talkbox70

bonjour depuis que j'ai installé des codecs video mon application HCENc v0.23 (encodage video) plante , et ce malgré avoir desinstallé tous les codecs , auparavant le soft (HCEnc) fonctionnait à merveille , voici une copie ecran du message d'erreur : (desolé j'ai pas pu inserer l'image merci de m'indiquer la methode à suivre) merci d'avance.

merci pang pour ce complement d'informations

alors personne pour m'aider ?

merci d'avoir repondu PANG , c'est le XP pro quand tu dit le compte invité , il faut les creer sur les 2 machines , et si c le cas il ya surement d'autres parametres à modifier non ? ya pas moyen d'eviter les comptes / mots de passe ?

bonjour voici mon probleme : je n'arrive pas à acceder à mes fichiers partagés qui se trouvent sur mon desktop XP à partir de mon laptop VISTA , certes j'arrive à voir le desktop XP mais quand je clic dessus , il ya un mot de passe qui est demandé , or j'ai supprimé toutes les sessions , d'un coté comme de l'autres le message suivant s'affiche : ...n'est pas accessible. Vous ne disposez peut-être pas des autorisations nécéssaires pour utiliser cette resource réseau... je n'ai pas accès aussi à la connexion internet , par contre je peux acceder à mes fichier qui se trouvent sur mon laptop VISTA à partir du desktop XP. plus de details : meme groupe de travail (MSHOME) ma connexion internet : ADSL modem USB sur le desktop XP les cartes reseaux sont configurés correctement ( 192.168.0.1 pour PC 1 XP , et 192.168.0.2 pour PC 2 VISTA masque sous reseau 255.255.255.0 etc...) le ping fonctionne correctement dans les 2 sens. les pare feux sont desactivés , cependant sur le laptop XP j'ai AVAST , et je ne l'ai pas desactivé car etant connceté je redoute des problemes. j'espere avoir donné tous les renseignements necessaires merci d'avance

voici le rapport EWIDO : __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.247realmedia Path: C:\Documents and Settings\talkbox\Cookies\talkbox@247realmedia[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\talkbox\Cookies\talkbox@2o7[1].txt Risk: Medium Name: TrackingCookie.Adition Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ad.adition[2].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ad.yieldmanager[2].txt Risk: Medium Name: TrackingCookie.Clickhype Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ad1.clickhype[1].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adbrite[2].txt Risk: Medium Name: TrackingCookie.Euroclick Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adopt.euroclick[2].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adrevolver[3].txt Risk: Medium Name: TrackingCookie.Pointroll Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ads.pointroll[1].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adtech[2].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\talkbox\Cookies\talkbox@advertising[1].txt Risk: Medium Name: TrackingCookie.Adviva Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adviva[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\talkbox\Cookies\talkbox@aimfar.solution.weborama[1].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\talkbox\Cookies\talkbox@atdmt[2].txt Risk: Medium Name: TrackingCookie.Msn Path: C:\Documents and Settings\talkbox\Cookies\talkbox@auto.search.msn[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\talkbox\Cookies\talkbox@banquepopulaire.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\talkbox\Cookies\talkbox@bluestreak[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\talkbox\Cookies\talkbox@bs.serving-sys[2].txt Risk: Medium Name: TrackingCookie.Casalemedia Path: C:\Documents and Settings\talkbox\Cookies\talkbox@casalemedia[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\talkbox\Cookies\talkbox@cetelem.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Xhit Path: C:\Documents and Settings\talkbox\Cookies\talkbox@count.xhit[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\talkbox\Cookies\talkbox@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\talkbox\Cookies\talkbox@dynamic.media.adrevolver[1].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ehg-cardomain.hitbox[1].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ehg-fifa.hitbox[2].txt Risk: Medium Name: TrackingCookie.Estat Path: C:\Documents and Settings\talkbox\Cookies\talkbox@estat[1].txt Risk: Medium Name: TrackingCookie.Fastclick Path: C:\Documents and Settings\talkbox\Cookies\talkbox@fastclick[1].txt Risk: Medium Name: TrackingCookie.Comclick Path: C:\Documents and Settings\talkbox\Cookies\talkbox@fl01.ct2.comclick[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\talkbox\Cookies\talkbox@fnacmagasin.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\talkbox\Cookies\talkbox@guigoz.