Ewee

Ok, je lance Antivir pendant de ce temps Je poste le rapport d'ici peu.

Alors voilà le rapport de remplacement: WinFileReplace - ver : 1.1.0 - by Loup blanc --------------------------- Microsoft Windows XP Service Pack 3 Fran‡ais --------------------------- Contrôle du fichier téléchargé : MD5 recherchée : a9a9a86e7330bffaf64ae2acfb73d959 sp3.000 MD5 : a9a9a86e7330bffaf64ae2acfb73d959 --------------------------- ============ Comparaison des fichiers avant remplacement ============ --------- Les fichiers "C:\WINDOWS\system32\svchost.exe" MD5 : e4bdf223cd75478bf44567b4d5c2634d et "C:\FR-files\svchost.exe" MD5 : e4bdf223cd75478bf44567b4d5c2634d sont identiques... ----------- Les fichiers "C:\WINDOWS\system32\services.exe" MD5 : 54cb50058851d95e56ec70d09f70857f et "C:\FR-files\services.exe" MD5 : 54cb50058851d95e56ec70d09f70857f sont identiques... ----------- Les fichiers "C:\WINDOWS\system32\lsass.exe" MD5 : 91e6024d6d4dcdecdb36c43ecf9bbecb et "C:\FR-files\lsass.exe" MD5 : 91e6024d6d4dcdecdb36c43ecf9bbecb sont identiques... ----------- Les fichiers "C:\WINDOWS\system32\winlogon.exe" MD5 : dd73d6b9f6b4cb630cf35b438b540174 et "C:\FR-files\winlogon.exe" MD5 : dd73d6b9f6b4cb630cf35b438b540174 sont identiques... ----------- ============ Comparaison des fichiers après remplacement ============ ----------- Les fichiers "C:\WINDOWS\system32\svchost.exe" MD5 : e4bdf223cd75478bf44567b4d5c2634d et "C:\FR-files\svchost.exe" MD5 : e4bdf223cd75478bf44567b4d5c2634d sont identiques... "C:\WINDOWS\system32\svchost.backup" présent... Remplacement réussi ----------- Les fichiers "C:\WINDOWS\system32\services.exe" MD5 : 54cb50058851d95e56ec70d09f70857f et "C:\FR-files\services.exe" MD5 : 54cb50058851d95e56ec70d09f70857f sont identiques... "C:\WINDOWS\system32\services.backup" présent... Remplacement réussi ----------- Les fichiers "C:\WINDOWS\system32\lsass.exe" MD5 : 91e6024d6d4dcdecdb36c43ecf9bbecb et "C:\FR-files\lsass.exe" MD5 : 91e6024d6d4dcdecdb36c43ecf9bbecb sont identiques... "C:\WINDOWS\system32\lsass.backup" présent... Remplacement réussi ----------- Les fichiers "C:\WINDOWS\system32\winlogon.exe" MD5 : dd73d6b9f6b4cb630cf35b438b540174 et "C:\FR-files\winlogon.exe" MD5 : dd73d6b9f6b4cb630cf35b438b540174 sont identiques... "C:\WINDOWS\system32\winlogon.backup" présent... Remplacement réussi ----------- ======= Fin du rapport ======= Par contre j'ai toujours la fenêtre vsmon.exe ordinal introuvable qui s'ouvre, et quand je fais ok elle se relance toujours... De quoi cela vient-il?

Alors le rapport: Avira AntiVir Personal Date de création du fichier de rapport : mardi 10 novembre 2009 22:36 La recherche porte sur 1879367 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : R2D2 Informations de version : BUILD.DAT : 9.0.0.70 18071 Bytes 25/09/2009 12:03:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 10/11/2009 12:20:58 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 10:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 10:21:31 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 12:20:58 ANTIVIR2.VDF : 7.1.6.160 5413376 Bytes 28/10/2009 12:20:58 ANTIVIR3.VDF : 7.1.6.212 440320 Bytes 10/11/2009 12:20:58 Version du moteur : 8.2.1.61 AEVDF.DLL : 8.1.1.2 106867 Bytes 10/11/2009 12:20:58 AESCRIPT.DLL : 8.1.2.44 586107 Bytes 10/11/2009 12:20:58 AESCN.DLL : 8.1.2.5 127346 Bytes 10/11/2009 12:20:58 AERDL.DLL : 8.1.3.2 479604 Bytes 10/11/2009 12:20:58 AEPACK.DLL : 8.2.0.3 422261 Bytes 10/11/2009 12:20:58 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 10/11/2009 12:20:58 AEHEUR.DLL : 8.1.0.180 2093432 Bytes 10/11/2009 12:20:58 AEHELP.DLL : 8.1.7.0 237940 Bytes 10/11/2009 12:20:58 AEGEN.DLL : 8.1.1.71 364916 Bytes 10/11/2009 12:20:58 AEEMU.DLL : 8.1.1.0 393587 Bytes 10/11/2009 12:20:58 AECORE.DLL : 8.1.8.2 184694 Bytes 10/11/2009 12:20:58 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 10/11/2009 12:20:58 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 15:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 15:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 10/11/2009 12:20:57 RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 10:07:05 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Q:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Recherche optimisée...........................: marche Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Début de la recherche : mardi 10 novembre 2009 22:36 La recherche d'objets cachés commence. '40430' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'AAWTray.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'steelvinemanager .exe' - '1' module(s) sont contrôlés Processus de recherche 'steelvinemanager.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'GSvr.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'SteelVine.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'issch.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'steelvinemanager.exe' - '1' module(s) sont contrôlés Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'AAWService.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\System32\svchost.exe' Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\lsass.exe' Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\services.exe' Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\winlogon.exe' Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '42' processus ont été contrôlés avec '42' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'Q:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '50' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\Documents and Settings\Administrateur\rthdcpl .exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b61dd7e.qua' ! C:\Documents and Settings\Administrateur\rundll32.exe bthprops .exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b67dd7f.qua' ! C:\Documents and Settings\Administrateur\Bureau\rthdcpl.exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b61dd98.qua' ! C:\Documents and Settings\Administrateur\Bureau\rundll32.exe bthprops.cpl,,bluetoothauthenticationagent [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b67dd9a.qua' ! C:\Documents and Settings\Administrateur\Bureau\_OTM.rar [0] Type d'archive: RAR [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b4ddd75.qua' ! --> _OTM\MovedFiles\11102009_172802\C_WINDOWS\system32\mcen.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm C:\Documents and Settings\Administrateur\Bureau\_OTM.zip [0] Type d'archive: 7-Zip [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b4ddd76.qua' ! --> _OTM/MovedFiles/11102009_172802/C_WINDOWS/system32/mcen.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm C:\Program Files\Adobe\acrotray .exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.6 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b6bdea6.qua' ! C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager.exe122 [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b5ee0c0.qua' ! C:\RECYCLER\S-1-5-21-1292428093-1677128483-682003330-500\Dc1\_OTM\MovedFiles\11102009_172802\C_WINDOWS\system32\mcen.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b5ee114.qua' ! C:\RECYCLER\S-1-5-21-1292428093-1677128483-682003330-500\Dc2\_OTM\MovedFiles\11102009_172802\C_WINDOWS\system32\mcen.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b5ee116.qua' ! C:\RECYCLER\S-1-5-21-1292428093-1677128483-682003330-500\Dc3\MovedFiles\11102009_172802\C_WINDOWS\system32\mcen.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b5ee118.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP367\A0021429.exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b29e134.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP368\A0021970.exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b29e14b.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP368\A0046352.EXE [0] Type d'archive: RAR SFX (self extracting) [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b29e163.qua' ! --> nircmd.exe [RESULTAT] Contient le modèle de détection de l'application APPL/NirCmd.2 C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP369\A0047729.exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b29e16e.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP369\A0047730.sys [RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4f818d7f.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP369\A0047731.exe [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4f54673f.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP369\A0047732.sys [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4e69956f.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP369\A0047737.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4f60bf57.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP370\A0048791.exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b29e16f.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP370\A0048792.exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4f628cb8.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP370\A0048793.exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.20 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4f818d60.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP370\A0048794.exe [RESULTAT] Contient le cheval de Troie TR/Agent.ANVH.6 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b29e171.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP370\A0048795.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4f818d62.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP370\A0048796.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4fa7e3a0.qua' ! C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP370\A0048797.exe [RESULTAT] Contient le cheval de Troie TR/Scar.aljm [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '48fef098.qua' ! C:\WINDOWS\system32\lsass.exe [RESULTAT] Contient le cheval de Troie TR/Patched.Gen [AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26003 [AVERTISSEMENT] Impossible de supprimer le fichier ! [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '48b885f6.qua' ! C:\WINDOWS\system32\services.exe [RESULTAT] Contient le cheval de Troie TR/Patched.Gen [AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26003 [AVERTISSEMENT] Impossible de supprimer le fichier ! [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4fe4e8ee.qua' ! C:\WINDOWS\system32\svchost.exe [RESULTAT] Contient le cheval de Troie TR/Patched.Gen [AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26003 [AVERTISSEMENT] Impossible de supprimer le fichier ! [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4fd3e814.qua' ! C:\WINDOWS\system32\winlogon.exe [RESULTAT] Contient le cheval de Troie TR/Patched.Gen [AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26003 [AVERTISSEMENT] Impossible de supprimer le fichier ! [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4f07e1d4.qua' ! C:\WINDOWS\system32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'Q:\' Q:\Jeux\Le Seigneur des Anneaux\la bataille pour la terre du milieu 2 crack no cd up by stevenshacker(2).rar [0] Type d'archive: RAR [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b19e2da.qua' ! --> la bataille pour la terre du milieu 2 crack no cd up by stevenshacker\crack 1.1.rar [1] Type d'archive: RAR --> game.dat [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen --> la bataille pour la terre du milieu 2 crack no cd up by stevenshacker\crack 1.6.rar [1] Type d'archive: RAR --> DEViANCE\game.dat [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen Q:\Jeux\Le Seigneur des Anneaux\la bataille pour la terre du milieu 2 crack no cd up by stevenshacker\crack 1.1.rar [0] Type d'archive: RAR [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b5ae2f4.qua' ! --> game.dat [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen Q:\Jeux\Le Seigneur des Anneaux\la bataille pour la terre du milieu 2 crack no cd up by stevenshacker\crack 1.6.rar [0] Type d'archive: RAR [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b5ae2fa.qua' ! --> DEViANCE\game.dat [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen Fin de la recherche : mardi 10 novembre 2009 23:00 Temps nécessaire: 24:30 Minute(s) La recherche a été effectuée intégralement 10715 Les répertoires ont été contrôlés 316319 Des fichiers ont été contrôlés 43 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 33 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 316274 Fichiers non infectés 6635 Les archives ont été contrôlées 6 Avertissements 34 Consignes 40430 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés Mais Dans Zonelabs il n'y avait pas cette application, j'ai donc supprimé totalement le dossier, mais en voulant réinstaller le pare-feu j'ai ce message récurrent: "L'ordinal 703 est introuvable dans la bibliothèque de liaisons dynamique ssleay31.dll" Puis il m'a mis impossible de se connecter pour configurer, puis il n'a pas pu finir. Voilà.

Ca marche, je poste tout ça pour demain, une fois le tout terminé alors Bonne soirée. Merci.

