bapor

Bonjour. Problème réglé, c'était winamp qui faisait ça.

--- 23 avril 2015 à 02h02 --- Bonjour, à chaque démarrage de mon ordinateur j'entends des clics à une fréquence irrégulière qui sortent de mes haut parleurs (le même bruit que celui qu'on entend lorsqu'on voyage dans les disques durs). Rien ne charge à part ça, je n'ai à priori pas de ralentissement mais c'est suspect. Comment régler ce problème ? Merci. --- 23 avril 2015 à 16h11 --- up --- 23 avril 2015 à 23h39 --- up -édit- Dans cette section, il ne faut pas insérer de « up » dans ton sujet : au vu de la présence d'une « réponse », les helpers ne s'y intéresseront pas, croyant le problème pris en mains par l'un des leurs. Tu peux en revanche poster un petit rappel dans le sujet « On m'a oublié ! », épinglé en tête de la section et prévu à cet effet…

Hi. Pas d'internet pendant cette période. Non rien à changé. je n'ai aucun son sauf ceux de msn et windows. J'ai fait comme tu avais demandé mais je n'ai jamais eu de message de combofix me demande d'installer la console. Oui mais en bootant sur le cd je n'ai pas de console. Good night.

Hi. Je passe en coup de vent également. Je ne peux plus lire les wave non plus comme si je n'avais plus de carte son en fait. Winamp, wmp, vlc etc... La procedure CHKDSK ne fonctionne pas car je n'ai pas de console de récupération au demarrage.

Hi. Tous les sons : musique, video, jeux etc... sauf les sons windows dont msn donc. J'ai a peine eu le temps de le faire mais j'ai rien vu. Je reessayerais. Non je n'ai pas eu le temps, je le ferais quand je pourrais. Surement demain (taf). Monte par moi meme. Alors je pense avoir ete suffisamment poli pour ne pas avoir ce genre de phrase dans la tronche. On est sur un topic, je vais pas dire bonjour a tous les messages sur un forum puisqu'on suit un fil de discussion malgre que je l'ai fait pas mal de fois. Si tu veux dans le meme genre on peut se vouvoyer. Ce qui ete mon cas le jour ou j'ai poste en plus d'avoir eu beaucoup de travail mais j'ai pris quand meme la peine de laisser un message en mettant ce que je pouvais sur le moment.

--> Est-ce à cette heure-là exactement que tu as perdu le son ? Non --> Est-ce à cette heure-là exactement que tu as perdu le son ? Site de creative --> Quelle est précisément la version du pilote et le modèle exact de ta carte / de ton controleur "son" ? Pilote 5.12.6.1187, Sound blaster X-fI Xtreme Gamer Fatal1ty Pro, Version 2.20.65 --> Depuis quelle manipulation / quelle installation rencontres-tu ce souci ? Aucune idee --> Donc, après 5 minutes, sans utiliser le PC, le son disparait ? As-tu essayé d'autres lecteurs ? Est-ce en jouant ? J'ai essayé d'autres lecteurs, seul les sons windows et msn restent present. Ce n'est pas en jouant. --> As-tu pu tester le matériel ? Est-il stable ? L'intérieur de la tour est-il propre ? Oui --> As-tu regardé quel processus se lançait ou s'arrêtait après 5 minutes dans le Gestionnaire des tâches ? Non

Hi. --> Que fais-tu pendant ces 5 minutes ? Quels programmes utilises-tu ? Rien du tout, je viens de redemarrer l'ordi et j'ai rien touche. La derniere erreur est a 00h15 : Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 8001010D à partir de la ligne 62 de f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services du Support Technique Microsoft pour signaler cette erreur. Pour plus d'informations, consultez le centre Aide et support à l'adresse http://go.microsoft.com/fwlink/events.asp.