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\talkbox\Cookies\talkbox@himedia.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Gemius Path: C:\Documents and Settings\talkbox\Cookies\talkbox@hit.gemius[2].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\talkbox\Cookies\talkbox@hitbox[2].txt Risk: Medium Name: TrackingCookie.Hotlog Path: C:\Documents and Settings\talkbox\Cookies\talkbox@hotlog[1].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\talkbox\Cookies\talkbox@m.webtrends[2].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\talkbox\Cookies\talkbox@media.adrevolver[1].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\talkbox\Cookies\talkbox@mediaplex[1].txt Risk: Medium Name: TrackingCookie.Overture Path: C:\Documents and Settings\talkbox\Cookies\talkbox@overture[1].txt Risk: Medium Name: TrackingCookie.Overture Path: C:\Documents and Settings\talkbox\Cookies\talkbox@perf.overture[1].txt Risk: Medium Name: TrackingCookie.Questionmarket Path: C:\Documents and Settings\talkbox\Cookies\talkbox@questionmarket[2].txt Risk: Medium Name: TrackingCookie.Revsci Path: C:\Documents and Settings\talkbox\Cookies\talkbox@revsci[1].txt Risk: Medium Name: TrackingCookie.Adjuggler Path: C:\Documents and Settings\talkbox\Cookies\talkbox@rotator.adjuggler[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\talkbox\Cookies\talkbox@samsung.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Liveperson Path: C:\Documents and Settings\talkbox\Cookies\talkbox@server.iad.liveperson[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\talkbox\Cookies\talkbox@serving-sys[1].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\talkbox\Cookies\talkbox@smartadserver[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\talkbox\Cookies\talkbox@sonyeurope.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Spylog Path: C:\Documents and Settings\talkbox\Cookies\talkbox@spylog[1].txt Risk: Medium Name: TrackingCookie.Netflame Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ssl-hints.netflame[1].txt Risk: Medium Name: TrackingCookie.Dealtime Path: C:\Documents and Settings\talkbox\Cookies\talkbox@stat.dealtime[2].txt Risk: Medium Name: TrackingCookie.Statcounter Path: C:\Documents and Settings\talkbox\Cookies\talkbox@statcounter[2].txt Risk: Medium Name: TrackingCookie.Statistik-gallup Path: C:\Documents and Settings\talkbox\Cookies\talkbox@statistik-gallup[1].txt Risk: Medium Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\talkbox\Cookies\talkbox@tacoda[1].txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: C:\Documents and Settings\talkbox\Cookies\talkbox@tradedoubler[1].txt Risk: Medium Name: TrackingCookie.Trafficmp Path: C:\Documents and Settings\talkbox\Cookies\talkbox@trafficmp[2].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\talkbox\Cookies\talkbox@tribalfusion[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\talkbox\Cookies\talkbox@weborama[1].txt Risk: Medium Name: TrackingCookie.Yadro Path: C:\Documents and Settings\talkbox\Cookies\talkbox@yadro[2].txt Risk: Medium Name: TrackingCookie.Zedo Path: C:\Documents and Settings\talkbox\Cookies\talkbox@zedo[2].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\QooBox\Quarantine\C\Documents and Settings\talkbox\Cookies\talkbox@ad.yieldmanager[2].txt.vir Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\QooBox\Quarantine\C\Documents and Settings\talkbox\Cookies\talkbox@bluestreak[2].txt.vir Risk: Medium rapport malwarebytes : Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1158 Windows 5.1.2600 Service Pack 2 16/09/2008 00:49:56 mbam-log-2008-09-16 (00-49-56).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|) Eléments examinés: 139563 Temps écoulé: 49 minute(s), 40 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\talkbox\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully. E:\utilitaire\utilitaires dvd\Sony Vegas 7 + DVD Architect 4\DVD Architect 4.0.125\Sony DVD Architect v4.0 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\utilitaire\utilitaires dvd\Sony Vegas 7 + DVD Architect 4\Vegas 7.0a\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\utilitaire\utilitaires music\SoundForge 8 + patch FR + Keygen + Noise Reduction\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\utilitaire\utilitaires music\Sony.ACID.Pro.v6.0.Incl.Keygen-SSG\keygen\keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. E:\utilitaire\utilitaires music\Sony.Sound.Forge.v8.0b.Incl.Keygen-SSG\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:52:06, on 16/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9F2B50-DF18-4AE5-9E85-5DA1DD46FDB5}: NameServer = 81.22.90.29 82.101.136.29 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7042 bytes