Ok merci, je fais ça alors, je poste le rapport d'Antivir ou c'est inutile? Et les fichiers mis en quarantaine, je les supprime par la suite, ou bien j'attends de voir desquels il s'agit, ou encore je les laisse en quarantaine? En tout cas merci =D

Voilà les log: -OTM: All processes killed Error: Unable to interpret <:first> in the current context! ========== PROCESSES ========== Process explorer.exe killed successfully! ========== SERVICES/DRIVERS ========== Service tdidis32.sys stopped successfully! Service tdidis32.sys deleted successfully! No service named appxyw5l was found to stop! Unable to stop service appxyw5l! ========== FILES ========== File/Folder C:\WINDOWS\system32\mcen.exe not found. File/Folder C:\WINDOWS\system32\tdidis32.sys not found. File/Folder C:\WINDOWS\system32\drivers\appxyw5l.sys not found. C:\WINDOWS\system32\xraidsetup.exe boot moved successfully. C:\WINDOWS\system32\xraidsetup .exe moved successfully. File/Folder C:\imt8.cmd not found. File/Folder C:\autorun.inf not found. C:\WINDOWS\tasks\At1.job moved successfully. C:\WINDOWS\tasks\At10.job moved successfully. C:\WINDOWS\tasks\At11.job moved successfully. C:\WINDOWS\tasks\At12.job moved successfully. C:\WINDOWS\tasks\At13.job moved successfully. C:\WINDOWS\tasks\At14.job moved successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At16.job moved successfully. C:\WINDOWS\tasks\At17.job moved successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At19.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\tasks\At21.job moved successfully. C:\WINDOWS\tasks\At22.job moved successfully. C:\WINDOWS\tasks\At23.job moved successfully. C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At5.job moved successfully. C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\tasks\At7.job moved successfully. C:\WINDOWS\tasks\At8.job moved successfully. C:\WINDOWS\tasks\At9.job moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf1368ba-a43b-11de-ab58-001fd02192d2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf1368ba-a43b-11de-ab58-001fd02192d2}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur C:\Documents and Settings\Administrateur\Local Settings\Temp\Arabic.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Czech.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Danish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Dutch.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\English.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Finnish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\French.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\German.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Greek.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Hebrew.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Hungarian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Italian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Japanese.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\jusched.log deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Korean.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Norwegian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Polish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Portuguese(Brazil).bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Portuguese.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Russian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\SimChin.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Spanish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\SWEDISH.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Thai.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\TradChin.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Turkish.bin deleted successfully. ->Temp folder emptied: 587929 bytes C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\WF96QND0\desktop.ini deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TXIZT4FE\desktop.ini deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RIDNE9R9\CA66VNMU.HTM deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\RIDNE9R9\desktop.ini deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8M8DMAS5\CARUJZUB.HTM deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\8M8DMAS5\desktop.ini deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\desktop.ini deleted successfully. ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\_CACHE_001_ deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\_CACHE_002_ deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\_CACHE_003_ deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\_CACHE_MAP_ deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\urlclassifier3.sqlite deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\XPC.mfl deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\XUL.mfl deleted successfully. ->FireFox cache emptied: 2425895 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1f4.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_228.dat scheduled to be deleted on reboot. C:\WINDOWS\temp\WGAErrLog.txt deleted successfully. Windows Temp folder emptied: 33023 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2,94 mb OTM by OldTimer - Version 3.1.0.1 log created on 11102009_185856 Files moved on Reboot... File C:\WINDOWS\temp\Perflib_Perfdata_1f4.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_228.dat not found! Registry entries deleted on Reboot... -RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrateur at 2009-11-10 19:01:08 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 100 GB (56%) free of 180 GB Total RAM: 3326 MB (83% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:01:56, on 10/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager.exe C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager .exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Drangon Speaking\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Service Google Update (gupdate1ca407a69b35f52) (gupdate1ca407a69b35f52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8680 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208] "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [] "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080] "57xxSteelVine"=C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe [2009-11-10 37390] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "DNS7reminder"=C:\Program Files\Drangon Speaking\Ereg\Ereg.exe [2007-03-19 259624] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LMDVox"=C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe [2007-12-18 456704] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II" "C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Ave`nement du Roi-sorcier™" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .scr - open - C:\WINDOWS\system32\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-10 19:00:41 ----A---- C:\WINDOWS\system32\xraidsetup.exe boot 2009-11-10 17:28:02 ----D---- C:\_OTM 2009-11-10 15:55:32 ----D---- C:\Program Files\VirusTotalUploader 2009-11-10 13:50:55 ----D---- C:\Program Files\trend micro 2009-11-10 13:50:40 ----D---- C:\rsit 2009-11-10 12:34:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-11-10 12:32:38 ----D---- C:\Program Files\Avira 2009-11-10 12:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-10 12:32:15 ----SHD---- C:\Config.Msi 2009-11-10 01:27:30 ----D---- C:\Program Files\HijackThis 2009-11-09 23:56:34 ----A---- C:\WINDOWS\ntbtlog.txt 2009-11-09 22:54:06 ----A---- C:\WINDOWS\is-RQG47.exe 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs\PC Tools 2009-11-09 22:46:44 ----D---- C:\Program Files\Spyware Doctor 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\PC Tools 2009-11-09 22:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 22:07:07 ----A---- C:\WINDOWS\system32\vswmi.dll 2009-11-09 22:07:06 ----A---- C:\WINDOWS\system32\zpeng25.dll 2009-11-09 22:06:56 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2009-11-09 22:05:00 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-11-09 22:05:00 ----D---- C:\Program Files\Zone Labs 2009-11-09 22:05:00 ----A---- C:\WINDOWS\system32\vsxml.dll 2009-11-09 22:05:00 ----A---- C:\WINDOWS\system32\vspubapi.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsutil.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsinit.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsdata.dll 2009-11-09 22:03:28 ----D---- C:\WINDOWS\Internet Logs 2009-11-09 21:56:39 ----A---- C:\rapport.txt 2009-11-09 21:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-09 20:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-11-09 20:46:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-09 18:55:02 ----D---- C:\Program Files\Alwil Software 2009-11-09 18:39:11 ----A---- C:\ComboFix.txt 2009-11-09 17:58:53 ----D---- C:\Program Files\Enigma Software Group 2009-11-08 23:27:06 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-11-08 23:27:02 ----AH---- C:\aaw7boot.cmd 2009-11-08 22:02:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Lavasoft 2009-11-08 21:57:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-08 21:57:36 ----D---- C:\Program Files\Lavasoft 2009-11-08 21:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-11-08 21:45:07 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-11-08 21:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\xircom 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\oobe 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\npp 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\msagent 2009-11-08 21:41:04 ----D---- C:\Program Files\xerox 2009-11-08 21:41:04 ----D---- C:\Program Files\windows nt 2009-11-08 21:41:04 ----D---- C:\Program Files\netmeeting 2009-11-08 21:41:04 ----D---- C:\Program Files\msn gaming zone 2009-11-08 21:41:04 ----D---- C:\Program Files\movie maker 2009-11-08 21:41:04 ----D---- C:\Program Files\microsoft frontpage 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\speechengines 2009-11-08 21:32:10 ----A---- C:\Boot.bak 2009-11-08 21:32:03 ----RASHD---- C:\cmdcons 2009-11-08 21:31:18 ----D---- C:\WINDOWS\ERDNT 2009-11-08 20:53:49 ----D---- C:\WINDOWS\system32\LogFiles 2009-11-08 20:53:34 ----D---- C:\Program Files\Adobe 2009-11-08 20:40:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 20:16:45 ----D---- C:\Program Files\Total Video Converter 2009-11-08 20:05:25 ----A---- C:\WINDOWS\#1 Video Converter.INI 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\java.exe 2009-10-30 12:50:04 ----D---- C:\Program Files\iPod 2009-10-30 12:50:02 ----D---- C:\Program Files\iTunes 2009-10-29 23:18:40 ----D---- C:\Program Files\GPLGS 2009-10-29 23:18:07 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-10-29 23:18:01 ----D---- C:\Program Files\Acro Software 2009-10-27 21:44:52 ----D---- C:\Documents and Settings\All Users\Application Data\TmForever 2009-10-27 21:42:47 ----D---- C:\Program Files\TmNationsForever 2009-10-23 21:27:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Talkback 2009-10-23 21:27:17 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-10-18 18:26:35 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-10-18 18:26:34 ----D---- C:\Program Files\AVS4YOU 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\GdiPlus.dll 2009-10-18 18:18:12 ----D---- C:\Documents and Settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 11:47:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\GetRight 2009-10-16 16:33:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-16 16:27:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\La Bataille pour la Terre du Milieu ™ II 2009-10-15 16:38:19 ----A---- C:\WINDOWS\system32\unrar.dll 2009-10-15 16:38:19 ----A---- C:\WINDOWS\avisplitter.ini 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-10-15 16:38:15 ----D---- C:\Program Files\K-Lite