Se connecter / S'enregistrer
Votre question

infection: Rootkit.Win32.Agent.eg

Tags :
  • Agent
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Mai 2007 19:37:43

Bonjour à tous je dispose de l'antivirus kaspersky et lorsqu'il analyse mon ordinateur il trouve un rootkit nommé:
Rootkit.Win32.Agent.eg
l'antivirus me dit qu'il est supprimé cependant lorsqu'il analyse
après il le trouve encore. Donc je ne sais pas quoi faire pour l'éradiquer. Quelqu'un aurait il une solution à mon problème?
c'est le fichier:
c:\windows\system32\drivers\fbapi.sys

Autres pages sur : infection rootkit win32 agent

1 Mai 2007 19:55:11

Personne ne veut m'aider???
s'il vous plait c'est hyper important!! :( 
a b 8 Sécurité
1 Mai 2007 19:55:59

Tu peux patienter ?

Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


AIDE : Tuto en vidéo sur Hijackthis
Contenus similaires
2 Mai 2007 20:42:43

Merci voici mon scan:

Logfile of HijackThis v1.99.1
Scan saved at 20:41:38, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\AMBIANCE\Application Data\SopCast\adv\SopAdver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AMBIANCE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVStation Premium 3.7] "C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe"
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{382A3342-6A97-483D-B7F1-03BB029AA6F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEF8D3-A85E-4E06-BEA0-B9E03A7D8058}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

a b 8 Sécurité
2 Mai 2007 20:52:38

Que donne le scan en mode sans échec ?
5 Mai 2007 14:18:38

voici le nouveau scan en mode sans echec:

Logfile of HijackThis v1.99.1
Scan saved at 14:17:04, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\AMBIANCE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVStation Premium 3.7] "C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe"
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{382A3342-6A97-483D-B7F1-03BB029AA6F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEF8D3-A85E-4E06-BEA0-B9E03A7D8058}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

a b 8 Sécurité
5 Mai 2007 14:23:39

Pas Hijackthis, Kaspersky.
5 Mai 2007 19:04:21

même en mode sans échec kasperky trouve le rootkit:voici le résultat:

supprimé : cheval de Troie Rootkit.Win32.Agent.eg Le fichier: c:\windows\system32\drivers\fbapi.sys
5 Mai 2007 19:11:51

Excusez-moi mais pouvez vous me dire si winpatch.exe dans System32 est dangeureux ? car je viens de m'apercevoir qu'il s'est crée tout seul.
5 Mai 2007 19:50:37

Je ne voit pas de quoi vous voulez parlez. Vous ne vous etes pas trompé de sujet.?
a b 8 Sécurité
6 Mai 2007 12:41:05

Citation :
supprimé : cheval de Troie Rootkit.Win32.Agent.eg Le fichier: c:\windows\system32\drivers\fbapi.sys

Il ne doit plus être présent, non ?
6 Mai 2007 18:50:43

je suis d'accord mais pourquoi a chaque analyse il apparait de nouveau.
a b 8 Sécurité
6 Mai 2007 18:52:01

Il apparait encore ?

Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.

A la fin du scan, NE TOUCHE A RIEN !

Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.

Poste le rapport sur le forum.

AIDE : Tuto sur BlackLight (Malekal)
7 Mai 2007 23:36:56

voici mon scan f-secure:

05/07/07 21:31:28 [Info]: BlackLight Engine 1.0.61 initialized
05/07/07 21:31:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/07/07 21:31:28 [Note]: 7019 4
05/07/07 21:31:28 [Note]: 7005 0
05/07/07 21:31:39 [Note]: 7006 0
05/07/07 21:31:39 [Note]: 7011 472
05/07/07 21:31:40 [Note]: 7026 0
05/07/07 21:31:40 [Note]: 7026 0
05/07/07 21:31:44 [Note]: FSRAW library version 1.7.1021
05/07/07 21:38:17 [Note]: 2000 1012
a b 8 Sécurité
8 Mai 2007 15:49:35

Le fichier est toujours présent ?
Reposte un rapport Hijackthis.
8 Mai 2007 20:49:47

Je ne sais pas si il est toujours présent quand je le cherche avec l'explorateur windows je ne le trouve pas. Mais il est peut être caché.

voici le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:48:47, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AMBIANCE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVStation Premium 3.7] "C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe"
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{382A3342-6A97-483D-B7F1-03BB029AA6F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEF8D3-A85E-4E06-BEA0-B9E03A7D8058}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

a b 8 Sécurité
8 Mai 2007 20:50:59

Kaspersky le détecte ?
12 Mai 2007 22:27:56

Oui kaspersky trouve toujours le fichier mais je ne sais pas si il l'a supprimé?
a b 8 Sécurité
12 Mai 2007 23:46:04

J'aimerais vérifier qq chose.