rapport antivir avira : Avira AntiVir Personal Report file date: lundi 15 septembre 2008 00:18 Scanning for 1613566 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: OBL-BCD5457F0A5 Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 22:12:21 ANTIVIR3.VDF : 7.0.6.155 18944 Bytes 14/09/2008 22:12:22 Engineversion : 8.1.1.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.70 319866 Bytes 14/09/2008 22:12:35 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.1 397683 Bytes 14/09/2008 22:12:33 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.23 196987 Bytes 14/09/2008 22:12:31 AEHEUR.DLL : 8.1.0.51 1397111 Bytes 14/09/2008 22:12:30 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 14/09/2008 22:12:25 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 14/09/2008 22:12:23 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 14/09/2008 22:12:22 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 15 septembre 2008 00:18 Starting search for hidden objects. '40001' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'dslmon.exe' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'PNXSERVR.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 36 processes with 36 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '54' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\talkbox\Local Settings\Temporary Internet Files\Content.IE5\MTWRUTOH\forum[1].htm [DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus [NOTE] A backup was created as '493f8f11.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b031dfa.qua' ( QUARANTINE ) C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <VIDEO> D:\outils DVD\nouveau pack de soft pour 2 en 1\ADOBE\adobe AFTER EFFECTS CS3\Crack\Keygen After Effects CS3\Keygen After Effects CS3.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.584 back-door program [NOTE] A backup was created as '494692e6.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b7a1827.qua' ( QUARANTINE ) D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\Canopus.Procoder.3.05.06\Canopus.Procoder.3.05.06\Crack.exe [DETECTION] Contains recognition pattern of the DR/Agent.xjc.30 dropper [NOTE] A backup was created as '492e9385.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b1518ce.qua' ( QUARANTINE ) D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\DVD Remake Pro 3.4.1&3.5.3\DVD Remake Pro 3.5.3\DvdReMake Pro 3.5.3 Full.rar [0] Archive type: RAR --> ReMakeBUCKY\DvdReMake Pro.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon3.AROS back-door program [NOTE] A backup was created as '4931938b.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b0a10ac.qua' ( QUARANTINE ) D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\DVDMaestro 2.9.2915a + Manual + Cinemaster Codec [DVD] [DVD] [DVD]\sx32w2.dll [DETECTION] Is the TR/Agent.15872.A Trojan [NOTE] A backup was created as '4900938f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b3ae810.qua' ( QUARANTINE ) D:\System Volume Information\_restore{01C6FEE7-E7DF-4613-B945-F14C0AB6B809}\RP9\A0000519.exe [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm [NOTE] A backup was created as '48fd936b.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4ac4ef64.qua' ( QUARANTINE ) Begin scan in 'E:\' <UTILITAIRES & DIVERS> E:\important save\PROJET KHEIMA\Ciel.Business.Plan.2006.v7.0.2.0.(DEMO+crack)\Ciel[1].Business.Plan.2006.v7.0.2.0.french_CRK-FFF\CracK-FFF.exe [DETECTION] Contains HEUR/Crypted suspicious code [NOTE] A backup was created as '492e93e7.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b14e868.qua' ( QUARANTINE ) E:\numerique\August_26,Tools_x550_650_3100_3200_3500\HTMLDOWN.dll [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] A backup was created as '491a93d3.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b22e7bc.qua' ( QUARANTINE ) E:\numerique\starsat sr 150\tools+for+starsat\tools for statsat\StarSatTool 550 650 3300 ( Transponder Updater ).rar [0] Archive type: RAR --> HTMLDOWN.dll [DETECTION] Contains HEUR/Malware suspicious code [NOTE] A backup was created as '492e9404.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b1417ad.qua' ( QUARANTINE ) E:\numerique\starsat sr 150\tools+for+starsat\tools for statsat\StarSatTool 550 650 3300 ( Transponder Updater )\HTMLDOWN.dll [DETECTION] Contains HEUR/Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] A backup was created as '491a93e5.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b2110c6.qua' ( QUARANTINE ) E:\System Volume Information\_restore{01C6FEE7-E7DF-4613-B945-F14C0AB6B809}\RP21\A0003901.exe [DETECTION] Is the TR/Dldr.Harnig.BE Trojan [NOTE] A backup was created as '48fd9425.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4ac4e82e.qua' ( QUARANTINE ) E:\System Volume Information\_restore{01C6FEE7-E7DF-4613-B945-F14C0AB6B809}\RP8\A0000345.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '49936d9e.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '48fd9427.qua' ( QUARANTINE ) E:\utilitaire\utilitaires dvd\3D Button Creator Gold v1.0.InclCxRxK@ker-DES\keygen.exe [DETECTION] Is the TR/Crypt.XDR.Gen Trojan [NOTE] A backup was created as '49469494.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b7fe89d.qua' ( QUARANTINE ) E:\utilitaire\utilitaires dvd\Dvd Maestro 2.9.15 A Final\DVD Maestro 2.9.15.a FINAL\sx32w2.dll [DETECTION] Is the TR/Agent.15872.A Trojan [NOTE] A backup was created as '490094b2.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b3a171b.qua' ( QUARANTINE ) E:\utilitaire\utilitaires dvd\Dvd Maestro 2.9.15 A Final\DVD Maestro 2.9.15.a FINAL\CRACK\sxx.dll [DETECTION] Is the TR/Agent.15872.B Trojan [NOTE] A backup was created as '494594b2.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b7e1ffb.qua' ( QUARANTINE ) E:\utilitaire\utilitaires dvd\nouveaux logiciels video\ImgBurn_1.0.0.0_Fr.exe [DETECTION] Is the TR/Ransom.A.5 Trojan [NOTE] A backup was created as '493494aa.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b0de8a3.qua' ( QUARANTINE ) E:\utilitaire\utilitaires dvd\Slysoft la total\Slysoft la total\Clone CD 5.2.6.1 fr + patch\CloneCD.patch.exe [DETECTION] Is the TR/Agent.76288.C Trojan [NOTE] A backup was created as '493c94b7.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b071ff0.qua' ( QUARANTINE ) E:\utilitaire\utilitaires music\acid pro 4 + crack+patch fr\r-ap40fn.zip [0] Archive type: ZIP --> keygen.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] A backup was created as '492e94d1.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b17e8da.qua' ( QUARANTINE ) Begin scan in 'F:\' <R&B / HOUSE> End of the scan: lundi 15 septembre 2008 00:56 Used time: 37:21 Minute(s) The scan has been done completely. 9283 Scanning directories 233528 Files were scanned 14 viruses and/or unwanted programs were found 4 Files were classified as suspicious: 0 files were deleted 0 files were repaired 36 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 233508 Files not concerned 5545 Archives were scanned 2 Warnings 18 Notes 40001 Objects were scanned with rootkit scan 0 Hidden objects were found

rapport otmoveit2 : C:\WINDOWS\system32\drivers\downld moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09132008_231709 rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:18:32, on 13/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9F2B50-DF18-4AE5-9E85-5DA1DD46FDB5}: NameServer = 81.22.90.29 82.101.136.29 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6423 bytes

rapport toolbarSD : -----------\\ ToolBar S&D 1.1.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz ) BIOS : Award Modular BIOS v6.00PG USER : talkbox ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1229 [VPS 080913-0] 4.8.1229 (Activated) "C:\ToolBar SD" ( MAJ : 07-09-2008|12:20 ) Option : [2] ( 13/09/2008|23:11 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskSBar\bar Supprime! - C:\DOCUME~1\talkbox\Cookies\talkbox@rapidlibrary.powered-by.zango[1].txt Supprime! - C:\Program Files\AskSBar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="about:blank" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections C:\WINDOWS\system32\drivers\downld ==> BAGLE <== --------------------\\ Cracks & Keygens .. C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack\Setup.exe C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack\_crk.txt C:\DOCUME~1\talkbox\Bureau\torrents\applications\[[Demonoid.com]]-Alcohol_120_v1_9_7_Crack_5342698.3056.torrent C:\DOCUME~1\talkbox\Favoris\jeux\Cracks P.url C:\DOCUME~1\talkbox\Recent\Sonic Scenarist 3.0.0.96484 Professional with AC3 Encoder (full version)--- NO CRACK NEEDED.lnk 1 - "C:\ToolBar SD\TB_1.txt" - 12/09/2008|18:49 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 13/09/2008|23:12 - Option : [2] -----------\\ Fin du rapport a 23:12:32,90

voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:48:56, on 13/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\eMule\emule.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9F2B50-DF18-4AE5-9E85-5DA1DD46FDB5}: NameServer = 81.22.90.29 82.101.136.29 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6838 bytes

non ya pas de google toolbar : ya ask toolbar et ask toolbar BHO le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:31, on 12/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9F2B50-DF18-4AE5-9E85-5DA1DD46FDB5}: NameServer = 81.22.90.29 82.101.136.29 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6786 bytes

voici le rapport toolbar : -----------\\ ToolBar S&D 1.1.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz ) BIOS : Award Modular BIOS v6.00PG USER : talkbox ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1229 [VPS 080912-0] 4.8.1229 (Activated) "C:\ToolBar SD" ( MAJ : 07-09-2008|12:20 ) Option : [1] ( 12/09/2008|18:49 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskSBar C:\Program Files\AskSBar\bar C:\DOCUME~1\talkbox\Cookies\talkbox@rapidlibrary.powered-by.zango[1].txt -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="about:blank" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections C:\WINDOWS\system32\drivers\downld ==> BAGLE <== --------------------\\ Cracks & Keygens .. C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack\Setup.exe C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack\_crk.txt C:\DOCUME~1\talkbox\Bureau\torrents\applications\[[Demonoid.com]]-Alcohol_120_v1_9_7_Crack_5342698.3056.torrent C:\DOCUME~1\talkbox\Favoris\jeux\Cracks P.url C:\DOCUME~1\talkbox\Recent\Crack.lnk C:\DOCUME~1\talkbox\Recent\Sonic Scenarist 3.0.0.96484 Professional with AC3 Encoder (full version)--- NO CRACK NEEDED.lnk 1 - "C:\ToolBar SD\TB_1.txt" - 12/09/2008|18:49 - Option : [1] -----------\\ Fin du rapport a 18:49:39,01

rapport HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:26:35, on 12/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9F2B50-DF18-4AE5-9E85-5DA1DD46FDB5}: NameServer = 81.22.90.29 82.101.136.29 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7014 bytes

voici le rapport elibagla : Fri Sep 12 13:35:52 2008 EliBagle v11.70 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): Fri Sep 12 13:36:12 2008 EliBagle v11.70 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 4624 Nº Total de Ficheros: 56982 Nº de Ficheros Analizados: 6915 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 ya pas eu de redemarrage

ça y est j'ai tout desinstallé

oui j'ai desinstallé scenarist (je ne l'ai meme pas gardé) , je desinstalle de suite emule , utorrent et azureus (pour de vrai)

oui il reste des soft p2p : utorrent , emule, et azureus. pour le logiciel il me semble que c'etait scenarist (pas sur) , mais je me rappele tres bien de ce moment ou j'ai effectivement installé un soft et au moment de le cracker ya eu un genre de plantage de la machine et pof avast s'est mis à gueuler du coup j'ai tout de suite effacer le soft et son crack qui etaient responsable de tout cela voiala tout.

pour OTMoveit oui c'est moi , en consultant des sites comme celui ci j'ai pris modele sur un cas , puis j'ai preferé ne pas aller plus loin pour eviter de faire de gros degats , c'est un exploit pour moi (je suis tres enteté) au fait le repertoire QooBOX est toujours là , quel fichier texte veux tu consulter?

ah je pense avoir trouvé le rapport avast : 09/09/2008 01:42 Analyse de C:\ Fichier C:\Documents and Settings\talkbox\Local Settings\Temporary Internet Files\Content.IE5\0H27K9UR\b64_1[1].jpg est infecté par Win32:Trojan-gen {Other}, Supprimé Fichier C:\Documents and Settings\talkbox\Local Settings\Temporary Internet Files\Content.IE5\X9IVST2R\b64_2[1].jpg est infecté par Win32:Rootkit-gen [Rtk], Supprimé Fichier C:\Documents and Settings\talkbox\Local Settings\Temporary Internet Files\Content.IE5\X9IVST2R\b64_3[1].jpg est infecté par Win32:Beagle-AFX [Wrm], Supprimé Fichier C:\Program Files\Alwil Software\Avast4\DATA\moved\3943328.exe.vir est infecté par Win32:Rootkit-gen [Rtk], Supprimé Fichier C:\Program Files\eMule\Temp\003.part\DVD.Reauthor.Pro.Retail.v3.3-DIGERATI\crack\DVDParser.exe Erreur 42126 {archive RAR corrompue.} Fichier C:\System Volume Information\_restore{EAC30E31-FA5E-4D93-BB63-28E836C8B89C}\RP51\A0008192.sys est infecté par Win32:Beagle-AAW [Trj], Supprimé Fichier C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\srosa.sys est infecté par Win32:Beagle-AAW [Trj], Supprimé Nombre de dossiers parcourus : 4846 Nombre de fichiers analysés : 193706 Nombre de fichiers infectés : 6 ---------------------------------------- 10/09/2008 21:55 Analyse de tous les lecteurs locaux Fichier C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir est infecté par Win32:Beagle-AGM [Trj], Supprimé Fichier C:\System Volume Information\_restore{EAC30E31-FA5E-4D93-BB63-28E836C8B89C}\RP51\A0008125.exe est infecté par Win32:Beagle-AGM [Trj], Supprimé Fichier C:\System Volume Information\_restore{EAC30E31-FA5E-4D93-BB63-28E836C8B89C}\RP51\A0008204.sys est infecté par Win32:Beagle-AAW [Trj], Supprimé Fichier C:\System Volume Information\_restore{EAC30E31-FA5E-4D93-BB63-28E836C8B89C}\RP52\A0008257.exe est infecté par Win32:Beagle-AGM [Trj], Supprimé Fichier C:\System Volume Information\_restore{EAC30E31-FA5E-4D93-BB63-28E836C8B89C}\RP54\A0009320.exe est infecté par Win32:Beagle-AGM [Trj], Supprimé Fichier D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\DVD Remake Pro 3.4.1&3.5.3\DVD Remake Pro 3.5.3\DvdReMake Pro 3.5.3 Full\ReMakeBUCKY\DvdReMake Pro.exe est infecté par Win32:Trojan-gen {Other}, Supprimé Fichier D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\DvdReMake_Pro_v3.5.3_CRACKED\DvdReMake Pro.exe est infecté par Win32:Trojan-gen {Other}, Supprimé Fichier D:\System Volume Information\_restore{EAC30E31-FA5E-4D93-BB63-28E836C8B89C}\RP54\A0009322.exe est infecté par Win32:Trojan-gen {Other}, Supprimé Fichier D:\System Volume Information\_restore{EAC30E31-FA5E-4D93-BB63-28E836C8B89C}\RP54\A0009323.exe est infecté par Win32:Trojan-gen {Other}, Supprimé Fichier E:\System Volume Information\_restore{EAC30E31-FA5E-4D93-BB63-28E836C8B89C}\RP51\A0008138.exe est infecté par Win32:Hupigon-LZL [Trj], Supprimé Nombre de dossiers parcourus : 8958 Nombre de fichiers analysés : 94414 Nombre de fichiers infectés : 10

au fait on dis que avast n'est plus aussi efficace qu'avant , et que "antivir" (je crois qu'il s'appele comme ca) serai meilleur , qu'en dis tu?

comment faire pour avoir le rapport avast? si c'est afficher le rapport du dernier scan , il est vide car je ne l'avais pas configuré pour en editer automatiquement , mais si tu as une autre methode dis toujours... au fait , j'ai un peu honte de moi : j'ai menti j'avais kelke DL sur emule et utorrent auxquels je tiens donc j'ai preferé ne pas les desinstaller ( ce ne sont pas des cracks , de la music des trucs rares je te rassure mais bon on n'est jamais à l'abri)

je voulais juste te signaler ceci : apres redemarrage avast m'a signalé la presence de beagle-agm / beagle-aag (je crois) et demandé un redemarrage avec scan , resultats des courses : 10 fichiers infectés supprimés , au redemarrage rien à signaler. les bonnes nouvelles : deblocage de IE , et deblocage du mode sans echec

puis apres avoir suivi scrupuleusement tes instructions le rapport combofix : ComboFix 08-09-05.12 - talkbox 2008-09-10 21:12:57.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1680 [GMT 2:00] Endroit: C:\Documents and Settings\talkbox\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\talkbox\Bureau\CFScript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\iun6002.exe C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))))))) . 2008-09-09 01:11 . 2008-09-09 01:11 <REP> d-------- C:\Program Files\Unlocker 2008-09-09 01:11 . 2008-09-09 01:12 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\Desktopicon 2008-09-09 01:10 . 2008-09-09 01:10 <REP> d-------- C:\_OTMoveIt 2008-09-09 00:59 . 2008-09-09 00:59 215 --a------ C:\WINDOWS\system32\ifo.htm 2008-09-09 00:45 . 2008-09-09 00:45 <REP> d-------- C:\VundoFix Backups 2008-09-07 00:48 . 2008-09-07 00:48 359,040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-09-03 23:34 . 2008-09-03 23:36 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-03 23:33 . 2008-09-03 23:34 <REP> d-------- C:\Program Files\VideoReDoTVSuite 2008-09-03 23:33 . 2008-09-03 23:33 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\VideoReDo-TVSuite 2008-09-02 01:53 . 2008-09-02 01:53 <REP> d-------- C:\Program Files\Apple Software Update 2008-09-02 01:53 . 2008-09-02 01:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-09-02 01:53 . 2008-09-02 01:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-09-02 01:40 . 2008-09-02 01:40 <REP> d-------- C:\Program Files\Fichiers communs\Snell & Wilcox Shared 2008-09-02 01:40 . 2007-03-26 17:08 864,338 --a------ C:\WINDOWS\system32\csempeg3.dll 2008-09-02 01:40 . 2007-01-25 18:47 380,928 --a------ C:\WINDOWS\system32\palm2.ax 2008-09-02 01:40 . 2007-03-26 17:08 188,482 -ra------ C:\WINDOWS\system32\helixprodctrl.dll 2008-09-02 01:40 . 2007-03-26 17:08 84,992 --a------ C:\WINDOWS\csejpeg.dll 2008-09-02 01:40 . 2007-08-24 16:09 3,072 --a------ C:\WINDOWS\hasp_windows.dll 2008-09-02 01:39 . 2008-09-02 01:39 <REP> d-------- C:\Program Files\Grass Valley 2008-09-02 01:39 . 2008-09-02 01:39 <REP> d-------- C:\Program Files\Fichiers communs\Grass Valley 2008-09-02 01:39 . 2008-09-02 01:39 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\InstallShield 2008-08-31 23:59 . 2008-09-02 01:11 <REP> d-------- C:\Program Files\EditStudio6 2008-08-31 23:57 . 2008-08-31 23:57 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\Grass Valley 2008-08-31 23:57 . 2008-08-31 23:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grass Valley 2008-08-31 23:55 . 2002-06-10 17:48 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll 2008-08-31 23:54 . 2008-08-31 23:54 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-08-31 23:53 . 2008-08-31 23:55 <REP> d-------- C:\Program Files\Fichiers communs\Canopus Shared 2008-08-31 23:23 . 2008-08-31 23:23 <REP> d-------- C:\Program Files\uTorrent 2008-08-28 23:34 . 2008-08-28 23:34 <REP> d-------- C:\Program Files\Alcohol Soft 2008-08-28 23:34 . 2008-02-22 13:30 334,792 --a------ C:\WINDOWS\system32\_AxShlEx.dll 2008-08-28 22:52 . 2008-08-28 22:52 <REP> d-------- C:\Program Files\DkZ Update 2008-08-28 22:50 . 2008-09-08 02:40 <REP> d-------- C:\Program Files\DkZ Studio 2008-08-27 11:11 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-08-27 11:11 . 2008-08-27 11:11 385 --a------ C:\WINDOWS\ODBC.INI 2008-08-27 11:10 . 2008-08-27 11:11 <REP> d-------- C:\WINDOWS\SHELLNEW 2008-08-27 10:28 . 2008-08-27 10:28 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-26 00:44 . 2008-08-26 00:44 <REP> d-------- C:\Program Files\Vuze 2008-08-26 00:44 . 2008-08-26 00:44 <REP> d-------- C:\Program Files\AskSBar 2008-08-26 00:44 . 2008-08-28 23:54 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\Azureus 2008-08-26 00:44 . 2008-08-26 00:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-25 14:54 . 2008-08-25 14:54 <REP> d-------- C:\Program Files\NOS 2008-08-25 14:54 . 2008-08-25 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-08-24 17:44 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-08-23 17:25 . 2008-08-23 17:33 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\Ulead Systems 2008-08-23 17:22 . 1999-10-15 12:50 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL 2008-08-23 01:07 . 2008-08-23 01:14 <REP> d-------- C:\Program Files\Womble MPEG Editor 2008-08-23 01:05 . 2008-08-23 01:05 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\AdobeUM 2008-08-22 23:33 . 2008-08-22 23:33 <REP> d-------- C:\Program Files\VirtualDub 2008-08-22 22:11 . 2008-08-22 23:28 109 --a------ C:\WINDOWS\Muxman.ini 2008-08-22 20:43 . 2008-08-22 20:43 <REP> d-------- C:\Temp 2008-08-22 20:33 . 2008-08-22 20:33 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\LEAPS 2008-08-22 20:30 . 2008-08-22 20:30 <REP> d-------- C:\Program Files\Pegasys Inc 2008-08-22 20:30 . 2008-08-22 20:30 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\Pegasys Inc 2008-08-22 20:30 . 2008-08-22 20:30 145,504 --a------ C:\WINDOWS\system32\bgsvcgen.exe 2008-08-22 20:30 . 2008-08-22 20:30 59,488 --a------ C:\WINDOWS\system32\GenSvcInst.exe 2008-08-22 20:30 . 2008-08-22 20:30 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS 2008-08-22 19:54 . 2008-08-22 20:00 273 --a------ C:\WINDOWS\IfoEdit.INI 2008-08-22 17:53 . 2008-09-08 21:58 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-22 15:20 . 2008-08-22 15:20 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\Nero 2008-08-22 15:19 . 2008-08-22 15:19 <REP> d-------- C:\Program Files\Nero 2008-08-22 15:19 . 2008-08-22 15:19 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-08-22 15:19 . 2008-08-22 15:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-08-22 13:54 . 2008-08-22 13:54 <REP> d-------- C:\Documents and Settings\talkbox\Application Data\DivX 2008-08-22 03:14 . 2008-08-22 03:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-22 03:05 . 2008-09-02 01:53 <REP> d-------- C:\Program Files\QuickTime 2008-08-22 03:05 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-08-22 03:05 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-08-22 01:34 . 2008-08-22 01:34 <REP> d-------- C:\Program Files\Alwil Software 2008-08-22 01:34 . 2003-03-19 14:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-08-22 01:34 . 2003-03-18 23:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-08-22 01:34 . 2003-02-21 07:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-08-22 01:27 . 2008-08-22 01:27 <REP> d---s---- C:\Documents and Settings\talkbox\UserData 2008-08-22 01:19 . 2008-08-22 01:19 <REP> d-------- C:\Program Files\SAGEM 2008-08-22 01:16 . 2008-08-22 01:16 <REP> d-------- C:\WINDOWS\system32\Defaults 2008-08-22 01:14 . 2008-09-02 01:39 <REP> d--h----- C:\Program Files\InstallShield Installation Information 2008-08-22 01:14 . 2008-08-23 17:22 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield 2008-08-22 01:14 . 2008-08-22 01:16 <REP> d-------- C:\Program Files\Creative 2008-08-22 01:14 . 2008-08-22 01:16 189 --a------ C:\WINDOWS\Ô 2008-08-22 01:13 . 2008-08-22 01:17 <REP> d-------- C:\WINDOWS\nview 2008-08-22 01:13 . 2005-12-09 21:06 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-22 01:13 . 2008-09-10 21:15 43,573 --a------ C:\WINDOWS\system32\nvapps.xml 2008-08-22 01:13 . 2005-12-09 21:06 16,356 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-22 01:12 . 2005-10-20 16:30 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys 2008-08-22 01:09 . 2008-08-22 01:09 <REP> d-------- C:\Program Files\GIGABYTE 2008-08-22 01:09 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe 2008-08-22 01:09 . 2006-07-12 08:56 248,192 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys 2008-08-22 01:07 . 2008-08-22 01:07 <REP> d-------- C:\Program Files\Intel 2008-08-22 01:05 . 2008-08-22 02:31 <REP> d--h----- C:\Documents and Settings\talkbox\Voisinage r‚seau 2008-08-22 01:05 . 2008-08-22 02:31 <REP> d--h----- C:\Documents and Settings\talkbox\Voisinage d'impression 2008-08-22 01:05 . 2008-08-22 03:07 <REP> d--h----- C:\Documents and Settings\talkbox\ModŠles 2008-08-22 01:05 . 2008-09-02 02:03 <REP> dr------- C:\Documents and Settings\talkbox\Mes documents 2008-08-22 01:05 . 2008-09-09 01:11 <REP> dr------- C:\Documents and Settings\talkbox\Menu D‚marrer 2008-08-22 01:05 . 2008-08-28 22:50 <REP> dr------- C:\Documents and Settings\talkbox\Favoris 2008-08-22 01:05 . 2008-09-10 21:12 <REP> d-------- C:\Documents and Settings\talkbox\Bureau 2008-08-22 01:05 . 2008-09-10 21:14 <REP> d-------- C:\Documents and Settings\talkbox 2008-08-22 01:04 . 2008-08-22 01:04 <REP> d---s---- C:\WINDOWS\system32\Microsoft 2008-08-22 01:04 . 2008-08-22 01:04 <REP> d--hs---- C:\Documents and Settings\LocalService . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-10 19:04 --------- d-----w C:\Documents and Settings\talkbox\Application Data\uTorrent 2008-09-08 20:30 --------- d-----w C:\Program Files\eMule 2008-09-08 20:00 --------- d-----w C:\Program Files\Ripp-it_AM 2008-09-06 22:48 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-08-23 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-08-23 15:22 --------- d-----w C:\Program Files\Ulead Systems 2008-08-23 15:22 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems 2008-08-22 23:04 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-22 20:49 --------- d-----w C:\Program Files\DVDlabPro2 2008-08-22 00:59 --------- d-----w C:\Program Files\Bonjour 2008-08-22 00:55 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-08-22 00:43 --------- d-----w C:\Program Files\Womble Multimedia 2008-08-22 00:37 --------- d-----w C:\Program Files\Winamp 2008-08-22 00:37 --------- d-----w C:\Program Files\Illustrate 2008-08-22 00:26 --------- d-----w C:\Program Files\Google 2008-08-22 00:23 599,570 ----a-w C:\WINDOWS\system32\x264vfw.dll 2008-08-22 00:23 --------- d-----w C:\Program Files\x264 2008-08-22 00:23 --------- d-----w C:\Program Files\DivX 2008-08-22 00:22 --------- d-----w C:\Program Files\Ripp-It Codec Pack 2008-08-22 00:22 --------- d-----w C:\Program Files\MKVtoolnix 2008-08-22 00:22 --------- d-----w C:\Program Files\AC3Filter 2008-08-22 00:21 --------- d-----w C:\Program Files\AviSynth 2.5 2008-08-22 00:19 --------- d-----w C:\Program Files\Fichiers communs\SONY Digital Images 2008-08-22 00:17 --------- d-----w C:\Program Files\Smart Projects 2008-08-21 23:19 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-08-21 22:43 --------- d-----w C:\Program Files\microsoft frontpage 2008-08-21 22:41 --------- d-----w C:\Program Files\Services en ligne 2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Ô -- Not a PE file. MD5: b67d302519e64be30abaa899a9e53efe ---- Directory of C:\Program Files\NOS ---- 2008-06-26 10:24 31592 --a------ C:\Program Files\NOS\bin\getPlus_HelperSvc.exe ------- Sigcheck ------- 2008-09-07 00:48 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-09-07 00:48 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( snapshot@2008-09-09_19.00.46.23 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-10 19:15:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_490.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2006-06-04 831496] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-08-28 4608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 7311360] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 86016] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2001-03-03 7680] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 208896] "NexusServer"="C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 389120] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "nwiz"="nwiz.exe" [2005-12-09 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.X264"= x264vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.CDVC"= cdvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CLLC"= cllccodc.dll "vidc.CDV5"= cdv5codc.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Vuze\\Azureus.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys [1997-11-26 18832] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 21:15:50 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-10 21:17:31 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-10 19:17:21 ComboFix2.txt 2008-09-09 17:02:04 Pre-Run: 8,445,702,144 octets libres Post-Run: 8,449,482,752 octets libres 238

voici le rapport de virustotal : Fichier GenSvcInst.exe reçu le 2008.09.10 21:06:23 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.9.6.0 2008.09.10 - AntiVir 7.8.1.28 2008.09.10 - Authentium 5.1.0.4 2008.09.10 - Avast 4.8.1195.0 2008.09.10 - AVG 8.0.0.161 2008.09.10 - BitDefender 7.2 2008.09.10 - CAT-QuickHeal 9.50 2008.09.10 - ClamAV 0.93.1 2008.09.10 - DrWeb 4.44.0.09170 2008.09.10 - eSafe 7.0.17.0 2008.09.10 - eTrust-Vet 31.6.6082 2008.09.10 - Ewido 4.0 2008.09.10 - F-Prot 4.4.4.56 2008.09.09 - F-Secure 8.0.14332.0 2008.09.10 - Fortinet 3.112.0.0 2008.09.10 - GData 19 2008.09.10 - Ikarus T3.1.1.34.0 2008.09.10 - K7AntiVirus 7.10.450 2008.09.10 - Kaspersky 7.0.0.125 2008.09.10 - McAfee 5381 2008.09.10 - Microsoft 1.3903 2008.09.10 - NOD32v2 3429 2008.09.09 - Norman 5.80.02 2008.09.10 - Panda 9.0.0.4 2008.09.10 - PCTools 4.4.2.0 2008.09.10 - Prevx1 V2 2008.09.10 - Rising 20.61.22.00 2008.09.10 - Sophos 4.33.0 2008.09.10 - Sunbelt 3.1.1616.1 2008.09.09 - Symantec 10 2008.09.10 - TheHacker 6.3.0.9.077 2008.09.10 - TrendMicro 8.700.0.1004 2008.09.10 - VBA32 3.12.8.5 2008.09.10 - ViRobot 2008.9.10.1371 2008.09.10 - VirusBuster 4.5.11.0 2008.09.10 - Webwasher-Gateway 6.6.2 2008.09.10 - Information additionnelle File size: 59488 bytes MD5...: 4f76dd94bb4c3846a2b5ea3cf57bcd71 SHA1..: 60c12524232a5fa9e9c3e98c13d49c15a6f499ff SHA256: 5767f41f16104408a49f00aa70aee3d34e0bcfaeefb8048eb8d8b9d3b7418cf2 SHA512: 2215e9ad3d4597bb972d67abc20a8273e34af6b4a1a436aaad92ea04d163cb66<BR>76ab939ac172461b90874689e04bf66caa69a1ce5ac75a00e3755b7b1bf3d63d PEiD..: - TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401c70<BR>timedatestamp.....: 0x46720a78 (Fri Jun 15 03:41:44 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6bc4 0x7000 6.50 be79a4722cf9d1596d4ce8d4fa7653dd<BR>.rdata 0x8000 0x267a 0x3000 4.77 9ac721c44bc7aa1a185cabb492009b8f<BR>.data 0xb000 0x19fc 0x1000 2.13 b1978c66d91696fba3f858f9b743f7da<BR>.rsrc 0xd000 0x60c 0x1000 3.86 3f3d506735446a07ed2d6b9a94d6ed34<BR><BR>( 4 imports ) <BR>> KERNEL32.dll: lstrcmpW, WaitForSingleObject, CloseHandle, CreateProcessW, LCMapStringW, LCMapStringA, GetStringTypeW, lstrcatW, GetFileAttributesW, GetStartupInfoW, lstrlenW, GetModuleFileNameW, HeapFree, lstrcpynW, GetProcessHeap, HeapAlloc, GetLastError, Sleep, GetStringTypeA, GetVersionExA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetProcAddress, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, LoadLibraryA, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, RtlUnwind, HeapSize, GetLocaleInfoA, WideCharToMultiByte<BR>> USER32.dll: CharUpperW, wsprintfW, LoadStringW, MessageBoxW, CharNextW<BR>> ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegCloseKey, QueryServiceConfigW, ControlService, StartServiceW, QueryServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, DeleteService<BR>> SHLWAPI.dll: PathQuoteSpacesW, PathUnquoteSpacesW, PathRemoveFileSpecW<BR><BR>( 0 exports ) <BR> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.9.6.0 2008.09.10 - AntiVir 7.8.1.28 2008.09.10 - Authentium 5.1.0.4 2008.09.10 - Avast 4.8.1195.0 2008.09.10 - AVG 8.0.0.161 2008.09.10 - BitDefender 7.2 2008.09.10 - CAT-QuickHeal 9.50 2008.09.10 - ClamAV 0.93.1 2008.09.10 - DrWeb 4.44.0.09170 2008.09.10 - eSafe 7.0.17.0 2008.09.10 - eTrust-Vet 31.6.6082 2008.09.10 - Ewido 4.0 2008.09.10 - F-Prot 4.4.4.56 2008.09.09 - F-Secure 8.0.14332.0 2008.09.10 - Fortinet 3.112.0.0 2008.09.10 - GData 19 2008.09.10 - Ikarus T3.1.1.34.0 2008.09.10 - K7AntiVirus 7.10.450 2008.09.10 - Kaspersky 7.0.0.125 2008.09.10 - McAfee 5381 2008.09.10 - Microsoft 1.3903 2008.09.10 - NOD32v2 3429 2008.09.09 - Norman 5.80.02 2008.09.10 - Panda 9.0.0.4 2008.09.10 - PCTools 4.4.2.0 2008.09.10 - Prevx1 V2 2008.09.10 - Rising 20.61.22.00 2008.09.10 - Sophos 4.33.0 2008.09.10 - Sunbelt 3.1.1616.1 2008.09.09 - Symantec 10 2008.09.10 - TheHacker 6.3.0.9.077 2008.09.10 - TrendMicro 8.700.0.1004 2008.09.10 - VBA32 3.12.8.5 2008.09.10 - ViRobot 2008.9.10.1371 2008.09.10 - VirusBuster 4.5.11.0 2008.09.10 - Webwasher-Gateway 6.6.2 2008.09.10 - Information additionnelle File size: 59488 bytes MD5...: 4f76dd94bb4c3846a2b5ea3cf57bcd71 SHA1..: 60c12524232a5fa9e9c3e98c13d49c15a6f499ff SHA256: 5767f41f16104408a49f00aa70aee3d34e0bcfaeefb8048eb8d8b9d3b7418cf2 SHA512: 2215e9ad3d4597bb972d67abc20a8273e34af6b4a1a436aaad92ea04d163cb66<BR>76ab939ac172461b90874689e04bf66caa69a1ce5ac75a00e3755b7b1bf3d63d PEiD..: - TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401c70<BR>timedatestamp.....: 0x46720a78 (Fri Jun 15 03:41:44 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6bc4 0x7000 6.50 be79a4722cf9d1596d4ce8d4fa7653dd<BR>.rdata 0x8000 0x267a 0x3000 4.77 9ac721c44bc7aa1a185cabb492009b8f<BR>.data 0xb000 0x19fc 0x1000 2.13 b1978c66d91696fba3f858f9b743f7da<BR>.rsrc 0xd000 0x60c 0x1000 3.86 3f3d506735446a07ed2d6b9a94d6ed34<BR><BR>( 4 imports ) <BR>> KERNEL32.dll: lstrcmpW, WaitForSingleObject, CloseHandle, CreateProcessW, LCMapStringW, LCMapStringA, GetStringTypeW, lstrcatW, GetFileAttributesW, GetStartupInfoW, lstrlenW, GetModuleFileNameW, HeapFree, lstrcpynW, GetProcessHeap, HeapAlloc, GetLastError, Sleep, GetStringTypeA, GetVersionExA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetProcAddress, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, LoadLibraryA, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, RtlUnwind, HeapSize, GetLocaleInfoA, WideCharToMultiByte<BR>> USER32.dll: CharUpperW, wsprintfW, LoadStringW, MessageBoxW, CharNextW<BR>> ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegCloseKey, QueryServiceConfigW, ControlService, StartServiceW, QueryServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, DeleteService<BR>> SHLWAPI.dll: PathQuoteSpacesW, PathUnquoteSpacesW, PathRemoveFileSpecW<BR><BR>( 0 exports ) <BR>

le softs de P2P sont désinstallé je suis pret