Codec Pack 2009-10-15 16:29:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc 2009-10-15 16:28:47 ----D---- C:\Program Files\VideoLAN 2009-10-15 15:52:43 ----D---- C:\Program Files\Guitar Pro 5 2009-10-13 18:32:06 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mes fichiers de LSDA, L'Avènement du Roi-sorcier™ 2009-10-13 18:23:07 ----D---- C:\WINDOWS\RegisteredPackages 2009-10-13 18:22:49 ----A---- C:\WINDOWS\system32\dxdllreg.exe 2009-10-13 18:18:30 ----D---- C:\Program Files\Electronic Arts 2009-10-11 22:29:49 ----D---- C:\Program Files\APCS4F ======List of files/folders modified in the last 1 months====== 2009-11-10 19:00:59 ----SD---- C:\WINDOWS\Tasks 2009-11-10 19:00:57 ----D---- C:\WINDOWS\Temp 2009-11-10 19:00:41 ----D---- C:\WINDOWS\system32 2009-11-10 19:00:32 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-10 17:53:15 ----D---- C:\Program Files\Mozilla Firefox 2009-11-10 17:38:31 ----D---- C:\WINDOWS\RaidTool 2009-11-10 17:28:06 ----D---- C:\WINDOWS 2009-11-10 15:55:32 ----D---- C:\Program Files 2009-11-10 13:46:06 ----D---- C:\WINDOWS\system32\drivers 2009-11-10 13:23:03 ----D---- C:\Program Files\TaskSwitchXP 2009-11-10 12:32:48 ----D---- C:\WINDOWS\inf 2009-11-10 12:32:20 ----SHD---- C:\WINDOWS\Installer 2009-11-10 12:32:18 ----D---- C:\WINDOWS\WinSxS 2009-11-09 23:01:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs 2009-11-09 21:48:22 ----D---- C:\WINDOWS\Debug 2009-11-09 19:12:44 ----D---- C:\WINDOWS\system32\config 2009-11-09 18:37:04 ----A---- C:\WINDOWS\system.ini 2009-11-09 18:33:20 ----D---- C:\WINDOWS\AppPatch 2009-11-08 22:02:49 ----D---- C:\Program Files\Ad-Aware 2009-11-08 21:58:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\wbem 2009-11-08 21:41:04 ----D---- C:\WINDOWS\pchealth 2009-11-08 21:41:04 ----D---- C:\WINDOWS\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\Help 2009-11-08 21:41:04 ----D---- C:\Program Files\Internet Explorer 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-11-08 21:32:10 ----RASH---- C:\boot.ini 2009-11-08 20:53:15 ----D---- C:\WINDOWS\system32\dllcache 2009-11-08 20:16:47 ----RSD---- C:\WINDOWS\Fonts 2009-11-08 19:56:23 ----D---- C:\Program Files\Free Video Converter 2009-11-08 19:56:22 ----A---- C:\WINDOWS\win.ini 2009-11-08 17:11:21 ----D---- C:\Program Files\Messenger Plus! Live 2009-11-07 14:42:29 ----D---- C:\Program Files\BitComet 2009-11-07 14:42:23 ----D---- C:\Downloads 2009-11-06 17:58:45 ----D---- C:\Program Files\Java 2009-11-06 17:39:32 ----D---- C:\Program Files\Steam 2009-11-06 16:13:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-11-01 17:19:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\Bioshock 2009-10-30 12:49:59 ----D---- C:\Program Files\Fichiers communs\Apple 2009-10-29 16:14:59 ----D---- C:\Program Files\Warcraft III 2009-10-27 21:44:21 ----RSD---- C:\WINDOWS\assembly 2009-10-27 21:44:02 ----D---- C:\WINDOWS\system32\DirectX 2009-10-25 13:27:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-23 22:32:28 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-10-23 21:27:28 ----D---- C:\Program Files\Mozilla Thunderbird 2009-10-23 21:27:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-10-18 11:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-10-17 15:41:53 ----D---- C:\Program Files\abgx360 2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-10 28520] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-05-02 12032] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-10 55656] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-07-01 72704] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800] R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-18 47360] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 at6pdfeo;at6pdfeo; C:\WINDOWS\system32\drivers\at6pdfeo.sys [] S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-05-02 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2008-07-01 16384] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 57xx SteelVine Manager;57xx SteelVine; C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe [2007-08-20 1282048] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-10 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-05-02 17408] R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-08 1179232] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-23 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 17408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- et l'analyse par VirusTotal négative apparemment: Fichier is-RQG47.exe reçu le 2009.11.10 18:06:13 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.41 2009.11.10 - AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2907 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - F-Secure 9.0.15370.0 2009.11.09 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 - Ikarus T3.1.1.74.0 2009.11.10 - Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.893 2009.11.10 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 - McAfee-GW-Edition 6.8.5 2009.11.10 - Microsoft 1.5202 2009.11.10 - NOD32 4593 2009.11.10 - Norman 6.03.02 2009.11.10 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.10 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.10 - Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.10 - Information additionnelle File size: 691712 bytes MD5...: 4c34b56d848009434bfe07fda5b583a5 SHA1..: 94b850432a1821fc914f802a9f6b24653aff7b5c SHA256: 270cbb0846152bdf134da52dfb4cb371b5041ba204be52175ac6e24ece015e69 ssdeep: 12288:yNuz2eB7rPw7373zHEA6Tcg1Qz4OXm9NrevRWNjwnsJx6il:Auz2eVrPw7<br>373zHEA6hQz4OWDjhSsJxl<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x8fb00<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x8ed30 0x8ee00 6.59 65057a4ee67c422926d7ddc20ed1763e<br>DATA 0x90000 0xf6c 0x1000 4.30 d21fe5132dea99525a6cf1585a804736<br>BSS 0x91000 0x139c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x93000 0x2580 0x2600 4.93 e5e6e5ba169e985617b6ee51af033aa1<br>.tls 0x96000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x97000 0x18 0x200 0.20 aa788c79120afbe36e18b7b180139dd9<br>.reloc 0x98000 0x8250 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0xa1000 0x16330 0x16400 5.07 df9b3f1a7af9739f16d15df5bee45ebe<br><br>( 17 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle<br>> user32.dll: MessageBoxA<br>> oleaut32.dll: SafeArrayPutElement, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen<br>> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid<br>> kernel32.dll: lstrcmpA, WriteProfileStringA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, TransactNamedPipe, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExA, LoadLibraryA, IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetComputerNameA, GetCommandLineA, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DeviceIoControl, DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime, CloseHandle<br>> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum<br>> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<br>> gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits, ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceA<br>> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx<br>> comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls<br>> ole32.dll: CoTaskMemFree, CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID<br>> oleaut32.dll: GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString<br>> shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA<br>> shell32.dll: SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc<br>> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA<br>> ole32.dll: CoDisconnectObject<br>> advapi32.dll: AdjustTokenPrivileges<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Windows OCX File (86.8%)<br>Win32 Executable Delphi generic (10.3%)<br>Generic Win/DOS Executable (1.4%)<br>DOS Executable Generic (1.4%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<br>publisher....: PC Tools<br>copyright....: <br>product......: <br>description..: Setup/Uninstall<br>original name: <br>internal name: <br>file version.: 51.49.0.0<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.41 2009.11.10 - AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2907 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - F-Secure 9.0.15370.0 2009.11.09 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 - Ikarus T3.1.1.74.0 2009.11.10 - Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.893 2009.11.10 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 - McAfee-GW-Edition 6.8.5 2009.11.10 - Microsoft 1.5202 2009.11.10 - NOD32 4593 2009.11.10 - Norman 6.03.02 2009.11.10 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.10 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.10 - Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.10 - Information additionnelle File size: 691712 bytes MD5...: 4c34b56d848009434bfe07fda5b583a5 SHA1..: 94b850432a1821fc914f802a9f6b24653aff7b5c SHA256: 270cbb0846152bdf134da52dfb4cb371b5041ba204be52175ac6e24ece015e69 ssdeep: 12288:yNuz2eB7rPw7373zHEA6Tcg1Qz4OXm9NrevRWNjwnsJx6il:Auz2eVrPw7<br>373zHEA6hQz4OWDjhSsJxl<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x8fb00<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x8ed30 0x8ee00 6.59 65057a4ee67c422926d7ddc20ed1763e<br>DATA 0x90000 0xf6c 0x1000 4.30 d21fe5132dea99525a6cf1585a804736<br>BSS 0x91000 0x139c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x93000 0x2580 0x2600 4.93 e5e6e5ba169e985617b6ee51af033aa1<br>.tls 0x96000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x97000 0x18 0x200 0.20 aa788c79120afbe36e18b7b180139dd9<br>.reloc 0x98000 0x8250 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0xa1000 0x16330 0x16400 5.07 df9b3f1a7af9739f16d15df5bee45ebe<br><br>( 17 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle<br>> user32.dll: MessageBoxA<br>> oleaut32.dll: SafeArrayPutElement, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen<br>> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid<br>> kernel32.dll: lstrcmpA, WriteProfileStringA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, TransactNamedPipe, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExA, LoadLibraryA, IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetComputerNameA, GetCommandLineA, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DeviceIoControl, DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime, CloseHandle<br>> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum<br>> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<br>> gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits, ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceA<br>> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx<br>> comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls<br>> ole32.dll: CoTaskMemFree, CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID<br>> oleaut32.dll: GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString<br>> shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA<br>> shell32.dll: SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc<br>> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA<br>> ole32.dll: CoDisconnectObject<br>> advapi32.dll: AdjustTokenPrivileges<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Windows OCX File (86.8%)<br>Win32 Executable Delphi generic (10.3%)<br>Generic Win/DOS Executable (1.4%)<br>DOS Executable Generic (1.4%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<br>publisher....: PC Tools<br>copyright....: <br>product......: <br>description..: Setup/Uninstall<br>original name: <br>internal name: <br>file version.: 51.49.0.0<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Euh, ta boite étant pleine, je n'ai pas pu t'envoyer le lien de l'upload en MP. Tu me diras quans tu l'as vidée que je le fasse.