Hi. C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\content-prefs.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\cookies.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\downloads.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\flashgot.log L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\formhistory.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\permissions.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\places.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\places.sqlite-journal L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Historique\History.IE5\MSHist012008120520081206\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\etilqs_J9RQsTVvZK3R4VBkdPEh L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\Free Download Manager\tic20.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\Free Download Manager\ticE.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\hsperfdata_BaPoR\2932 L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\~DFA819.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP2\A0003048.exe L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP2\A0003056.sys Infecté : Trojan.Win32.Agent.arzd ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003135.sys Infecté : Trojan.Win32.Agent.asao ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\change.log L'objet est verrouillé ignoré C:\WINDOWS.0\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS.0\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS.0\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\Temp\Perflib_Perfdata_b64.dat L'objet est verrouillé ignoré C:\WINDOWS.0\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS.0\wiaservc.log L'objet est verrouillé ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\emulateur\Amstrad\Update.exe Infecté : Trojan-Downloader.Win32.Delf.kek ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Jeux\DAEMON Tools\SetupDTSB.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Logiciel\mIRC\mirc.exe Infecté : not-a-virus:Client-IRC.Win32.mIRC.612 ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Logiciel\RealVNC\WinVNC\othread2.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Logiciel\RealVNC\WinVNC\winvnc.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\Logiciel\UZC\UZC.EXE Infecté : not-a-virus:PSWTool.Win32.ZipCrack.c ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003136.exe Infecté : Trojan.Win32.Agent.asgs ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003137.exe Infecté : Trojan.Win32.Agent.asgt ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003379.exe Infecté : Trojan.Win32.Agent.asgt ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003383.exe Infecté : Trojan.Win32.Agent.asgs ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003386.sys Infecté : Trojan.Win32.Agent.asao ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003622.exe Infecté : Trojan-Dropper.Win32.KGen.di ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005883.exe Infecté : HackTool.Win32.Sniffer.Agent.b ignoré C:\_OTMoveIt\MovedFiles\12042008_234319\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0012986.exe Infecté : Trojan.Win32.Slefdel.bwx ignoré G:\Logiciel\DAEMON Tools\SetupDTSB.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré G:\Logiciel\mIRC\logs\status.QuakeNet.log L'objet est verrouillé ignoré G:\Logiciel\Mozilla Firefox\SmitfraudFix\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005884.exe Infecté : not-a-virus:PSWTool.Win32.PassView.bj ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005885.exe Infecté : not-a-virus:PSWTool.Win32.Dialupass.dp ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005887.exe Infecté : not-a-virus:PSWTool.Win32.NetPass.q ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005890.exe Infecté : not-a-virus:PSWTool.Win32.Dialupass.an ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005891.exe Infecté : not-a-virus:PSWTool.Win32.Asterisk.a ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014910.exe Infecté : Trojan-Downloader.Win32.Delf.kek ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014911.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014912.exe Infecté : not-a-virus:Client-IRC.Win32.mIRC.612 ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014913.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014915.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014916.EXE Infecté : not-a-virus:PSWTool.Win32.ZipCrack.c ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014958.exe/data0004 Infecté : not-a-virus:RiskTool.Win32.FWDisabler.a ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0014958.exe NSIS: infecté - 1 ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\change.log L'objet est verrouillé ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0013009.exe/file10 Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0013009.exe Inno: infecté - 1 ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\change.log L'objet est verrouillé ignoré H:\TLC\vnc-3.3.7-x86_win32.exe/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.exe/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.exe Inno: infecté - 2 ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar RAR: infecté - 3 ignoré Analyse terminée. il me reste ca apres un scan fait hier. Pour le son j'ai deja fait tout reinstalle. Le son est present au debut, mais comme j'ai dit au bout de 5 mns quelque chose charge et ma barre en bas se "deskin" et se "reskin". Suite a ca je perds le son (que je dois remettre dans les services en faisant arreter/demarrer.

========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== G:\emulateur\Amstrad\Update.exe moved successfully. G:\Jeux\DAEMON Tools\SetupDTSB.exe moved successfully. G:\Logiciel\mIRC\mirc.exe moved successfully. DllUnregisterServer procedure not found in G:\Logiciel\RealVNC\WinVNC\othread2.dll G:\Logiciel\RealVNC\WinVNC\othread2.dll NOT unregistered. G:\Logiciel\RealVNC\WinVNC\othread2.dll moved successfully. G:\Logiciel\RealVNC\WinVNC moved successfully. G:\Logiciel\UZC moved successfully. G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003622.exe moved successfully. G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005883.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003136.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003137.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003379.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003383.exe moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003386.sys moved successfully. C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0012986.exe moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\etilqs_FOLLFoJSaRffcRusp7iQ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mpl45.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\BaPoR\LOCALS~1\Temp\~DF27D7.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS.0\temp\Perflib_Perfdata_bcc.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12042008_234319 Files moved on Reboot... File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\etilqs_FOLLFoJSaRffcRusp7iQ not found! File C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mpl45.tmp not found! C:\DOCUME~1\BaPoR\LOCALS~1\Temp\~DF27D7.tmp moved successfully. File C:\WINDOWS.0\temp\Perflib_Perfdata_bcc.dat not found! C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\XUL.mfl moved successfully. Je vais faire un autre scan. Oui mon ra3 est officiel, je ne joue que online. Bonne nuit.

Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\content-prefs.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\cookies.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\downloads.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\flashgot.log L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\formhistory.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\permissions.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\places.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\places.sqlite-journal L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\urlclassifier3.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Historique\History.IE5\MSHist012008120420081205\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\etilqs_H1hbMg4JUFPUSLbrz7mq L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\Free Download Manager\tic1C.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\Free Download Manager\tic1D.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\mpl9.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\mplA.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\temp\~DFB3B6.tmp L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\BaPoR\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP2\A0003056.sys L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003135.sys L'objet est verrouillé ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003136.exe Infecté : Trojan.Win32.Agent.asgs ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003137.exe Infecté : Trojan.Win32.Agent.asgt ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003379.exe Infecté : Trojan.Win32.Agent.asgt ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003383.exe Infecté : Trojan.Win32.Agent.asgs ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003386.sys Infecté : Trojan.Win32.Agent.asao ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0012986.exe Infecté : Trojan.Win32.Slefdel.bwx ignoré C:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\change.log L'objet est verrouillé ignoré C:\WINDOWS.0\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS.0\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS.0\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS.0\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS.0\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS.0\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS.0\Temp\Perflib_Perfdata_8a8.dat L'objet est verrouillé ignoré C:\WINDOWS.0\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS.0\wiaservc.log L'objet est verrouillé ignoré G:\emulateur\Amstrad\Update.exe Infecté : Trojan-Downloader.Win32.Delf.kek ignoré G:\Jeux\DAEMON Tools\SetupDTSB.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré G:\Logiciel\DAEMON Tools\SetupDTSB.exe Infecté : not-a-virus:WebToolbar.Win32.WhenU.a ignoré G:\Logiciel\mIRC\mirc.exe Infecté : not-a-virus:Client-IRC.Win32.mIRC.612 ignoré G:\Logiciel\Mozilla Firefox\SmitfraudFix\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré G:\Logiciel\RealVNC\WinVNC\othread2.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré G:\Logiciel\RealVNC\WinVNC\winvnc.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré G:\Logiciel\UZC\UZC.EXE Infecté : not-a-virus:PSWTool.Win32.ZipCrack.c ignoré G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0003622.exe Infecté : Trojan-Dropper.Win32.KGen.di ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005883.exe Infecté : HackTool.Win32.Sniffer.Agent.b ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005884.exe Infecté : not-a-virus:PSWTool.Win32.PassView.bj ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005885.exe Infecté : not-a-virus:PSWTool.Win32.Dialupass.dp ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005887.exe Infecté : not-a-virus:PSWTool.Win32.NetPass.q ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005890.exe Infecté : not-a-virus:PSWTool.Win32.Dialupass.an ignoré G:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0005891.exe Infecté : not-a-virus:PSWTool.Win32.Asterisk.a ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0013009.exe/file10 Infecté : Trojan-Spy.Win32.SpyAgent.e ignoré H:\System Volume Information\_restore{BE9EB4D1-3594-406E-970C-067B4A654BD9}\RP3\A0013009.exe Inno: infecté - 1 ignoré H:\TLC\mirc612.exe/data0001.bin Infecté : not-a-virus:Client-IRC.Win32.mIRC.612 ignoré H:\TLC\mirc612.exe mIRC: infecté - 1 ignoré H:\TLC\vnc-3.3.7-x86_win32.exe/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.exe/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.exe Inno: infecté - 2 ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar/vnc-3.3.7-x86_win32.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.c ignoré H:\TLC\vnc-3.3.7-x86_win32.rar RAR: infecté - 3 ignoré Analyse terminée. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:18:03, on 04/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\csrss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS.0\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS.0\CTHELPER.EXE C:\WINDOWS.0\system32\CTXFIHLP.EXE G:\logiciel\Creative\Volume Panel\VolPanlu.exe C:\WINDOWS.0\system32\ctfmon.exe C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE G:\logiciel\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe G:\logiciel\Free Download Manager\fdm.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe G:\Logiciel\Logitech\SetPoint\SetPoint.exe G:\Logiciel\WinBar\WinBar.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS.0\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\wscntfy.exe C:\WINDOWS.0\System32\alg.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS.0\System32\svchost.exe g:\Logiciel\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS.0\Explorer.EXE G:\Logiciel\HijackThis.exe C:\WINDOWS.0\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\logiciel\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [VolPanel] "g:\logiciel\Creative\Volume Panel\VolPanlu.exe" /r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] g:\logiciel\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] "G:\logiciel\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\logiciel\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\logiciel\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe -- End of file - 9100 bytes

J'ai desinstalle spybot. J'ai rien change mais a un moment, au bout de 5 mns ma barre en bas change car un truc charge, ce qui me coupe le son d'ailleurs, que je suis oblige de relancer dans les services. (peut etre un rapport. Le seul truc que j'ai fait c'est que j'ai lance alerte rouge 3 lol.