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    13 Mai 2007 18:06:38

    voici le rapport:

    "AMBIANCE" - 2007-05-13 18:02:09 Service Pack 2
    ComboFix 07-05.13.V - Running from: "C:\Program Files\Mozilla Firefox\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))


    2007-05-02 16:04 <REP> d-------- C:\Program Files\SopCast
    2007-05-02 16:04 <REP> d-------- C:\DOCUME~1\AMBIANCE\APPLIC~1\SopCast
    2007-04-22 19:20 <REP> d-------- C:\Program Files\PiMPWare
    2007-04-22 12:42 <REP> d-------- C:\Program Files\Red Kawa
    2007-04-14 21:15 <REP> d-------- C:\Program Files\ToniArts
    2007-04-14 00:23 <REP> d-------- C:\Program Files\iTunes
    2007-04-14 00:10 <REP> d-------- C:\Program Files\yam-win


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-05-13 16:02:21 -------- d-----w C:\Program Files\Kaspersky Lab
    2007-05-13 15:26:28 76,582 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-05-13 15:26:28 471,484 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-05-02 21:35:09 -------- d-----w C:\Program Files\eMule
    2007-05-01 11:45:55 3,084 ----a-w C:\WINDOWS\mozver.dat
    2007-04-14 19:22:08 -------- d-----w C:\Program Files\FlashGet
    2007-04-14 19:21:25 -------- d-----w C:\Program Files\Dactylo
    2007-04-14 19:15:36 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-04-13 22:23:46 -------- d-----w C:\Program Files\iPod
    2007-03-28 17:16:17 -------- d-----w C:\DOCUME~1\AMBIANCE\APPLIC~1\Lavasoft
    2007-03-28 17:16:12 -------- d-----w C:\Program Files\Lavasoft
    2007-03-22 20:44:29 -------- d-----w C:\Program Files\QuickTime
    2007-03-22 20:42:35 -------- d-----w C:\Program Files\Apple Software Update
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-13 18:20:46 -------- d-----w C:\DOCUME~1\AMBIANCE\APPLIC~1\AdobeUM
    2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-03-06 18:04:55 -------- d-----w C:\Program Files\Copernic Desktop Search 2
    2007-03-05 19:19:14 -------- d-----w C:\Program Files\DivX
    2007-03-05 13:26:00 -------- d-----w C:\Program Files\Spamihilator
    2007-02-23 04:29:58 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-02-23 04:29:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-02-23 04:29:49 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-02-23 04:29:49 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-02-23 04:25:24 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-02-23 04:25:24 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-02-23 04:25:23 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-02-23 04:25:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-02-23 04:25:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-02-23 04:25:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-02-23 04:25:19 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-02-23 04:25:19 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-02-07 18:12:45 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-02-07 18:12:45 253,952 ------w C:\WINDOWS\Setup1.exe
    2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
    2007-02-05 18:46:35 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 16:19]
    {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 19:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {F156768E-81EF-470C-9057-481BA8380DBA}=C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 11:50]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "AVStation Premium 3.7"="\"C:\\Program Files\\Samsung\\AVStation Premium 3.7\\AVSAgent.exe\""
    "MagicKeyboard"="C:\\Program Files\\SAMSUNG\\MagicKBD\\PreMKBD.exe"
    "BatteryManager"="C:\\Program Files\\Samsung\\Samsung Battery Manager\\BatteryManager.exe"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
    "DisplayManager"="C:\\Program Files\\Samsung\\DisplayManager\\DMLoader.exe"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    "LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
    "kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-14 10:30]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-14 10:31]
    "AGRSMMSG"="AGRSMMSG.exe" [])
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
    "AVStation Premium 3.7"="C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe" [2006-01-09 12:04]
    "MagicKeyboard"="C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 14:01]
    "BatteryManager"="C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-01-24 10:31]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
    "DisplayManager"="C:\Program Files\Samsung\DisplayManager\DMLoader.exe" [2005-11-16 12:13]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [])
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 15:43]
    "kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 20:09]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-02-06 14:45]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=dword:00000001
    "AllowUnhashedWebView"=dword:00000001
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning."=dword:00000001
    "NoInstrumentation"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages msv1_0\0\0
    Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages scecli\0\0



    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\copernic desktop search 2
    "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp software update
    "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpdj taskbar utility
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hphmon05
    C:\WINDOWS\system32\hphmon05.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hphupd05
    C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
    "C:\Program Files\iTunes\iTunesHelper.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldm
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltmoh
    C:\Program Files\ltmoh\Ltmoh.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opwarese4
    "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsuitetrayapplication
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realtray
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sidewindertrayv4
    C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmax
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmaxpnp
    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ssbkgdupdate
    "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syntpenh
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thrusttsr
    C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatemgr
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter HTTPFilter\0\0
    LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService DnsCache\0\0
    DcomLaunch DcomLaunch\0TermService\0\0
    rpcss RpcSs\0\0
    imgsvc StiSvc\0\0
    termsvcs TermService\0\0
    Usnsvc usnsvc\0\0
    WudfServiceGroup WUDFSvc\0\0