Pour ce qui est de OMT, la première fois le pc s'est bloqué, plus rien d'affiché sur le bureau, aucune tâche lancée, et toujours tout mon tas de processus... Donc j'ai redémarré, enregistré le log. Et j'ai refait, et là il m'a proposé de redémmarer, ce que j'ai accepté. Voilà donc le dernier log: All processes killed Error: Unable to interpret <:first> in the current context! ========== PROCESSES ========== No active process named explorer.exe was found! Error: Unable to interpret <:drivers> in the current context! Error: Unable to interpret <tdidis32.sys> in the current context! Error: Unable to interpret <appxyw5l> in the current context! ========== FILES ========== File/Folder C:\WINDOWS\system32\mcen.exe not found. File/Folder C:\WINDOWS\system32\4ekjtruvvuoh.dll not found. File/Folder C:\WINDOWS\system32\tdidis32.sys not found. File/Folder C:\WINDOWS\system32\drivers\appxyw5l.sys not found. C:\WINDOWS\system32\xraidsetup.exe boot moved successfully. File/Folder C:\WINDOWS\system32\xraidsetup .exe not found. C:\WINDOWS\tasks\At1.job moved successfully. C:\WINDOWS\tasks\At10.job moved successfully. C:\WINDOWS\tasks\At11.job moved successfully. C:\WINDOWS\tasks\At12.job moved successfully. C:\WINDOWS\tasks\At13.job moved successfully. C:\WINDOWS\tasks\At14.job moved successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At16.job moved successfully. C:\WINDOWS\tasks\At17.job moved successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At19.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\tasks\At21.job moved successfully. C:\WINDOWS\tasks\At22.job moved successfully. C:\WINDOWS\tasks\At23.job moved successfully. C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At5.job moved successfully. C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\tasks\At7.job moved successfully. C:\WINDOWS\tasks\At8.job moved successfully. C:\WINDOWS\tasks\At9.job moved successfully. File/Folder C:\Program Files\AskBarDis not found. File/Folder C:\ComboFix not found. File/Folder C:\Qoobox not found. File/Folder C:\WINDOWS\system32\WS2Fix.exe not found. File/Folder C:\WINDOWS\system32\VCCLSID.exe not found. File/Folder C:\WINDOWS\system32\VACFix.exe not found. File/Folder C:\WINDOWS\system32\swxcacls.exe not found. File/Folder C:\WINDOWS\system32\swsc.exe not found. File/Folder C:\WINDOWS\system32\swreg.exe not found. File/Folder C:\WINDOWS\system32\SrchSTS.exe not found. File/Folder C:\WINDOWS\system32\Process.exe not found. File/Folder C:\WINDOWS\system32\o4Patch.exe not found. File/Folder C:\WINDOWS\system32\IEDFix.exe not found. File/Folder C:\WINDOWS\system32\IEDFix.C.exe not found. File/Folder C:\WINDOWS\system32\dumphive.exe not found. File/Folder C:\WINDOWS\system32\Agent.OMZ.Fix.exe not found. File/Folder C:\WINDOWS\system32\404Fix.exe not found. File/Folder C:\WINDOWS\zip.exe not found. File/Folder C:\WINDOWS\SWXCACLS.exe not found. File/Folder C:\WINDOWS\SWSC.exe not found. File/Folder C:\WINDOWS\SWREG.exe not found. File/Folder C:\WINDOWS\sed.exe not found. File/Folder C:\WINDOWS\PEV.exe not found. File/Folder C:\WINDOWS\NIRCMD.exe not found. File/Folder C:\WINDOWS\MBR.exe not found. File/Folder C:\WINDOWS\grep.exe not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mcen not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ not found. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\mcen.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur C:\Documents and Settings\Administrateur\Local Settings\Temp\Arabic.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Czech.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Danish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Dutch.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\English.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Finnish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\French.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\German.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Greek.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Hebrew.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Hungarian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Italian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Japanese.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\jusched.log deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Korean.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Norwegian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Polish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Portuguese(Brazil).bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Portuguese.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Russian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\SimChin.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Spanish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\SWEDISH.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Thai.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\TradChin.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Turkish.bin deleted successfully. ->Temp folder emptied: 587929 bytes C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TU8ZNP4C\desktop.ini deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OA300AC4\desktop.ini deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IR6C5D90\desktop.ini deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\D6E28WQI\desktop.ini deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\desktop.ini deleted successfully. ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_20c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_238.dat scheduled to be deleted on reboot. C:\WINDOWS\temp\WGAErrLog.txt deleted successfully. Windows Temp folder emptied: 33023 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,62 mb OTM by OldTimer - Version 3.1.0.1 log created on 11102009_173831 Files moved on Reboot... File C:\WINDOWS\temp\Perflib_Perfdata_20c.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_238.dat not found! Registry entries deleted on Reboot... Pour ce qui est de rsit pareil, je l'ai fait après le redémarrage "forcé", puis de nouveau après le reboot proposé; voilà le dernier rapport: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrateur at 2009-11-10 17:43:20 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 100 GB (56%) free of 180 GB Total RAM: 3326 MB (81% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:44:03, on 10/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager.exe C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager .exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Drangon Speaking\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\4ekjtruvvuoh.dll' missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Service Google Update (gupdate1ca407a69b35f52) (gupdate1ca407a69b35f52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8547 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208] "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [] "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080] "57xxSteelVine"=C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe [2009-11-10 37390] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "DNS7reminder"=C:\Program Files\Drangon Speaking\Ereg\Ereg.exe [2007-03-19 259624] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LMDVox"=C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe [2007-12-18 456704] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II" "C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Ave`nement du Roi-sorcier™" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf1368ba-a43b-11de-ab58-001fd02192d2}] shell\AutoRun\command - imt8.cmd shell\explore\command - imt8.cmd shell\open\command - imt8.cmd ======File associations====== .scr - open - C:\WINDOWS\system32\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-10 17:40:14 ----A---- C:\WINDOWS\system32\xraidsetup.exe boot 2009-11-10 17:28:02 ----D---- C:\_OTM 2009-11-10 15:55:32 ----D---- C:\Program Files\VirusTotalUploader 2009-11-10 13:50:55 ----D---- C:\Program Files\trend micro 2009-11-10 13:50:40 ----D---- C:\rsit 2009-11-10 12:34:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-11-10 12:32:38 ----D---- C:\Program Files\Avira 2009-11-10 12:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-10 12:32:15 ----SHD---- C:\Config.Msi 2009-11-10 01:27:30 ----D---- C:\Program Files\HijackThis 2009-11-09 23:56:34 ----A---- C:\WINDOWS\ntbtlog.txt 2009-11-09 22:54:06 ----A---- C:\WINDOWS\is-RQG47.exe 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs\PC Tools 2009-11-09 22:46:44 ----D---- C:\Program Files\Spyware Doctor 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\PC Tools 2009-11-09 22:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 22:07:07 ----A---- C:\WINDOWS\system32\vswmi.dll 2009-11-09 22:07:06 ----A---- C:\WINDOWS\system32\zpeng25.dll 2009-11-09 22:06:56 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2009-11-09 22:05:00 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-11-09 22:05:00 ----D---- C:\Program Files\Zone Labs 2009-11-09 22:05:00 ----A---- C:\WINDOWS\system32\vsxml.dll 2009-11-09 22:05:00 ----A---- C:\WINDOWS\system32\vspubapi.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsutil.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsinit.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsdata.dll 2009-11-09 22:03:28 ----D---- C:\WINDOWS\Internet Logs 2009-11-09 21:56:39 ----A---- C:\rapport.txt 2009-11-09 21:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-09 20:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-11-09 20:46:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-09 18:55:02 ----D---- C:\Program Files\Alwil Software 2009-11-09 18:39:11 ----A---- C:\ComboFix.txt 2009-11-09 17:58:53 ----D---- C:\Program Files\Enigma Software Group 2009-11-08 23:27:06 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-11-08 23:27:02 ----AH---- C:\aaw7boot.cmd 2009-11-08 22:02:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Lavasoft 2009-11-08 21:57:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-08 21:57:36 ----D---- C:\Program Files\Lavasoft 2009-11-08 21:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-11-08 21:45:07 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-11-08 21:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\xircom 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\oobe 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\npp 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\msagent 2009-11-08 21:41:04 ----D---- C:\Program Files\xerox 2009-11-08 21:41:04 ----D---- C:\Program Files\windows nt 2009-11-08 21:41:04 ----D---- C:\Program Files\netmeeting 2009-11-08 21:41:04 ----D---- C:\Program Files\msn gaming zone 2009-11-08 21:41:04 ----D---- C:\Program Files\movie maker 2009-11-08 21:41:04 ----D---- C:\Program Files\microsoft frontpage 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\speechengines 2009-11-08 21:32:10 ----A---- C:\Boot.bak 2009-11-08 21:32:03 ----RASHD---- C:\cmdcons 2009-11-08 21:31:18 ----D---- C:\WINDOWS\ERDNT 2009-11-08 20:53:49 ----D---- C:\WINDOWS\system32\LogFiles 2009-11-08 20:53:34 ----D---- C:\Program Files\Adobe 2009-11-08 20:40:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 20:16:45 ----D---- C:\Program Files\Total Video Converter 2009-11-08 20:05:25 ----A---- C:\WINDOWS\#1 Video Converter.INI 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\java.exe 2009-10-30 12:50:04 ----D---- C:\Program Files\iPod 2009-10-30 12:50:02 ----D---- C:\Program Files\iTunes 2009-10-29 23:18:40 ----D---- C:\Program Files\GPLGS 2009-10-29 23:18:07 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-10-29 23:18:01 ----D---- C:\Program Files\Acro Software 2009-10-27 21:44:52 ----D---- C:\Documents and Settings\All Users\Application Data\TmForever 2009-10-27 21:42:47 ----D---- C:\Program Files\TmNationsForever 2009-10-23 21:27:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Talkback 2009-10-23 21:27:17 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-10-18 18:26:35 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-10-18 18:26:34 ----D---- C:\Program Files\AVS4YOU 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\GdiPlus.dll 2009-10-18 18:18:12 ----D---- C:\Documents and Settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 11:47:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\GetRight 2009-10-16 16:33:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-16 16:27:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\La Bataille pour la Terre du Milieu ™ II 2009-10-15 16:38:19 ----A---- C:\WINDOWS\system32\unrar.dll 2009-10-15 16:38:19 ----A---- C:\WINDOWS\avisplitter.ini 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-10-15 16:38:15 ----D---- C:\Program Files\K-Lite Codec Pack 2009-10-15 16:29:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc 2009-10-15 16:28:47 ----D---- C:\Program Files\VideoLAN 2009-10-15 15:52:43 ----D---- C:\Program Files\Guitar Pro 5 2009-10-13 18:32:06 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mes fichiers de LSDA, L'Avènement du Roi-sorcier™ 2009-10-13 18:23:07 ----D---- C:\WINDOWS\RegisteredPackages 2009-10-13 18:22:49 ----A---- C:\WINDOWS\system32\dxdllreg.exe 2009-10-13 18:18:30 ----D---- C:\Program Files\Electronic Arts 2009-10-11 22:29:49 ----D---- C:\Program Files\APCS4F ======List of files/folders modified in the last 1 months====== 2009-11-10 17:40:28 ----SD---- C:\WINDOWS\Tasks 2009-11-10 17:40:14 ----D---- C:\WINDOWS\system32 2009-11-10 17:39:55 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-10 17:39:53 ----D---- C:\WINDOWS\Temp 2009-11-10 17:38:31 ----D---- C:\WINDOWS\RaidTool 2009-11-10 17:28:06 ----D---- C:\WINDOWS 2009-11-10 17:10:24 ----D---- C:\Program Files\Mozilla Firefox 2009-11-10 15:55:32 ----D---- C:\Program Files 2009-11-10 13:46:06 ----D---- C:\WINDOWS\system32\drivers 2009-11-10 13:23:03 ----D---- C:\Program Files\TaskSwitchXP 2009-11-10 12:32:48 ----D---- C:\WINDOWS\inf 2009-11-10 12:32:20 ----SHD---- C:\WINDOWS\Installer 2009-11-10 12:32:18 ----D---- C:\WINDOWS\WinSxS 2009-11-09 23:01:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs 2009-11-09 21:48:22 ----D---- C:\WINDOWS\Debug 2009-11-09 19:12:44 ----D---- C:\WINDOWS\system32\config 2009-11-09 18:37:04 ----A---- C:\WINDOWS\system.ini 2009-11-09 18:33:20 ----D---- C:\WINDOWS\AppPatch 2009-11-08 22:02:49 ----D---- C:\Program Files\Ad-Aware 2009-11-08 21:58:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\wbem 2009-11-08 21:41:04 ----D---- C:\WINDOWS\pchealth 2009-11-08 21:41:04 ----D---- C:\WINDOWS\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\Help 2009-11-08 21:41:04 ----D---- C:\Program Files\Internet Explorer 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-11-08 21:32:10 ----RASH---- C:\boot.ini 2009-11-08 20:53:15 ----D---- C:\WINDOWS\system32\dllcache 2009-11-08 20:16:47 ----RSD---- C:\WINDOWS\Fonts 2009-11-08 19:56:23 ----D---- C:\Program Files\Free Video Converter 2009-11-08 19:56:22 ----A---- C:\WINDOWS\win.ini 2009-11-08 17:11:21 ----D---- C:\Program Files\Messenger Plus! Live 2009-11-07 14:42:29 ----D---- C:\Program Files\BitComet 2009-11-07 14:42:23 ----D---- C:\Downloads 2009-11-06 17:58:45 ----D---- C:\Program Files\Java 2009-11-06 17:39:32 ----D---- C:\Program Files\Steam 2009-11-06 16:13:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-11-01 17:19:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\Bioshock 2009-10-30 12:49:59 ----D---- C:\Program Files\Fichiers communs\Apple 2009-10-29 16:14:59 ----D---- C:\Program Files\Warcraft III 2009-10-27 21:44:21 ----RSD---- C:\WINDOWS\assembly 2009-10-27 21:44:02 ----D---- C:\WINDOWS\system32\DirectX 2009-10-25 13:27:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-23 22:32:28 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-10-23 21:27:28 ----D---- C:\Program Files\Mozilla Thunderbird 2009-10-23 21:27:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-10-18 11:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-10-17 15:41:53 ----D---- C:\Program Files\abgx360 2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-10 28520] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-05-02 12032] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-10 55656] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-07-01 72704] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800] R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-18 47360] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 tdidis32.sys;tdidis32.sys; \??\C:\WINDOWS\system32\tdidis32.sys [] S3 aow4fr93;aow4fr93; C:\WINDOWS\system32\drivers\aow4fr93.sys [] S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-05-02 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2008-07-01 16384] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-10 185089] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-05-02 17408] R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-08 1179232] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S2 57xx SteelVine Manager;57xx SteelVine; C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe [2007-08-20 1282048] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-23 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 17408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Et l'upload est en cours (il est un peu plus long celui-ci...) Merci

Ok j'attends ça impatiemment XD Merci beaucoup! =D

Ok, alors voilà l'analyse des fichiers: File 4ekjtruvvuoh.dll received on 2009.11.10 14:55:49 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.41 2009.11.10 Trojan.Win32.Mespam!IK AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2905 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 - Ikarus T3.1.1.74.0 2009.11.10 Trojan.Win32.Mespam Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.892 2009.11.09 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 Artemis!3C0C06C7909E McAfee-GW-Edition 6.8.5 2009.11.10 - Microsoft 1.5202 2009.11.10 Trojan:Win32/Mespam.G NOD32 4592 2009.11.10 - Norman 6.03.02 2009.11.09 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.09 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.10 High Risk Fraudulent Security Program Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.09 - Additional information File size: 311296 bytes MD5 : 3c0c06c7909edd50c032382dfe0e0a95 SHA1 : 118459fe08c6cf0192461837bbe46910947c69d7 SHA256: c548d6fdd4ffbcdd91de41b3f6ae5e1ac0713e688327d8ccc0bef8569c8b1ead PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x20EED<br> timedatestamp.....: 0x4AECCCD9 (Sun Nov 1 00:48:41 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x3985A 0x3A000 6.60 b23071ac831eefb9423e1f864bafc2f3<br>.rdata 0x3B000 0x8E67 0x9000 4.97 1bab9368bd51d00965a68168dd28f458<br>.data 0x44000 0x3AEC 0x2000 4.56 6d16611faeefde14e35ec0de22368cc2<br>.tls 0x48000 0x3 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.reloc 0x49000 0x446E 0x5000 4.38 1d10a5610b1bfbfdf5673868952c4444<br> <br> ( 10 imports )<br> <br>> advapi32.dll: SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, RegCreateKeyA, RegCloseKey<br>> gdi32.dll: CreateFontIndirectA, CreateRectRgn, SelectObject, SetTextColor, SetBkMode, DeleteObject<br>> kernel32.dll: RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetVersionExA, GetThreadLocale, GetLocaleInfoW, ReadFile, SetStdHandle, GetOEMCP, GetLocaleInfoA, GetACP, InterlockedExchange, EnterCriticalSection, LeaveCriticalSection, CloseHandle, WriteFile, GetLastError, ExitThread, InterlockedDecrement, InterlockedIncrement, CreateThread, SetEvent, lstrcpyA, WaitForSingleObject, OpenEventA, lstrlenA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, CreateFileMappingA, DeleteFileA, GetProcAddress, LoadLibraryA, OutputDebugStringA, GetModuleFileNameW, GetModuleFileNameA, ReleaseMutex, Sleep, CreateProcessA, CreateMutexA, GetModuleHandleA, GetProcessHeap, HeapDestroy, HeapFree, TerminateThread, lstrcmpiA, WaitForMultipleObjects, lstrcpynA, CreateEventA, HeapCreate, HeapAlloc, GetCurrentProcessId, GetCurrentThreadId, GetLocalTime, SetWaitableTimer, CreateWaitableTimerA, GetTickCount, GetSystemTime, GlobalAlloc, GlobalFree, FreeLibrary, LoadLibraryW, ExpandEnvironmentStringsW, GetVolumeInformationA, GetDriveTypeA, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, GetSystemTimeAsFileTime, GetExitCodeThread, ExitProcess, RtlUnwind, GetCommandLineA, HeapReAlloc, LCMapStringA, LCMapStringW, GetCPInfo, QueryPerformanceCounter, VirtualQuery, VirtualFree, VirtualAlloc, IsBadWritePtr, TerminateProcess, GetCurrentProcess, HeapSize, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlushFileBuffers, SetFilePointer, VirtualProtect, GetSystemInfo, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr<br>> ole32.dll: CoInitialize, CoCreateInstance, CLSIDFromString, CoUninitialize<br>> rpcrt4.dll: UuidCreate<br>> shlwapi.dll: StrStrIA<br>> urlmon.dll: URLDownloadToCacheFileA<br>> user32.dll: GetSysColor, wsprintfA, CallNextHookEx, PtInRect, GetCursorPos, SystemParametersInfoA, GetSystemMetrics, GetWindowRect, SendMessageA, DrawTextExA, GetWindowTextA, ReleaseDC, GetWindowDC, GetWindowLongA<br>> wininet.dll: InternetCloseHandle, InternetReadFile, InternetQueryOptionA, HttpSendRequestA, HttpOpenRequestA, InternetConnectA, InternetOpenA<br>> ws2_32.dll: -, -, -, WSCDeinstallProvider, WSCGetProviderPath, WSCInstallProvider, WSCEnumProtocols, -, -, -, -<br> <br> ( 1 exports )<br> <br>> CallWndRetProc, DllMain, DllRegisterServer, DllUnregisterServer, MouseProc, WSPStartup TrID : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) ssdeep: 6144:Qc5PZDl1F9mJ30nTGg/zHrQlecUntVVyCu6U72beP5Ng:Qc5RnQ3OL/7rAecwtVVy6U6os Prevx Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=A43FCE5800743FDAC02D04E002F38000441AFCF4"'>http://info.prevx.com/aboutprogramtext.asp?PX5=A43FCE5800743FDAC02D04E002F38000441AFCF4" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=A43FCE5800743FDAC02D04E002F38000441AFCF4</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=A43FCE5800743FDAC02D04E002F38000441AFCF4</a> PEiD : - RDS : NSRL Reference Data Set<br>- Antivirus Version Last Update Result a-squared 4.5.0.41 2009.11.10 Trojan.Win32.Mespam!IK AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2905 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 - Ikarus T3.1.1.74.0 2009.11.10 Trojan.Win32.Mespam Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.892 2009.11.09 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 Artemis!3C0C06C7909E McAfee-GW-Edition 6.8.5 2009.11.10 - Microsoft 1.5202 2009.11.10 Trojan:Win32/Mespam.G NOD32 4592 2009.11.10 - Norman 6.03.02 2009.11.09 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.09 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.10 High Risk Fraudulent Security Program Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.09 - Additional information File size: 311296 bytes MD5 : 3c0c06c7909edd50c032382dfe0e0a95 SHA1 : 118459fe08c6cf0192461837bbe46910947c69d7 SHA256: c548d6fdd4ffbcdd91de41b3f6ae5e1ac0713e688327d8ccc0bef8569c8b1ead PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x20EED<br> timedatestamp.....: 0x4AECCCD9 (Sun Nov 1 00:48:41 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x3985A 0x3A000 6.60 b23071ac831eefb9423e1f864bafc2f3<br>.rdata 0x3B000 0x8E67 0x9000 4.97 1bab9368bd51d00965a68168dd28f458<br>.data 0x44000 0x3AEC 0x2000 4.56 6d16611faeefde14e35ec0de22368cc2<br>.tls 0x48000 0x3 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.reloc 0x49000 0x446E 0x5000 4.38 1d10a5610b1bfbfdf5673868952c4444<br> <br> ( 10 imports )<br> <br>> advapi32.dll: SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, RegCreateKeyA, RegCloseKey<br>> gdi32.dll: CreateFontIndirectA, CreateRectRgn, SelectObject, SetTextColor, SetBkMode, DeleteObject<br>> kernel32.dll: RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetVersionExA, GetThreadLocale, GetLocaleInfoW, ReadFile, SetStdHandle, GetOEMCP, GetLocaleInfoA, GetACP, InterlockedExchange, EnterCriticalSection, LeaveCriticalSection, CloseHandle, WriteFile, GetLastError, ExitThread, InterlockedDecrement, InterlockedIncrement, CreateThread, SetEvent, lstrcpyA, WaitForSingleObject, OpenEventA, lstrlenA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, CreateFileMappingA, DeleteFileA, GetProcAddress, LoadLibraryA, OutputDebugStringA, GetModuleFileNameW, GetModuleFileNameA, ReleaseMutex, Sleep, CreateProcessA, CreateMutexA, GetModuleHandleA, GetProcessHeap, HeapDestroy, HeapFree, TerminateThread, lstrcmpiA, WaitForMultipleObjects, lstrcpynA, CreateEventA, HeapCreate, HeapAlloc, GetCurrentProcessId, GetCurrentThreadId, GetLocalTime, SetWaitableTimer, CreateWaitableTimerA, GetTickCount, GetSystemTime, GlobalAlloc, GlobalFree, FreeLibrary, LoadLibraryW, ExpandEnvironmentStringsW, GetVolumeInformationA, GetDriveTypeA, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, GetSystemTimeAsFileTime, GetExitCodeThread, ExitProcess, RtlUnwind, GetCommandLineA, HeapReAlloc, LCMapStringA, LCMapStringW, GetCPInfo, QueryPerformanceCounter, VirtualQuery, VirtualFree, VirtualAlloc, IsBadWritePtr, TerminateProcess, GetCurrentProcess, HeapSize, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlushFileBuffers, SetFilePointer, VirtualProtect, GetSystemInfo, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr<br>> ole32.dll: CoInitialize, CoCreateInstance, CLSIDFromString, CoUninitialize<br>> rpcrt4.dll: UuidCreate<br>> shlwapi.dll: StrStrIA<br>> urlmon.dll: URLDownloadToCacheFileA<br>> user32.dll: GetSysColor, wsprintfA, CallNextHookEx, PtInRect, GetCursorPos, SystemParametersInfoA, GetSystemMetrics, GetWindowRect, SendMessageA, DrawTextExA, GetWindowTextA, ReleaseDC, GetWindowDC, GetWindowLongA<br>> wininet.dll: InternetCloseHandle, InternetReadFile, InternetQueryOptionA, HttpSendRequestA, HttpOpenRequestA, InternetConnectA, InternetOpenA<br>> ws2_32.dll: -, -, -, WSCDeinstallProvider, WSCGetProviderPath, WSCInstallProvider, WSCEnumProtocols, -, -, -, -<br> <br> ( 1 exports )<br> <br>> CallWndRetProc, DllMain, DllRegisterServer, DllUnregisterServer, MouseProc, WSPStartup TrID : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) ssdeep: 6144:Qc5PZDl1F9mJ30nTGg/zHrQlecUntVVyCu6U72beP5Ng:Qc5RnQ3OL/7rAecwtVVy6U6os Prevx Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=A43FCE5800743FDAC02D04E002F38000441AFCF4" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=A43FCE5800743FDAC02D04E002F38000441AFCF4</a> PEiD : - RDS : NSRL Reference Data Set<br>- et le second: File xraidsetup_.exe received on 2009.11.10 15:01:35 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.41 2009.11.10 Trojan-Downloader.Win32.Unruy!IK AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 Win32:Agent-AHPW AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 Trojan.Agent.ANVH CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2905 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - F-Secure 9.0.15370.0 2009.11.09 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 Trojan.Agent.ANVH Ikarus T3.1.1.74.0 2009.11.10 Trojan-Downloader.Win32.Unruy Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.892 2009.11.09 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 - McAfee-GW-Edition 6.8.5 2009.11.10 Heuristic.BehavesLike.Win32.Suspicious.H Microsoft 1.5202 2009.11.10 - NOD32 4592 2009.11.10 - Norman 6.03.02 2009.11.09 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.09 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.10 Medium Risk Malware Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.09 - Additional information File size: 37390 bytes MD5...: 89733c98518279d29a7a5c64103d8bd4 SHA1..: dac35b3927c3f39376e548f7fcc4e6f9d0842e79 SHA256: 7eba1212f4f0c480b4dc2f9081b91f2fe8f3ab16d4af8f6ce0e8d4388fe72d1d ssdeep: 768:X/9RM3J8SdbnSXWHqeEMzfOyzp5G7Yf1L3NO9WsZX6SFvGJEM3Jz5bOR46aP<br>w:P9RM3JF7SXWHqeEMzfOyN5G7Yfd3+3X7<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x37d7<br>timedatestamp.....: 0x4af8f551 (Tue Nov 10 05:08:33 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x28b6 0x2a00 5.72 825461214bb5fea37ff10fd417a69a87<br>.rdata 0x4000 0x294 0x400 3.46 9521b29606a8f5674a826051d05c7018<br>.data 0x5000 0x14dec 0x6000 6.84 6e6c01ab617cb72754875d83f1d89459<br><br>( 1 imports ) <br>> KERNEL32.dll: GetFileAttributesExA, HeapDestroy, HeapFree, HeapCreate, HeapAlloc, GetProcessHeap, CloseHandle, Sleep, ReadFile, SetFilePointer, CreateFileA, ExitProcess, GetModuleFileNameA, QueryPerformanceCounter, GetProcAddress, LoadLibraryA, VirtualAlloc, VirtualFree, IsBadReadPtr, lstrcmpiA, FreeLibrary, HeapReAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=08CF56CB0E1E2C7092EC0006FB89A1003C0CBE31''>http://info.prevx.com/aboutprogramtext.asp?PX5=08CF56CB0E1E2C7092EC0006FB89A1003C0CBE31' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=08CF56CB0E1E2C7092EC0006FB89A1003C0CBE31</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=08CF56CB0E1E2C7092EC0006FB89A1003C0CBE31</a> trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) Antivirus Version Last Update Result a-squared 4.5.0.41 2009.11.10 Trojan-Downloader.Win32.Unruy!IK AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 Win32:Agent-AHPW AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 Trojan.Agent.ANVH CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2905 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - F-Secure 9.0.15370.0 2009.11.09 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 Trojan.Agent.ANVH Ikarus T3.1.1.74.0 2009.11.10 Trojan-Downloader.Win32.Unruy Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.892 2009.11.09 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 - McAfee-GW-Edition 6.8.5 2009.11.10 Heuristic.BehavesLike.Win32.Suspicious.H Microsoft 1.5202 2009.11.10 - NOD32 4592 2009.11.10 - Norman 6.03.02 2009.11.09 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.09 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.10 Medium Risk Malware Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.09 - Additional information File size: 37390 bytes MD5...: 89733c98518279d29a7a5c64103d8bd4 SHA1..: dac35b3927c3f39376e548f7fcc4e6f9d0842e79 SHA256: 7eba1212f4f0c480b4dc2f9081b91f2fe8f3ab16d4af8f6ce0e8d4388fe72d1d ssdeep: 768:X/9RM3J8SdbnSXWHqeEMzfOyzp5G7Yf1L3NO9WsZX6SFvGJEM3Jz5bOR46aP<br>w:P9RM3JF7SXWHqeEMzfOyN5G7Yfd3+3X7<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x37d7<br>timedatestamp.....: 0x4af8f551 (Tue Nov 10 05:08:33 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x28b6 0x2a00 5.72 825461214bb5fea37ff10fd417a69a87<br>.rdata 0x4000 0x294 0x400 3.46 9521b29606a8f5674a826051d05c7018<br>.data 0x5000 0x14dec 0x6000 6.84 6e6c01ab617cb72754875d83f1d89459<br><br>( 1 imports ) <br>> KERNEL32.dll: GetFileAttributesExA, HeapDestroy, HeapFree, HeapCreate, HeapAlloc, GetProcessHeap, CloseHandle, Sleep, ReadFile, SetFilePointer, CreateFileA, ExitProcess, GetModuleFileNameA, QueryPerformanceCounter, GetProcAddress, LoadLibraryA, VirtualAlloc, VirtualFree, IsBadReadPtr, lstrcmpiA, FreeLibrary, HeapReAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=08CF56CB0E1E2C7092EC0006FB89A1003C0CBE31' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=08CF56CB0E1E2C7092EC0006FB89A1003C0CBE31</a> trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) C'est fait! Merci par avance! Désolée, le 1er post etait de l'autre pc, il a merdouillé... J'ai copié collé depuis le portable le .txt.

Ok, alors voilà l'analyse des fichiers: File 4ekjtruvvuoh.dll received on 2009.11.10 14:55:49 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.41 2009.11.10 Trojan.Win32.Mespam!IK AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2905 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 - Ikarus T3.1.1.74.0 2009.11.10 Trojan.Win32.Mespam Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.892 2009.11.09 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 Artemis!3C0C06C7909E McAfee-GW-Edition 6.8.5 2009.11.10 - Microsoft 1.5202 2009.11.10 Trojan:Win32/Mespam.G NOD32 4592 2009.11.10 - Norman 6.03.02 2009.11.09 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.09 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.10 High Risk Fraudulent Security Program Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.09 - Additional information File size: 311296 bytes MD5 : 3c0c06c7909edd50c032382dfe0e0a95 SHA1 : 118459fe08c6cf0192461837bbe46910947c69d7 SHA256: c548d6fdd4ffbcdd91de41b3f6ae5e1ac0713e688327d8ccc0bef8569c8b1ead PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x20EED<br> timedatestamp.....: 0x4AECCCD9 (Sun Nov 1 00:48:41 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x3985A 0x3A000 6.60 b23071ac831eefb9423e1f864bafc2f3<br>.rdata 0x3B000 0x8E67 0x9000 4.97 1bab9368bd51d00965a68168dd28f458<br>.data 0x44000 0x3AEC 0x2000 4.56 6d16611faeefde14e35ec0de22368cc2<br>.tls 0x48000 0x3 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.reloc 0x49000 0x446E 0x5000 4.38 1d10a5610b1bfbfdf5673868952c4444<br> <br> ( 10 imports )<br> <br>> advapi32.dll: SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, RegCreateKeyA, RegCloseKey<br>> gdi32.dll: CreateFontIndirectA, CreateRectRgn, SelectObject, SetTextColor, SetBkMode, DeleteObject<br>> kernel32.dll: RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetVersionExA, GetThreadLocale, GetLocaleInfoW, ReadFile, SetStdHandle, GetOEMCP, GetLocaleInfoA, GetACP, InterlockedExchange, EnterCriticalSection, LeaveCriticalSection, CloseHandle, WriteFile, GetLastError, ExitThread, InterlockedDecrement, InterlockedIncrement, CreateThread, SetEvent, lstrcpyA, WaitForSingleObject, OpenEventA, lstrlenA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, CreateFileMappingA, DeleteFileA, GetProcAddress, LoadLibraryA, OutputDebugStringA, GetModuleFileNameW, GetModuleFileNameA, ReleaseMutex, Sleep, CreateProcessA, CreateMutexA, GetModuleHandleA, GetProcessHeap, HeapDestroy, HeapFree, TerminateThread, lstrcmpiA, WaitForMultipleObjects, lstrcpynA, CreateEventA, HeapCreate, HeapAlloc, GetCurrentProcessId, GetCurrentThreadId, GetLocalTime, SetWaitableTimer, CreateWaitableTimerA, GetTickCount, GetSystemTime, GlobalAlloc, GlobalFree, FreeLibrary, LoadLibraryW, ExpandEnvironmentStringsW, GetVolumeInformationA, GetDriveTypeA, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, GetSystemTimeAsFileTime, GetExitCodeThread, ExitProcess, RtlUnwind, GetCommandLineA, HeapReAlloc, LCMapStringA, LCMapStringW, GetCPInfo, QueryPerformanceCounter, VirtualQuery, VirtualFree, VirtualAlloc, IsBadWritePtr, TerminateProcess, GetCurrentProcess, HeapSize, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlushFileBuffers, SetFilePointer, VirtualProtect, GetSystemInfo, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr<br>> ole32.dll: CoInitialize, CoCreateInstance, CLSIDFromString, CoUninitialize<br>> rpcrt4.dll: UuidCreate<br>> shlwapi.dll: StrStrIA<br>> urlmon.dll: URLDownloadToCacheFileA<br>> user32.dll: GetSysColor, wsprintfA, CallNextHookEx, PtInRect, GetCursorPos, SystemParametersInfoA, GetSystemMetrics, GetWindowRect, SendMessageA, DrawTextExA, GetWindowTextA, ReleaseDC, GetWindowDC, GetWindowLongA<br>> wininet.dll: InternetCloseHandle, InternetReadFile, InternetQueryOptionA, HttpSendRequestA, HttpOpenRequestA, InternetConnectA, InternetOpenA<br>> ws2_32.dll: -, -, -, WSCDeinstallProvider, WSCGetProviderPath, WSCInstallProvider, WSCEnumProtocols, -, -, -, -<br> <br> ( 1 exports )<br> <br>> CallWndRetProc, DllMain, DllRegisterServer, DllUnregisterServer, MouseProc, WSPStartup TrID : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) ssdeep: 6144:Qc5PZDl1F9mJ30nTGg/zHrQlecUntVVyCu6U72beP5Ng:Qc5RnQ3OL/7rAecwtVVy6U6os% Ok, alors voilà l'analyse des fichiers: File 4ekjtruvvuoh.dll received on 2009.11.10 14:55:49 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.41 2009.11.10 Trojan.Win32.Mespam!IK AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2905 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 - Ikarus T3.1.1.74.0 2009.11.10 Trojan.Win32.Mespam Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.892 2009.11.09 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 Artemis!3C0C06C7909E McAfee-GW-Edition 6.8.5 2009.11.10 - Microsoft 1.5202 2009.11.10 Trojan:Win32/Mespam.G NOD32 4592 2009.11.10 - Norman 6.03.02 2009.11.09 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.09 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.10 High Risk Fraudulent Security Program Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.09 - Additional information File size: 311296 bytes MD5 : 3c0c06c7909edd50c032382dfe0e0a95 SHA1 : 118459fe08c6cf0192461837bbe46910947c69d7 SHA256: c548d6fdd4ffbcdd91de41b3f6ae5e1ac0713e688327d8ccc0bef8569c8b1ead PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x20EED<br> timedatestamp.....: 0x4AECCCD9 (Sun Nov 1 00:48:41 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x3985A 0x3A000 6.60 b23071ac831eefb9423e1f864bafc2f3<br>.rdata 0x3B000 0x8E67 0x9000 4.97 1bab9368bd51d00965a68168dd28f458<br>.data 0x44000 0x3AEC 0x2000 4.56 6d16611faeefde14e35ec0de22368cc2<br>.tls 0x48000 0x3 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.reloc 0x49000 0x446E 0x5000 4.38 1d10a5610b1bfbfdf5673868952c4444<br> <br> ( 10 imports )<br> <br>> advapi32.dll: SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, InitializeSecurityDescriptor, RegCreateKeyA, RegCloseKey<br>> gdi32.dll: CreateFontIndirectA, CreateRectRgn, SelectObject, SetTextColor, SetBkMode, DeleteObject<br>> kernel32.dll: RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetVersionExA, GetThreadLocale, GetLocaleInfoW, ReadFile, SetStdHandle, GetOEMCP, GetLocaleInfoA, GetACP, InterlockedExchange, EnterCriticalSection, LeaveCriticalSection, CloseHandle, WriteFile, GetLastError, ExitThread, InterlockedDecrement, InterlockedIncrement, CreateThread, SetEvent, lstrcpyA, WaitForSingleObject, OpenEventA, lstrlenA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, CreateFileMappingA, DeleteFileA, GetProcAddress, LoadLibraryA, OutputDebugStringA, GetModuleFileNameW, GetModuleFileNameA, ReleaseMutex, Sleep, CreateProcessA, CreateMutexA, GetModuleHandleA, GetProcessHeap, HeapDestroy, HeapFree, TerminateThread, lstrcmpiA, WaitForMultipleObjects, lstrcpynA, CreateEventA, HeapCreate, HeapAlloc, GetCurrentProcessId, GetCurrentThreadId, GetLocalTime, SetWaitableTimer, CreateWaitableTimerA, GetTickCount, GetSystemTime, GlobalAlloc, GlobalFree, FreeLibrary, LoadLibraryW, ExpandEnvironmentStringsW, GetVolumeInformationA, GetDriveTypeA, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, GetSystemTimeAsFileTime, GetExitCodeThread, ExitProcess, RtlUnwind, GetCommandLineA, HeapReAlloc, LCMapStringA, LCMapStringW, GetCPInfo, QueryPerformanceCounter, VirtualQuery, VirtualFree, VirtualAlloc, IsBadWritePtr, TerminateProcess, GetCurrentProcess, HeapSize, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlushFileBuffers, SetFilePointer, VirtualProtect, GetSystemInfo, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr<br>> ole32.dll: CoInitialize, CoCreateInstance, CLSIDFromString, CoUninitialize<br>> rpcrt4.dll: UuidCreate<br>> shlwapi.dll: StrStrIA<br>> urlmon.dll: URLDownloadToCacheFileA<br>> user32.dll: GetSysColor, wsprintfA, CallNextHookEx, PtInRect, GetCursorPos, SystemParametersInfoA, GetSystemMetrics, GetWindowRect, SendMessageA, DrawTextExA, GetWindowTextA, ReleaseDC, GetWindowDC, GetWindowLongA<br>> wininet.dll: InternetCloseHandle, InternetReadFile, InternetQueryOptionA, HttpSendRequestA, HttpOpenRequestA, InternetConnectA, InternetOpenA<br>> ws2_32.dll: -, -, -, WSCDeinstallProvider, WSCGetProviderPath, WSCInstallProvider, WSCEnumProtocols, -, -, -, -<br> <br> ( 1 exports )<br> <br>> CallWndRetProc, DllMain, DllRegisterServer, DllUnregisterServer, MouseProc, WSPStartup TrID : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) ssdeep: 6144:Qc5PZDl1F9mJ30nTGg/zHrQlecUntVVyCu6U72beP5Ng:Qc5RnQ3OL/7rAecwtVVy6U6os%

Alors voilà mes rapports: - les deux de malwarebytes: Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2775 Windows 5.1.2600 Service Pack 3 10/11/2009 13:05:54 mbam-log-2009-11-10 (13-05-54).txt Type de recherche: Examen complet (C:\|F:\|Q:\|) Eléments examinés: 190041 Temps écoulé: 29 minute(s), 20 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{5b184b9d-b7bd-4fea-8d1f-5e27182206a5} (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ccfb7efc-6651-d456-60f4-22b8b013c250} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.ContraVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.ContraVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.ContraVirus) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ucqqrtpga (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\syku.dll (Trojan.Downloader) -> Delete on reboot. puis Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3134 Windows 5.1.2600 Service Pack 3 10/11/2009 13:46:06 mbam-log-2009-11-10 (13-46-06).txt Type de recherche: Examen complet (C:\|Q:\|) Eléments examinés: 197889 Temps écoulé: 32 minute(s), 57 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdifw_drv (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdifw_drv (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_TDIFW_DRV (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_TDIFW_DRV (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Desktop Defender 2010 (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\DVD Decrypter\uninstall.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP367\A0021331.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP368\A0047606.dll (Rogue.SwiftCleaner) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\tdifw_drv.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Desktop Defender 2010\Activate Desktop Defender 2010.lnk (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Desktop Defender 2010\Desktop Defender 2010.lnk (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Desktop Defender 2010.LNK (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully. - ainsi que les deux de HJT: le log: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrateur at 2009-11-10 13:52:15 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 100 GB (56%) free of 180 GB Total RAM: 3326 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:53:01, on 10/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\RaidTool\xInsIDE.exe C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\mcen.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe C:\WINDOWS\RaidTool\xinside.exe C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager.exe C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager .exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe O4 - HKLM\..\Run: [GEST] = O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Drangon Speaking\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [mcen] C:\WINDOWS\system32\mcen.exe \u O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\4ekjtruvvuoh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\4ekjtruvvuoh.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Service Google Update (gupdate1ca407a69b35f52) (gupdate1ca407a69b35f52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9521 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208] "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2009-11-10 37390] "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080] "57xxSteelVine"=C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe [2009-11-10 37390] "GEST"== [] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "DNS7reminder"=C:\Program Files\Drangon Speaking\Ereg\Ereg.exe [2007-03-19 259624] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "mcen"=C:\WINDOWS\system32\mcen.exe [2009-11-08 28160] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LMDVox"=C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe [2007-12-18 456704] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II" "C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Ave`nement du Roi-sorcier™" "C:\WINDOWS\system32\mcen.exe"="C:\WINDOWS\system32\mcen.exe:*:Enabled:ENABLE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .scr - open - C:\WINDOWS\system32\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-10 13:50:55 ----D---- C:\Program Files\trend micro 2009-11-10 13:50:40 ----D---- C:\rsit 2009-11-10 12:34:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-11-10 12:32:38 ----D---- C:\Program Files\Avira 2009-11-10 12:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-10 12:32:15 ----SHD---- C:\Config.Msi 2009-11-10 01:27:30 ----D---- C:\Program Files\HijackThis 2009-11-09 23:56:34 ----A---- C:\WINDOWS\ntbtlog.txt 2009-11-09 22:54:06 ----A---- C:\WINDOWS\is-RQG47.exe 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs\PC Tools 2009-11-09 22:46:44 ----D---- C:\Program Files\Spyware Doctor 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\PC Tools 2009-11-09 22:39:48 ----SD---- C:\ComboFix 2009-11-09 22:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 22:07:07 ----A---- C:\WINDOWS\system32\vswmi.dll 2009-11-09 22:07:06 ----A---- C:\WINDOWS\system32\zpeng25.dll 2009-11-09 22:06:56 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2009-11-09 22:05:00 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-11-09 22:05:00 ----D---- C:\Program Files\Zone Labs 2009-11-09 22:05:00 ----A---- C:\WINDOWS\system32\vsxml.dll 2009-11-09 22:05:00 ----A---- C:\WINDOWS\system32\vspubapi.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsutil.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsinit.dll 2009-11-09 22:04:03 ----N---- C:\WINDOWS\system32\vsdata.dll 2009-11-09 22:03:28 ----D---- C:\WINDOWS\Internet Logs 2009-11-09 21:56:39 ----A---- C:\rapport.txt 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\WS2Fix.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\VCCLSID.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\VACFix.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\swxcacls.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\swsc.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\swreg.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\SrchSTS.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\Process.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\o4Patch.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\IEDFix.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\IEDFix.C.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\dumphive.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe 2009-11-09 21:55:36 ----A---- C:\WINDOWS\system32\404Fix.exe 2009-11-09 21:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-09 20:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-11-09 20:46:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-09 18:55:02 ----D---- C:\Program Files\Alwil Software 2009-11-09 18:39:11 ----A---- C:\ComboFix.txt 2009-11-09 18:26:07 ----D---- C:\Qoobox 2009-11-09 17:58:53 ----D---- C:\Program Files\Enigma Software Group 2009-11-08 23:27:06 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-11-08 23:27:02 ----AH---- C:\aaw7boot.cmd 2009-11-08 22:02:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Lavasoft 2009-11-08 21:57:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-08 21:57:36 ----D---- C:\Program Files\Lavasoft 2009-11-08 21:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-11-08 21:45:07 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-11-08 21:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\xircom 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\oobe 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\npp 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\msagent 2009-11-08 21:41:04 ----D---- C:\Program Files\xerox 2009-11-08 21:41:04 ----D---- C:\Program Files\windows nt 2009-11-08 21:41:04 ----D---- C:\Program Files\netmeeting 2009-11-08 21:41:04 ----D---- C:\Program Files\msn gaming zone 2009-11-08 21:41:04 ----D---- C:\Program Files\movie maker 2009-11-08 21:41:04 ----D---- C:\Program Files\microsoft frontpage 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\speechengines 2009-11-08 21:32:10 ----A---- C:\Boot.bak 2009-11-08 21:32:03 ----RASHD---- C:\cmdcons 2009-11-08 21:31:24 ----A---- C:\WINDOWS\zip.exe 2009-11-08 21:31:24 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-11-08 21:31:24 ----A---- C:\WINDOWS\SWSC.exe 2009-11-08 21:31:24 ----A---- C:\WINDOWS\SWREG.exe 2009-11-08 21:31:24 ----A---- C:\WINDOWS\sed.exe 2009-11-08 21:31:24 ----A---- C:\WINDOWS\PEV.exe 2009-11-08 21:31:24 ----A---- C:\WINDOWS\NIRCMD.exe 2009-11-08 21:31:24 ----A---- C:\WINDOWS\MBR.exe 2009-11-08 21:31:24 ----A---- C:\WINDOWS\grep.exe 2009-11-08 21:31:18 ----D---- C:\WINDOWS\ERDNT 2009-11-08 20:53:51 ----RASH---- C:\WINDOWS\system32\4ekjtruvvuoh.dll 2009-11-08 20:53:49 ----D---- C:\WINDOWS\system32\LogFiles 2009-11-08 20:53:34 ----D---- C:\Program Files\Adobe 2009-11-08 20:53:18 ----A---- C:\WINDOWS\system32\xraidsetup.exe boot 2009-11-08 20:53:18 ----A---- C:\WINDOWS\system32\xraidsetup .exe 2009-11-08 20:53:12 ----A---- C:\WINDOWS\system32\mcen.exe 2009-11-08 20:40:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 20:16:45 ----D---- C:\Program Files\Total Video Converter 2009-11-08 20:05:25 ----A---- C:\WINDOWS\#1 Video Converter.INI 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\java.exe 2009-10-30 12:50:04 ----D---- C:\Program Files\iPod 2009-10-30 12:50:02 ----D---- C:\Program Files\iTunes 2009-10-29 23:18:40 ----D---- C:\Program Files\GPLGS 2009-10-29 23:18:07 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-10-29 23:18:01 ----D---- C:\Program Files\Acro Software 2009-10-27 21:44:52 ----D---- C:\Documents and Settings\All Users\Application Data\TmForever 2009-10-27 21:42:47 ----D---- C:\Program Files\TmNationsForever 2009-10-23 21:27:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Talkback 2009-10-23 21:27:17 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-10-18 18:26:35 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-10-18 18:26:34 ----D---- C:\Program Files\AVS4YOU 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\GdiPlus.dll 2009-10-18 18:18:12 ----D---- C:\Documents and Settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 11:47:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\GetRight 2009-10-16 16:33:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-16 16:27:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\La Bataille pour la Terre du Milieu ™ II 2009-10-15 16:38:19 ----A---- C:\WINDOWS\system32\unrar.dll 2009-10-15 16:38:19 ----A---- C:\WINDOWS\avisplitter.ini 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-10-15 16:38:15 ----D---- C:\Program Files\K-Lite Codec Pack 2009-10-15 16:29:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc 2009-10-15 16:28:47 ----D---- C:\Program Files\VideoLAN 2009-10-15 15:52:43 ----D---- C:\Program Files\Guitar Pro 5 2009-10-13 18:32:06 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mes fichiers de LSDA, L'Avènement du Roi-sorcier™ 2009-10-13 18:23:07 ----D---- C:\WINDOWS\RegisteredPackages 2009-10-13 18:22:49 ----A---- C:\WINDOWS\system32\dxdllreg.exe 2009-10-13 18:18:30 ----D---- C:\Program Files\Electronic Arts 2009-10-11 22:29:49 ----D---- C:\Program Files\APCS4F ======List of files/folders modified in the last 1 months====== 2009-11-10 13:51:19 ----SD---- C:\WINDOWS\Tasks 2009-11-10 13:51:19 ----D---- C:\WINDOWS\Temp 2009-11-10 13:50:55 ----D---- C:\Program Files 2009-11-10 13:48:25 ----D---- C:\WINDOWS\system32 2009-11-10 13:48:21 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-10 13:48:18 ----D---- C:\WINDOWS 2009-11-10 13:46:06 ----D---- C:\WINDOWS\system32\drivers 2009-11-10 13:35:15 ----D---- C:\WINDOWS\RaidTool 2009-11-10 13:23:03 ----D---- C:\Program Files\TaskSwitchXP 2009-11-10 12:32:48 ----D---- C:\WINDOWS\inf 2009-11-10 12:32:20 ----SHD---- C:\WINDOWS\Installer 2009-11-10 12:32:18 ----D---- C:\WINDOWS\WinSxS 2009-11-09 23:39:05 ----D---- C:\Program Files\Mozilla Firefox 2009-11-09 23:01:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs 2009-11-09 21:48:22 ----D---- C:\WINDOWS\Debug 2009-11-09 19:12:44 ----D---- C:\WINDOWS\system32\config 2009-11-09 18:37:04 ----A---- C:\WINDOWS\system.ini 2009-11-09 18:33:20 ----D---- C:\WINDOWS\AppPatch 2009-11-08 22:02:49 ----D---- C:\Program Files\Ad-Aware 2009-11-08 21:58:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\wbem 2009-11-08 21:41:04 ----D---- C:\WINDOWS\pchealth 2009-11-08 21:41:04 ----D---- C:\WINDOWS\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\Help 2009-11-08 21:41:04 ----D---- C:\Program Files\Internet Explorer 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-11-08 21:32:10 ----RASH---- C:\boot.ini 2009-11-08 20:53:15 ----D---- C:\WINDOWS\system32\dllcache 2009-11-08 20:16:47 ----RSD---- C:\WINDOWS\Fonts 2009-11-08 19:56:23 ----D---- C:\Program Files\Free Video Converter 2009-11-08 19:56:22 ----A---- C:\WINDOWS\win.ini 2009-11-08 17:11:21 ----D---- C:\Program Files\Messenger Plus! Live 2009-11-07 14:42:29 ----D---- C:\Program Files\BitComet 2009-11-07 14:42:23 ----D---- C:\Downloads 2009-11-06 17:58:45 ----D---- C:\Program Files\Java 2009-11-06 17:39:32 ----D---- C:\Program Files\Steam 2009-11-06 16:13:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-11-01 17:19:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\Bioshock 2009-10-30 12:49:59 ----D---- C:\Program Files\Fichiers communs\Apple 2009-10-29 16:14:59 ----D---- C:\Program Files\Warcraft III 2009-10-27 21:44:21 ----RSD---- C:\WINDOWS\assembly 2009-10-27 21:44:02 ----D---- C:\WINDOWS\system32\DirectX 2009-10-25 13:27:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-23 22:32:28 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-10-23 21:27:28 ----D---- C:\Program Files\Mozilla Thunderbird 2009-10-23 21:27:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-10-18 11:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-10-17 15:41:53 ----D---- C:\Program Files\abgx360 2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-10 28520] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-05-02 12032] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-10 55656] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-07-01 72704] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800] R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-18 47360] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 tdidis32.sys;tdidis32.sys; \??\C:\WINDOWS\system32\tdidis32.sys [] S3 appxyw5l;appxyw5l; C:\WINDOWS\system32\drivers\appxyw5l.sys [] S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-05-02 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2008-07-01 16384] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 57xx SteelVine Manager;57xx SteelVine; C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe [2007-08-20 1282048] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-10 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-05-02 17408] R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-08 1179232] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-23 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 17408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- et le info: info.txt logfile of random's system information tool 1.06 2009-11-10 13:52:06 ======Uninstall list====== -->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} 57xx SteelVine-->MsiExec.exe /I{2B25D1AE-F095-47C9-BDCC-80F998E0E17F} 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" abgx360 v1.0.1-->"C:\Program Files\abgx360\uninstall.exe" Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArchiCAD 12 FRA-->C:\Program Files\Graphisoft\ArchiCAD 12\Uninstall.AC\uninstaller.exe Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900 AutoCAD 2010 - Français-->C:\Program Files\AutoCAD 2010\Setup\Setup.exe /P {5783F2D7-8001-040C-0002-0060B0CE6BBA} /M ACAD /language fr-FR AutoCAD 2010 - Français-->C:\Program Files\AutoCAD 2010\Setup\Setup.exe /P {5783F2D7-8001-040C-0002-0060B0CE6BBA} /M ACAD /language fr-FR Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe" AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" BioShock-->C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x040c -removeonly BitComet 1.14-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Correctif pour Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10 CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA} DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" Energy Saver Advance B8.0520.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x40c UNINST EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything ESDX3800 Guide d'utilisation-->C:\Program Files\EPSON\TPMANUAL\ESDX3800\USE_G\DOCUNINS.EXE FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe" Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Foxit Toolbar-->"C:\Program Files\AskBarDis\unins000.exe" Free Video Converter V 2.3-->"C:\Program Files\Free Video Converter\unins000.exe" Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x40c -removeonly Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{3A05B900-A3E7-11DE-A9B7-005056806466} Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} K-Lite Codec Pack 5.2.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" La Bataille pour la Terre du Milieu™ II-->C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\EAUninstall.exe L'Avènement du Roi-sorcier™-->C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\EAUninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaCoder 0.7.2.4535-->C:\Program Files\MediaCoder\uninst.exe Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Prototype-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x040c QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 TaskSwitchXP-->C:\Program Files\TaskSwitchXP\uninst.exe TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe" VirtualDubMOD 1.5.10.3 Fr-->"C:\Program Files\VirtualDubMOD\unins000.exe" VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe Votre PC prend la parole-->MsiExec.exe /I{1335A7E0-6055-47B8-92FC-714D65117CAA} Warcraft III-->C:\Program Files\Fichiers communs\Blizzard Entertainment\Warcraft III\Uninstall.exe WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Xilisoft DVD Ripper Ultimate-->C:\Program Files\Xilisoft\DVD Ripper Ultimate 5\Uninstall.exe XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: AntiVir Desktop (disabled) ======System event log====== Computer Name: R2D2 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 5 Source Name: EventLog Time Written: 20091109200642.000000+060 Event Type: Informations User: Computer Name: R2D2 Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 4 Source Name: EventLog Time Written: 20091109200434.000000+060 Event Type: Informations User: Computer Name: R2D2 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 3 Source Name: EventLog Time Written: 20091109200434.000000+060 Event Type: Informations User: Computer Name: R2D2 Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20091109194559.000000+060 Event Type: Informations User: Computer Name: R2D2 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20091109194559.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: 35DA0BE70E204EA Event Code: 1000 Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20090731190637.000000+120 Event Type: Informations User: Computer Name: 35DA0BE70E204EA Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20090731190634.000000+120 Event Type: Informations User: Computer Name: 35DA0BE70E204EA Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20090731190552.000000+120 Event Type: Informations User: Computer Name: 35DA0BE70E204EA Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20090731190533.000000+120 Event Type: Informations User: Computer Name: 35DA0BE70E204EA Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20090731190523.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Voilà je crois qu'il y a tout, et c'est déjà pas mal... Bonne lecture. Et encore merci, c'est vraiment génial de faire tout ça bénévolement.

Ok XD Merci beaucoup, je fais ça puis je te poste les résultats alors.

Le temps de la réponse, j'avais laissé Malware Bytes tourner quand même. J'ai sauvegardé son premier rapport. Je le joindrai au second, suite à la mise à jour. J'ai retrouvé l'icône du menu démarrer et du poste de travail Ca me rassure, c'est bon signe (enfin j'espère...)

D'accord, je fais ça. Merci beaucoup =) Si RSIT veut mettre à jour HijackThis et que mon pc ne laisse pas passer, je dois rechercher une mise à jour manuellement là aussi? Ca c'est mon gros souci avec cet ordi du coup, je ne peux rien télécharger, je dois tout transférer par clé usb depuis le portable...

Bonjour, Merci de cette réponse si rapide et si complète Je me lance dans cette petite procédure, cependant j'ai un petit souci avec ma connexion. J'ai réinstallé Antivir, et lancé MalwareBytes (l'analyse) mais sans la mise à jour: mon pc me bloque l'accès aux connexions internet hors IE et Mozilla... Le scan sera quand même utile?

(Source : http://forum.zebulon.fr/pre-nettoyage-d-un...tml&a...=40 ) Bonjour, Suite à une infection de mon pc par notamment desktop defender, mon pc a rapidement cessé de fonctionner normalement, devenant parfois impossible à redémarrer. De nombreux processus se lancent et le font ramer. Je n'ai pas trouvé d'où provenait ce problème. J'ai donc appliqué à la lettre les instructions de votre topic de pré-nettoyage, à savoir analyse anti-virus et log par hijackthis. Voilà donc mon rapport HJT. J'espère ne pas m'être trompée en le présentant... Logfile of HijackThis v1.99.1 Scan saved at 01:40:08, on 10/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\RaidTool\xInsIDE.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\mcen.exe C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager .exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\taskmgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe O4 - HKLM\..\Run: [GEST] = O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Drangon Speaking\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [mcen] C:\WINDOWS\system32\mcen.exe \u O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\4ekjtruvvuoh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\4ekjtruvvuoh.dll O11 - Options group: [iNTERNATIONAL] International O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O21 - SSODL: UcqQRTpgA - {CCFB7EFC-6651-D456-60F4-22B8B013C250} - C:\WINDOWS\system32\syku.dll O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Service Google Update (gupdate1ca407a69b35f52) (gupdate1ca407a69b35f52) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Que puis-je faire pour éradiquer les infections de mon pc? Merci par avance pour votre aide.