:31:03, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\AMBIANCE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVStation Premium 3.7] "C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe"
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{382A3342-6A97-483D-B7F1-03BB029AA6F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEF8D3-A85E-4E06-BEA0-B9E03A7D8058}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

| Alerter

Répondre à surfactory83

Angeldark

13 Mai 2007 16:36:08

Toujours la détection ,

| Alerter

Répondre à Angeldark

surfactory83

13 Mai 2007 17:00:07

Oui toujours

| Alerter

Répondre à surfactory83

Angeldark

13 Mai 2007 17:00:46

Tu peux analyser le fichier sur VirusTotal.com ?

| Alerter

Répondre à Angeldark

surfactory83

13 Mai 2007 17:05:07

jaimerais bien mais le fichier c:\windows\system32\drivers\fbapi.sys
est introuvable

| Alerter

Répondre à surfactory83

Angeldark

13 Mai 2007 17:07:03

- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation

Et maintenant ?

| Alerter

Répondre à Angeldark

surfactory83

13 Mai 2007 17:15:19

Non toujours pas

| Alerter

Répondre à surfactory83

Angeldark

13 Mai 2007 17:17:57

Colle simplement l'emplacement dans la case d'analyse.

| Alerter

Répondre à Angeldark

surfactory83

13 Mai 2007 17:33:05

c'est à dire??

| Alerter

Répondre à surfactory83

Angeldark

13 Mai 2007 17:35:19

c:\windows\system32\drivers\fbapi.sys
-> à coller dans la case devant parcourir

| Alerter

Répondre à Angeldark

surfactory83

13 Mai 2007 18:07:46

non il ne trouve pas

| Alerter

Répondre à surfactory83

Angeldark

13 Mai 2007 18:15:08

Il n'est plus présent alors...
Comprend plus rien...

| Alerter

Répondre à Angeldark

surfactory83

13 Mai 2007 18:39:20

Quand kaspersky le trouve ce n'est pas lors d'une analyse mais lors de l'analyse des fichiers au démérage il le fait tout le tepms dès que j'allume l'ordi. ensuite il me dit à chaque fois:
supprimé : cheval de Troie Rootkit.Win32.Agent.eg Le fichier: c:\windows\system32\drivers\fbapi.sys
donc je me dis qu'il est supprimé mais le problème c'est qu'il réapparait à chaque fois donc je ne sais pas si il l'a supprimé ou pas

| Alerter

Répondre à surfactory83

Angeldark

13 Mai 2007 18:56:36

Tu peux faire un scan en ligne Panda et me poster le rapport ?

| Alerter

Répondre à Angeldark

surfactory83

14 Mai 2007 05:17:48

Incident Statut Analyse

Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.overture.com/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.hg1.hitbox.com/]
Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adviva No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.adviva.net/]
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[fe.lea.lycos.fr/]
Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[server.iad.liveperson.net/hc/67428397]
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[server.iad.liveperson.net/]
Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\AMBIANCE\Bureau\ComboFix.exe[ComboFixT\nircmd.exe]
Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@toplist[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[3].txt
Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe

| Alerter

Répondre à surfactory83

Angeldark

14 Mai 2007 10:32:47

Re,

Supprime ce fichier :
C:\WINDOWS\nircmd.exe

| Alerter

Répondre à Angeldark

surfactory83

14 Mai 2007 18:21:29

l'analyse panda m'a dit que j'ai un rootkit et 39 logiciel espion

| Alerter

Répondre à surfactory83

Angeldark

14 Mai 2007 19:45:03

Poste le rapport.

| Alerter

Répondre à Angeldark

surfactory83

14 Mai 2007 19:47:33

Incident Statut Analyse

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.adtech.de/]
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.overture.com/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.hg1.hitbox.com/]
Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adviva No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.adviva.net/]
Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[fe.lea.lycos.fr/]
Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[server.iad.liveperson.net/hc/67428397]
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[server.iad.liveperson.net/]
Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\AMBIANCE\Bureau\ComboFix.exe[ComboFixT\nircmd.exe]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@doubleclick[1].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@mediaplex[1].txt
Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@toplist[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[3].txt