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070414-214756-739
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    backup-20070414-214756-729
    O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
    backup-20070414-214756-551
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    backup-20070414-214756-519
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    backup-20070414-214756-416
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    backup-20070414-214756-914
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    backup-20070414-214007-672
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    backup-20070414-214007-446
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    backup-20070414-214007-208
    O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
    backup-20070414-214007-408
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    backup-20070414-214007-329
    O18 - Protocol: bwz0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-856
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (file missing)
    backup-20070414-214007-931
    O18 - Protocol: bwz0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-908
    O18 - Protocol: bwy0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-175
    O18 - Protocol: bwx0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-545
    O18 - Protocol: bww0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-528
    O18 - Protocol: bwx0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-293
    O18 - Protocol: bww0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-470
    O18 - Protocol: bwy0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-755
    O18 - Protocol: bwu0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-462
    O18 - Protocol: bwv0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-214
    O18 - Protocol: bwt0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-541
    O18 - Protocol: bwv0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-733
    O18 - Protocol: bwu0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-754
    O18 - Protocol: bws0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-600
    O18 - Protocol: bwr0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-870
    O18 - Protocol: bwq0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-262
    O18 - Protocol: bwr0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-707
    O18 - Protocol: bwt0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-277
    O18 - Protocol: bws0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-244
    O18 - Protocol: bwo0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-603
    O18 - Protocol: bwq0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-515
    O18 - Protocol: bwp0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-571
    O18 - Protocol: bwo0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-966
    O18 - Protocol: bwp0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-268
    O18 - Protocol: bwm0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-898
    O18 - Protocol: bwn0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-748
    O18 - Protocol: bwm0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-592
    O18 - Protocol: bwn0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-428
    O18 - Protocol: bwl0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-113
    O18 - Protocol: bwi0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-843
    O18 - Protocol: bwl0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-463
    O18 - Protocol: bwk0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-478
    O18 - Protocol: bwj0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-773
    O18 - Protocol: bwk0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-228
    O18 - Protocol: bwj0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-618
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    backup-20070414-214007-109
    O18 - Protocol: bwh0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-974
    O18 - Protocol: bwi0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-302
    O18 - Protocol: bwh0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-334
    O18 - Protocol: bwg0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-323
    O18 - Protocol: bwg0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-621
    O18 - Protocol: bwd0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-322
    O18 - Protocol: bwf0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-565
    O18 - Protocol: bwe0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-952
    O18 - Protocol: bwe0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-204
    O18 - Protocol: bwd0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-212
    O18 - Protocol: bwf0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-784
    O18 - Protocol: bwb0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-155
    O18 - Protocol: bwc0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-343
    O18 - Protocol: bwa0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-965
    O18 - Protocol: bwc0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-756
    O18 - Protocol: bwb0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-310
    O18 - Protocol: bw70s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-341
    O18 - Protocol: bw70 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-242
    O18 - Protocol: bw90s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-316
    O18 - Protocol: bw90 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-730
    O18 - Protocol: bw80 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-203
    O18 - Protocol: bw80s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-466
    O18 - Protocol: bwa0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-333
    O18 - Protocol: bw40 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-213
    O18 - Protocol: bw50s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-441
    O18 - Protocol: bw50 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-163
    O18 - Protocol: bw60 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-398
    O18 - Protocol: bw60s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-943
    O18 - Protocol: bw40s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-990
    O18 - Protocol: bw30 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-604
    O18 - Protocol: bw30s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-346
    O18 - Protocol: bw20s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-400
    O18 - Protocol: bw10s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-876
    O18 - Protocol: bw10 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-830
    O18 - Protocol: bw20 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-854
    O18 - Protocol: bw00 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-861
    O18 - Protocol: bw-0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-608
    O18 - Protocol: bw00s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-993
    O18 - Protocol: bw+0s - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-192
    O18 - Protocol: bw-0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214007-153
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    backup-20070414-214007-195
    O18 - Protocol: bw+0 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20070414-214006-549
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    backup-20070414-214006-843
    O4 - Global Startup: BTTray.lnk = ?
    backup-20070414-214006-154
    O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
    backup-20070414-214006-926
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-13 18:05:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-13 18:05:34
    C:\ComboFix-quarantined-files.txt ... 2007-05-13 18:05
    a b 8 Sécurité
    13 Mai 2007 18:21:39