Logfile of random's system information tool 1.04 (written by random/random) Run by BaPoR at 2008-12-03 23:50:27 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 51 GB (72%) free of 71 GB Total RAM: 2047 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:33, on 03/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\csrss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS.0\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS.0\CTHELPER.EXE C:\WINDOWS.0\system32\CTXFIHLP.EXE C:\WINDOWS.0\system32\ctfmon.exe C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE G:\logiciel\SuperCopier2\SuperCopier2.exe C:\Program Files\Messenger\msmsgs.exe G:\logiciel\Free Download Manager\fdm.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe G:\Logiciel\Logitech\SetPoint\SetPoint.exe G:\Logiciel\WinBar\WinBar.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\MSN Messenger\msnmsgr.exe G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS.0\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\wscntfy.exe C:\WINDOWS.0\System32\alg.exe g:\Logiciel\Mozilla Firefox\firefox.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\BaPoR\Bureau\RSIT.exe C:\WINDOWS.0\system32\wbem\wmiprvse.exe G:\Logiciel\BaPoR.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\logiciel\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] g:\logiciel\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] "G:\logiciel\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\logiciel\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\logiciel\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe -- End of file - 8859 bytes ======Scheduled tasks folder====== C:\WINDOWS.0\tasks\1-Click Maintenance.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-25 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - G:\logiciel\Free Download Manager\iefdm2.dll [2008-06-18 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-25 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-25 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-25 136600] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440] "MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS.0\KHALMNPR.EXE [2008-02-29 76304] "AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -1 AudioDrvEmulator C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll [] "Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584] "Adobe Reader Speed Launcher"=G:\logiciel\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "avgnt"=G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "KernelFaultCheck"=C:\WINDOWS.0\system32\dumprep 0 -k [] "CTHelper"=C:\WINDOWS.0\CTHELPER.EXE [2006-08-17 17920] "CTxfiHlp"=C:\WINDOWS.0\system32\CTXFIHLP.EXE [2006-08-17 18944] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360] "SuperCopier2.exe"=g:\logiciel\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] "MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "Free Download Manager"=G:\logiciel\Free Download Manager\fdm.exe [2008-05-20 2474031] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272] C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage Logitech SetPoint.lnk - G:\Logiciel\Logitech\SetPoint\SetPoint.exe C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage WinBar.lnk - G:\Logiciel\WinBar\WinBar.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS.0\system32\Ati2evxx.dll [2008-08-21 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll [2008-05-07 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "MemCheckBoxInRunDlg"=1 "NoSMBalloonTip"=1 "NoDesktopCleanupWizard"=1 "NoWelcomeScreen"=1 "NoStrCmpLogical"=0 "NoInstrumentation"=0 "NoDrives"=0 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "G:\Logiciel\Azureus\Azureus.exe"="G:\Logiciel\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE"="G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" ======List of files/folders created in the last 1 months====== 2008-12-03 23:28:06 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Creative Labs 2008-12-03 23:26:55 ----A---- C:\WINDOWS.0\system32\instwdm.ini 2008-12-03 23:26:55 ----A---- C:\WINDOWS.0\system32\ctzapxx.ini 2008-12-03 22:23:24 ----D---- C:\Avenger 2008-12-03 22:23:23 ----A---- C:\avenger.txt 2008-12-03 22:20:42 ----A---- C:\cleanup.exe 2008-12-03 19:55:35 ----A---- C:\WINDOWS.0\gmer.ini 2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer_uninstall.cmd 2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer.exe 2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer.dll 2008-12-03 19:51:28 ----D---- C:\rsit 2008-12-03 12:49:19 ----D---- C:\_OTMoveIt 2008-12-03 01:41:29 ----A---- C:\WINDOWS.0\system32\unrar.dll 2008-12-03 01:41:28 ----A---- C:\WINDOWS.0\system32\yv12vfw.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidvfw.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidcore.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\qt-dx331.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\dpl100.dll 2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\divx.dll 2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll.manifest 2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll 2008-12-03 00:33:08 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira 2008-12-02 02:41:03 ----SHD---- C:\RECYCLER 2008-12-02 02:35:07 ----A---- C:\ComboFix.txt 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\zip.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\VFIND.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWXCACLS.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWSC.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWREG.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\sed.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\NIRCMD.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\grep.exe 2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\fdsv.exe 2008-12-01 21:41:12 ----D---- C:\Qoobox 2008-12-01 16:31:46 ----HD---- C:\WINDOWS.0\system32\GroupPolicy 2008-12-01 13:52:14 ----A---- C:\WINDOWS.0\NeroDigital.ini 2008-12-01 12:52:55 ----D---- C:\Documents and Settings\BaPoR\Application Data\vlc 2008-12-01 01:37:46 ----A---- C:\resultat.txt 2008-11-30 21:04:29 ----D---- C:\Program Files\Veetle 2008-11-30 21:04:29 ----A---- C:\WINDOWS.0\UninstVeetleTVPlayer.exe 2008-11-30 19:33:34 ----D---- C:\Documents and Settings\BaPoR\Application Data\WinRAR 2008-11-30 19:29:49 ----D---- C:\WINDOWS.0\ERUNT 2008-11-30 19:20:19 ----D---- C:\SDFix 2008-11-28 16:52:58 ----A---- C:\WINDOWS.0\system32\TwnLib20.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXRA7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXR7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXpr7.dll 2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagX7.dll 2008-11-28 16:52:57 ----D---- C:\Program Files\Fichiers communs\Ahead 2008-11-28 16:52:57 ----A---- C:\WINDOWS.0\system32\NeroCheck.exe 2008-11-25 01:14:51 ----A---- C:\WINDOWS.0\wininit.ini 2008-11-24 23:57:19 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-11-24 23:57:19 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2008-11-24 23:57:18 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) 2008-11-24 23:56:30 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) 2008-11-24 23:55:26 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy 2008-11-22 01:23:03 ----A---- C:\Program Files\cvhx.txt 2008-11-22 01:09:05 ----A---- C:\WINDOWS.0\obzgi.txt 2008-11-22 01:06:31 ----D---- C:\Documents and Settings\BaPoR\Application Data\Malwarebytes 2008-11-22 01:06:27 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes 2008-11-22 00:23:41 ----A---- C:\Boot.bak 2008-11-22 00:23:38 ----RASHD---- C:\cmdcons 2008-11-22 00:20:34 ----D---- C:\WINDOWS.0\ERDNT 2008-11-20 15:35:38 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi 2008-11-19 23:43:00 ----D---- C:\Program Files\Fichiers communs\Creative Labs Shared 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DX9_40.dll 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\d3dx10_40.dll 2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DCompiler_40.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_3.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_2.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_2.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_1.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\xactengine3_3.dll 2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\X3DAudio1_5.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\xactengine3_2.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DX9_39.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\d3dx10_39.dll 2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DCompiler_39.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAudio2_1.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAPOFX1_0.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\xactengine3_1.dll 2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\X3DAudio1_4.dll 2008-11-16 21:26:10 ----A---- C:\WINDOWS.0\system32\XAudio2_0.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\xactengine3_0.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\X3DAudio1_3.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DX9_37.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\d3dx10_37.dll 2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DCompiler_37.dll 2008-11-16 21:26:06 ----A---- C:\WINDOWS.0\system32\xactengine2_9.dll ======List of files/folders modified in the last 1 months====== 2008-12-03 23:48:04 ----D---- C:\Documents and Settings\BaPoR\Application Data\Free Download Manager 2008-12-03 23:32:39 ----A---- C:\WINDOWS.0\SchedLgU.Txt 2008-12-03 23:30:15 ----D---- C:\WINDOWS.0\Temp 2008-12-03 23:30:14 ----D---- C:\WINDOWS.0 2008-12-03 23:28:23 ----D---- C:\WINDOWS.0\system32 2008-12-03 23:27:20 ----RSHDC---- C:\WINDOWS.0\system32\dllcache 2008-12-03 23:27:15 ----D---- C:\WINDOWS.0\system32\drivers 2008-12-03 23:27:15 ----D---- C:\WINDOWS.0\system32\Data 2008-12-03 23:27:11 ----HD---- C:\WINDOWS.0\inf 2008-12-03 23:27:10 ----D---- C:\WINDOWS.0\system32\CatRoot2 2008-12-03 23:27:05 ----D---- C:\WINDOWS.0\Prefetch 2008-12-03 23:26:57 ----D---- C:\WINDOWS.0\system 2008-12-03 23:23:56 ----D---- C:\Program Files\Creative 2008-12-03 23:22:15 ----A---- C:\WINDOWS.0\ntbtlog.txt 2008-12-03 23:22:01 ----SHD---- C:\WINDOWS.0\CSC 2008-12-03 23:18:11 ----D---- C:\WINDOWS.0\system32\ReinstallBackups 2008-12-03 23:18:09 ----A---- C:\WINDOWS.0\system32\wrap_oal.dll 2008-12-03 23:18:08 ----A---- C:\WINDOWS.0\system32\OpenAL32.dll 2008-12-03 23:17:39 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-03 18:48:02 ----D---- C:\WINDOWS.0\Minidump 2008-12-03 12:50:07 ----D---- C:\Documents and Settings\BaPoR\Application Data\Azureus 2008-12-03 01:30:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\Spybot - Search & Destroy 2008-12-02 02:34:11 ----A---- C:\WINDOWS.0\system.ini 2008-12-02 02:31:56 ----D---- C:\WINDOWS.0\system32\config 2008-12-02 02:31:26 ----D---- C:\WINDOWS.0\AppPatch 2008-12-02 02:31:26 ----D---- C:\Program Files\Fichiers communs 2008-12-01 16:51:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\dvdcss 2008-12-01 16:17:21 ----D---- C:\WINDOWS.0\Help 2008-11-30 21:04:29 ----RD---- C:\Program Files 2008-11-30 20:02:18 ----SHD---- C:\System Volume Information 2008-11-30 20:02:18 ----D---- C:\WINDOWS.0\system32\Restore 2008-11-30 19:27:45 ----D---- C:\Documents and Settings 2008-11-30 16:20:55 ----A---- C:\WINDOWS.0\win.ini 2008-11-30 15:07:23 ----SD---- C:\WINDOWS.0\Downloaded Program Files 2008-11-25 23:12:45 ----A---- C:\WINDOWS.0\system32\CmdLineExt.dll 2008-11-22 00:23:41 ----RASH---- C:\boot.ini 2008-11-20 15:35:13 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi-Backup 2008-11-20 15:30:01 ----D---- C:\Temp 2008-11-19 23:42:54 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Creative 2008-11-19 22:53:30 ----RSD---- C:\WINDOWS.0\assembly 2008-11-19 22:53:10 ----D---- C:\WINDOWS.0\system32\DirectX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 irda;Protocole IrDA; C:\WINDOWS.0\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 tmcomm;tmcomm; \??\C:\WINDOWS.0\system32\drivers\tmcomm.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS.0\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840] R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS.0\system32\DRIVERS\atinavt2.sys [2008-05-15 171520] R3 avgntflt;avgntflt; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS.0\system32\drivers\ctac32k.sys [2006-08-17 502272] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS.0\system32\drivers\ctaud2k.sys [2006-08-17 500480] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS.0\system32\drivers\ctprxy2k.sys [2006-08-17 7168] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\drivers\ctsfm2k.sys [2006-08-17 143872] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS.0\system32\drivers\emupia2k.sys [2006-08-17 78336] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS.0\system32\drivers\ha20x2k.sys [2006-08-17 1110528] R3 hamachi;Hamachi Network Interface; C:\WINDOWS.0\system32\DRIVERS\hamachi.sys [2008-11-20 25544] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS.0\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS.0\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944] R3 mouhid;Pilote HID de souris; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS.0\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\drivers\ctoss2k.sys [2006-08-17 116224] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS.0\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS.0\system32\drivers\WmBEnum.sys [2008-01-24 19336] R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS.0\system32\drivers\WmXlCore.sys [2008-01-24 48904] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 amxebysb;amxebysb; C:\WINDOWS.0\system32\drivers\amxebysb.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS.0\system32\CT20XUT.DLL [2006-08-17 158720] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS.0\system32\drivers\ctdvda2k.sys [2006-08-17 340176] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496] S3 gmer;gmer; C:\WINDOWS.0\System32\DRIVERS\gmer.sys [2008-12-03 85969] S3 MPE;Filtre BDA MPE; C:\WINDOWS.0\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS.0\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS.0\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS.0\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS.0\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS.0\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS.0\system32\drivers\WmFilter.sys [2008-01-24 28168] S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS.0\system32\drivers\WmHidLo.sys [2008-01-24 29192] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS.0\system32\drivers\WmVirHid.sys [2008-01-24 14728] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\system32\Ati2evxx.exe [2008-08-21 573440] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS.0\system32\CTsvcCDA.exe [1999-12-13 44032] R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS.0\system32\ati2sgag.exe [2008-08-20 593920] S2 Irmon;Moniteur infrarouge; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2008-11-19 79360] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS.0\System32\TuneUpDefragService.exe [2008-10-06 307968] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- C'est surtout a vous que je dois dire merci. Par contre j'ai du reinstaller le son. Sinon j'ai un bug tres chiant, je perds le son (sauf les sons windows ou msn) au bout de 5mns je suis oblige de reactiver ca via les services (Pilote DirectSound incorrect, erreur 88780078). Je poste ca ou sur le forum ? Je fais mon scan kapersky.

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "mscicosd" disabled successfully. Driver "mbr" disabled successfully. Error: could not open driver "mchInjDrv" Disablement of driver "mchInjDrv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "CTEXFIFX.DLL" disabled successfully. Driver "CTHWIUT.DLL" disabled successfully. Error: could not open driver "akwhoahx" Disablement of driver "akwhoahx" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "soxpeca" Disablement of driver "soxpeca" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "mabidwe" Disablement of driver "mabidwe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "noytcyr" Disablement of driver "noytcyr" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "tdydowkc" Disablement of driver "tdydowkc" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "roytctm" Disablement of driver "roytctm" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "wsldoekd" Disablement of driver "wsldoekd" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "afisicx" Disablement of driver "afisicx" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "mscicosd" deleted successfully. Driver "mbr" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mchInjDrv" not found! Deletion of driver "mchInjDrv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "CTEXFIFX.DLL" deleted successfully. Driver "CTHWIUT.DLL" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\akwhoahx" not found! Deletion of driver "akwhoahx" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\soxpeca" not found! Deletion of driver "soxpeca" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mabidwe" not found! Deletion of driver "mabidwe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\noytcyr" not found! Deletion of driver "noytcyr" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdydowkc" not found! Deletion of driver "tdydowkc" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\roytctm" not found! Deletion of driver "roytctm" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\wsldoekd" not found! Deletion of driver "wsldoekd" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\afisicx" not found! Deletion of driver "afisicx" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS.0\system32\mscico.exe" deleted successfully. Error: file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys" not found! Deletion of file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp" not found! Deletion of file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml32.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml31.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml30.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2F.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2E.tmp" deleted successfully. File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2D.tmp" deleted successfully. File "C:\WINDOWS.0\system32\CT20XUT.DLL" deleted successfully. File "C:\WINDOWS.0\system32\CTHWIUT.DLL" deleted successfully. Error: file "C:\WINDOWS.0\system32\drivers\akwhoahx.sys" not found! Deletion of file "C:\WINDOWS.0\system32\drivers\akwhoahx.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\tdydowkc.exe" not found! Deletion of file "C:\WINDOWS.0\system32\tdydowkc.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\noytcyr.exe" not found! Deletion of file "C:\WINDOWS.0\system32\noytcyr.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\wsldoekd.exe" not found! Deletion of file "C:\WINDOWS.0\system32\wsldoekd.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\roytctm.exe" not found! Deletion of file "C:\WINDOWS.0\system32\roytctm.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\afisicx.exe" not found! Deletion of file "C:\WINDOWS.0\system32\afisicx.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\soxpeca.exe" not found! Deletion of file "C:\WINDOWS.0\system32\soxpeca.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS.0\system32\mabidwe.exe" not found! Deletion of file "C:\WINDOWS.0\system32\mabidwe.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS.0\UpdReg.EXE" deleted successfully. Completed script processing. ******************* Finished! Terminate.

SDFix: Version 1.240 Run by BaPoR on 03/12/2008 at 22:12 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS.EXE - Deleted C:\WINDOWS.EXE - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 22:15:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:19a70fe2 "s2"=dword:e9361f09 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="g:\logiciel\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:66,7b,fb,88,89,26,46,ed,09,9b,01,17,b4,1c,d9,4d,c9,95,23,29,9c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,7d,db,b3,75,9a,0c,bf,df,45,cb,0c,b5,2b,ef,ca,77,83,.. "khjeh"=hex:3b,c1,69,ac,ab,b8,99,02,a4,fc,4a,3f,43,94,eb,9c,2c,39,36,a1,a4,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:9f,dd,7a,e1,59,a3,59,bb,dd,0c,19,59,af,fd,63,dd,4c,f8,e6,89,88,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="g:\logiciel\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:66,7b,fb,88,89,26,46,ed,09,9b,01,17,b4,1c,d9,4d,c9,95,23,29,9c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,7d,db,b3,75,9a,0c,bf,df,45,cb,0c,b5,2b,ef,ca,77,83,.. "khjeh"=hex:3b,c1,69,ac,ab,b8,99,02,a4,fc,4a,3f,43,94,eb,9c,2c,39,36,a1,a4,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:9f,dd,7a,e1,59,a3,59,bb,dd,0c,19,59,af,fd,63,dd,4c,f8,e6,89,88,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "G:\\Logiciel\\Azureus\\Azureus.exe"="G:\\Logiciel\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "G:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe" Wed 3 Dec 2008 2,834 ...HR --- "C:\Documents and Settings\BaPoR\Application Data\SecuROM\UserData\securom_v7_01.bak" Finished!

Et gmer GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-03 20:00:05 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF75000B0] SSDT A908F084 ZwCreateThread SSDT sptd.sys ZwEnumerateKey [0xF750584E] SSDT sptd.sys ZwEnumerateValueKey [0xF7505BEE] SSDT sptd.sys ZwOpenKey [0xF7500090] SSDT A908F070 ZwOpenProcess SSDT A908F075 ZwOpenThread SSDT sptd.sys ZwQueryKey [0xF7505CC6] SSDT sptd.sys ZwQueryValueKey [0xF7505B46] SSDT sptd.sys ZwSetValueKey [0xF7505D58] SSDT A908F07F ZwTerminateProcess SSDT A908F07A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS.0\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. .text USBPORT.SYS!DllUnload B977C8AC 5 Bytes JMP 8991E1B8 ? System32\Drivers\akwhoahx.SYS Le chemin d'accès spécifié est introuvable. ! ? C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. ! ? C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.14 ---- .text G:\Logiciel\Mozilla Firefox\firefox.exe[280] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Logiciel\Mozilla Firefox\firefox.exe[280] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Logiciel\Mozilla Firefox\firefox.exe[280] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\Mozilla Firefox\firefox.exe[280] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\Explorer.EXE[332] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\Explorer.EXE[332] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\Explorer.EXE[332] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[576] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[576] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01BA4408 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou) .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!send 719F4C27 5 Bytes JMP 01BA48E8 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou) .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!recv 719F676F 5 Bytes JMP 01BA48A6 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou) .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!Shell_NotifyIcon 7CA321D6 5 Bytes JMP 01BA1163 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou) .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\system32\ctfmon.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\system32\ctfmon.exe[1240] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\system32\ctfmon.exe[1240] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Messenger\msmsgs.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Messenger\msmsgs.exe[1292] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Messenger\msmsgs.exe[1292] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\logiciel\Free Download Manager\fdm.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\logiciel\Free Download Manager\fdm.exe[1360] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\logiciel\Free Download Manager\fdm.exe[1360] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Logiciel\WinBar\WinBar.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A .text G:\Logiciel\WinBar\WinBar.exe[1588] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\WinBar\WinBar.exe[1588] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\BaPoR\Bureau\Bapor.exe[2088] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\BaPoR\Bureau\Bapor.exe[2088] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text G:\Logiciel\mIRC\mirc.exe[2184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text G:\Logiciel\mIRC\mirc.exe[2184] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text G:\Logiciel\mIRC\mirc.exe[2184] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text G:\Logiciel\mIRC\mirc.exe[2184] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\System32\alg.exe[2232] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A .text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A .text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe[2916] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\WINDOWS.0\system32\CTsvcCDA.exe[2940] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\Program Files\Java\jre6\bin\jqs.exe[3056] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\WINDOWS.0\system32\svchost.exe[3448] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\WINDOWS.0\system32\wscntfy.exe[3652] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS.0\system32\wscntfy.exe[3652] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] .text C:\WINDOWS.0\system32\wscntfy.exe[3652] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS.0\system32\wscntfy.exe[3652] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A .text C:\WINDOWS.0\System32\svchost.exe[3836] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ] ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS.0\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7513A9A] sptd.sys ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] [00E7D50D] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SAMLIB.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer™ Red Alert™ 3/Electronic Arts Inc.) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 89B961D8 Device \FileSystem\Fastfat \FatCdrom 88519980 Device \Driver\USBSTOR \Device\0000008e 88566980 Device \Driver\usbuhci \Device\USBPDO-0 8991D1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C0B1D8 Device \Driver\dmio \Device\DmControl\DmConfig 89C0B1D8 Device \Driver\dmio \Device\DmControl\DmPnP 89C0B1D8 Device \Driver\dmio \Device\DmControl\DmInfo 89C0B1D8 Device \Driver\usbuhci \Device\USBPDO-1 8991D1D8 Device \Driver\usbuhci \Device\USBPDO-2 8991D1D8 Device \Driver\00000049 \Device\00000053 sptd.sys Device \Driver\usbuhci \Device\USBPDO-3 8991D1D8 Device \Driver\usbehci \Device\USBPDO-4 898EE3D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 89B981D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89B981D8 Device \Driver\Cdrom \Device\CdRom0 899341D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89B981D8 Device \Driver\Cdrom \Device\CdRom1 899341D8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89B981D8 Device \Driver\Cdrom \Device\CdRom2 899341D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7F70818D-6FD2-447D-9091-77825C7C4FFD} 885891D8 Device \Driver\NetBT \Device\NetBt_Wins_Export 885891D8 Device \Driver\USBSTOR \Device\00000091 88566980 Device \Driver\NetBT \Device\NetbiosSmb 885891D8 Device \Driver\usbuhci \Device\USBFDO-0 8991D1D8 Device \Driver\usbuhci \Device\USBFDO-1 8991D1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88572980 Device \Driver\usbuhci \Device\USBFDO-2 8991D1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88572980 Device \Driver\usbuhci \Device\USBFDO-3 8991D1D8 Device \Driver\usbehci \Device\USBFDO-4 898EE3D0 Device \Driver\Ftdisk \Device\FtControl 89B981D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0B84BA82-B0C7-45B6-8D39-3F3522CA1C76} 885891D8 Device \Driver\akwhoahx \Device\Scsi\akwhoahx1 8977D560 Device \Driver\akwhoahx \Device\Scsi\akwhoahx1Port4Path0Target0Lun0 8977D560 Device \FileSystem\Fastfat \Fat 88519980 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 884F71D8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 430378978 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -382329079 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 g:\logiciel\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x7B 0xFB 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0xC1 0x69 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x45 0xAC 0x22 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 g:\logiciel\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x7B 0xFB 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0xC1 0x69 0xAC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x45 0xAC 0x22 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Core\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Meta\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Movies\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\EnglishAudio\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Lang-french\1.0\config.txt 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\CNC3EP1_french_1.0.SkuDef 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\RetailExe\1.0\Data\Cursors\SCCTelestrator.ani 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\RetailExe\1.0\config.txt 2 ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x8a781ce size 0x1ac ---- EOF - GMER 1.0.14 ----