    Reposte un rapport Hijackthis0
    13 Mai 2007 18:31:31

    Logfile of HijackThis v1.99.1
    Scan saved at 18:31:03, on 13/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
    C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe
    C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\AMBIANCE\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVStation Premium 3.7] "C:\Program Files\Samsung\AVStation Premium 3.7\AVSAgent.exe"
    O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
    O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O17 - HKLM\System\CCS\Services\Tcpip\..\{382A3342-6A97-483D-B7F1-03BB029AA6F4}: NameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BEF8D3-A85E-4E06-BEA0-B9E03A7D8058}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {96E7745D-A310-4153-8F2B-7E650DD4DEBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
    O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

    a b 8 Sécurité
    13 Mai 2007 18:36:08

    Toujours la détection ,
    a b 8 Sécurité
    13 Mai 2007 19:00:46

    Tu peux analyser le fichier sur VirusTotal.com ?
    13 Mai 2007 19:05:07

    jaimerais bien mais le fichier c:\windows\system32\drivers\fbapi.sys
    est introuvable
    a b 8 Sécurité
    13 Mai 2007 19:07:03

    - Assure toi d'avoir accès aux dossiers/fichiers cachés
    -> Démarrer
    -> Panneau de configuration
    -> Options des Dossiers, onglet Affichage :
    . Clique sur Afficher les dossiers cachés
    . Décoche Masquer les extensions des fichiers dont le type est connu
    . Décoche Masquer les fichiers protégés du système d'exploitation


    Et maintenant ?
    a b 8 Sécurité
    13 Mai 2007 19:17:57

    Colle simplement l'emplacement dans la case d'analyse.
    a b 8 Sécurité
    13 Mai 2007 19:35:19

    c:\windows\system32\drivers\fbapi.sys
    -> à coller dans la case devant parcourir
    a b 8 Sécurité
    13 Mai 2007 20:15:08

    Il n'est plus présent alors...
    Comprend plus rien...
    13 Mai 2007 20:39:20

    Quand kaspersky le trouve ce n'est pas lors d'une analyse mais lors de l'analyse des fichiers au démérage il le fait tout le tepms dès que j'allume l'ordi. ensuite il me dit à chaque fois:
    supprimé : cheval de Troie Rootkit.Win32.Agent.eg Le fichier: c:\windows\system32\drivers\fbapi.sys
    donc je me dis qu'il est supprimé mais le problème c'est qu'il réapparait à chaque fois donc je ne sais pas si il l'a supprimé ou pas
    a b 8 Sécurité
    13 Mai 2007 20:56:36

    :/ 
    Tu peux faire un scan en ligne Panda et me poster le rapport ?
    14 Mai 2007 07:17:48


    Incident Statut Analyse

    Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.weborama.fr/]
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.weborama.fr/]
    Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[fl01.ct2.comclick.com/]
    Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.overture.com/]
    Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.hg1.hitbox.com/]
    Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bfast.com/]
    Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Adviva No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.adviva.net/]
    Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[fe.lea.lycos.fr/]
    Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[server.iad.liveperson.net/hc/67428397]
    Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[server.iad.liveperson.net/]
    Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\AMBIANCE\Bureau\ComboFix.exe[ComboFixT\nircmd.exe]
    Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@toplist[1].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[1].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[2].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[3].txt
    Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe
    a b 8 Sécurité
    14 Mai 2007 12:32:47

    Re,

    Supprime ce fichier :
    C:\WINDOWS\nircmd.exe
    14 Mai 2007 20:21:29

    l'analyse panda m'a dit que j'ai un rootkit et 39 logiciel espion
    a b 8 Sécurité
    14 Mai 2007 21:45:03

    Poste le rapport.
    14 Mai 2007 21:47:33


    Incident Statut Analyse

    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[fl01.ct2.comclick.com/]
    Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.weborama.fr/]
    Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.overture.com/]
    Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.hg1.hitbox.com/]
    Spyware:Cookie/Bfast No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.bfast.com/]
    Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Adviva No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.adviva.net/]
    Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[fe.lea.lycos.fr/]
    Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[server.iad.liveperson.net/hc/67428397]
    Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\AMBIANCE\Application Data\Mozilla\Firefox\Profiles\xuznt8yk.default\cookies.txt[server.iad.liveperson.net/]
    Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\AMBIANCE\Bureau\ComboFix.exe[ComboFixT\nircmd.exe]
    Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@doubleclick[1].txt
    Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@mediaplex[1].txt
    Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@toplist[1].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[1].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[2].txt
    Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\AMBIANCE\Cookies\ambiance@xiti[3].txt
    14 Mai 2007 21:48:24

    j'ai supprimé celui que vous m'avez dit de supprimer auparavant
    a b 8 Sécurité
    14 Mai 2007 21:51:25

    Rien de méchant, que des cookies.
    14 Mai 2007 22:24:39

    ok donc mon ordinateur est ok
    a b 8 Sécurité
    14 Mai 2007 22:25:32

    Oui apparemment.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS