Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection PC : mabidwe.exe, soxpeca.exe et udxfytw.sys

bapor

Par bapor
dans Analyses et éradication malwares

 Partager

Messages recommandés

bapor Member

bapor

Posté(e)
  • Auteur
Posté(e)

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

malicious code @ sector 0x8a781ce size 0x1ac !

 

 

------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

info.txt logfile of random's system information tool 1.04 2008-12-03 19:51:34

 

======Uninstall list======

 

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c

-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:FRN

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x40c /remove

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf

Adobe Flash Player 10 Plugin-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

Archiveur WinRAR-->g:\logiciel\WinRAR\uninstall.exe

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0

ATI Display Driver-->rundll32 C:\WINDOWS.0\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Avira AntiVir Personal - Free Antivirus-->G:\Logiciel\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Azureus Vuze-->g:\logiciel\Azureus\uninstall.exe

Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}

CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}

Command & Conquer 3-->MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}

Command & Conquer 3 : La Fureur de Kane-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}

Command & Conquer Alerte Rouge 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}

Creative Audio Console-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove

Creative MediaSource 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove

Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove

Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove

Delete FXP Files Classic-->MsiExec.exe /X{D3E29D5A-B772-4578-9075-4272569504E2}

eMulev0.49a.-MorphXTv11.0-->"g:\logiciel\emule morphxt\unins000.exe"

Fraps (remove only)-->"g:\logiciel\Fraps\uninstall.exe"

Free Download Manager 2.5-->"G:\logiciel\Free Download Manager\unins000.exe"

Hamachi 1.0.2.2-->g:\logiciel\Hamachi\uninstall.exe

HijackThis 2.0.2-->"G:\Logiciel\HijackThis.exe" /uninstall

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}

K-Lite Codec Pack 3.9.0 Full-->"g:\logiciel\K-Lite Codec Pack\unins000.exe"

Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}

Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly

Malwarebytes' Anti-Malware-->"g:\logiciel\Malwarebytes' Anti-Malware\unins000.exe"

Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft Flight Simulator X: Acceleration-->MsiExec.exe /I{3A1EE107-F79B-49FA-83CF-94169E63F25A}

Microsoft Flight Simulator X-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC}

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS.0\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS.0\$NtUninstallWudf01005$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

mIRC-->"G:\Logiciel\mIRC\mirc.exe" -uninstall

Mozilla Firefox (3.0.4)-->g:\Logiciel\Mozilla Firefox\uninstall\helper.exe

MSN Messenger 7.5-->MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}

MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}

Nero 6 Ultra Edition-->G:\Logiciel\nero\nero\uninstall\UNNERO.exe /UNINSTALL

Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}

Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}

Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}

Nokia NSeries Application Installer-->MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}

Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}

Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}

Nokia NSeries One Touch Access-->MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414}

Nokia NSeries System Utilities-->MsiExec.exe /X{F1932E56-8A95-40E0-A15B-E06B45969845}

Nokia Software Launcher-->MsiExec.exe /I{B53F4598-B3D9-41DF-911E-523FA91EE464}

Nokia Software Updater-->MsiExec.exe /X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

PC Connectivity Solution-->MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}

Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x40c /remove

SpeedFan (remove only)-->"g:\logiciel\SpeedFan\uninstall.exe"

StuffPlug-NG (Messenger Plus! Plugins)-->C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe

SuperCopier2-->"g:\logiciel\SuperCopier2\SC2Uninst.exe"

Tennis Elbow 2006 1.0c-->g:\jeux\Tennis Elbow 2006\uninst.exe

Trials 2 Second Edition-->g:\jeux\Trials 2 Second Edition\Uninstall.exe

TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}

TVAnts 1.0-->G:\Logiciel\tvants\UNWISE.EXE G:\Logiciel\tvants\INSTALL.LOG

Veetle TV Player 0.9.11-->C:\WINDOWS.0\UninstVeetleTVPlayer.exe

Virtual DJ - Atomix Productions-->G:\Logiciel\VIRTUA~1\UNWISE.EXE G:\Logiciel\VIRTUA~1\INSTALL.LOG

VLC media player 0.9.4-->g:\logiciel\VideoLAN\VLC\uninstall.exe

WinBar-->g:\logiciel\WinBar\Uninstall.exe

Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS.0\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf

 

=====HijackThis Backups=====

 

O4 - HKCU\..\Run: [bandook] C:\WINDOWS\system32\svhcost.exe

O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\svhcost.exe

O4 - HKCU\..\Run: [bandook] C:\WINDOWS\system32\svhcost.exe

O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\svhcost.exe

O4 - HKCU\..\Run: [bandook] C:\WINDOWS\system32\svhcost.exe

O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\svhcost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "g:\logiciel\Reader 8.0\Reader\Reader_sl.exe"

O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php

O20 - Winlogon Notify: rwnh32 - C:\WINDOWS\SYSTEM32\rwnh32.dll

O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - c:\windows\system32\iegfilt.dll

O23 - Service: afisicx - Unknown owner - C:\WINDOWS.0\system32\afisicx.exe

O23 - Service: roytctm - Unknown owner - C:\WINDOWS.0\system32\roytctm.exe

O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS.0\system32\mscico.exe

O23 - Service: wsldoekd - Unknown owner - C:\WINDOWS.0\system32\wsldoekd.exe

O23 - Service: tdydowkc - Unknown owner - C:\WINDOWS.0\system32\tdydowkc.exe

O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS.0\system32\soxpeca.exe

O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS.0\system32\mabidwe.exe

O23 - Service: noytcyr - Unknown owner - C:\WINDOWS.0\system32\noytcyr.exe

O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS.0\system32\soxpeca.exe (file missing)

O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS.0\system32\noytcyr.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe

O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS.0\system32\tdydowkc.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS.0\UpdReg.EXE

O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS.0\system32\mabidwe.exe

O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS.0\system32\soxpeca.exe (file missing)

O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS.0\system32\roytctm.exe

O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINDOWS.0\system32\wsldoekd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe

O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS.0\system32\mscico.exe

O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS.0\system32\mscico.exe

O23 - Service: tdydowkc - Unknown owner - C:\WINDOWS.0\system32\tdydowkc.exe (file missing)

O23 - Service: noytcyr - Unknown owner - C:\WINDOWS.0\system32\noytcyr.exe (file missing)

O23 - Service: wsldoekd - Unknown owner - C:\WINDOWS.0\system32\wsldoekd.exe (file missing)

O23 - Service: roytctm - Unknown owner - C:\WINDOWS.0\system32\roytctm.exe (file missing)

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition Classic (disabled)

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

 

 

-------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by BaPoR at 2008-12-03 19:51:28

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 52 GB (73%) free of 71 GB

Total RAM: 2047 MB (43% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:51:33, on 03/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\csrss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\Ati2evxx.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\Ati2evxx.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\WINDOWS.0\Explorer.EXE

G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS.0\system32\CTXFIHLP.EXE

G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS.0\system32\ctfmon.exe

G:\logiciel\SuperCopier2\SuperCopier2.exe

C:\Program Files\Messenger\msmsgs.exe

G:\logiciel\Free Download Manager\fdm.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

G:\Logiciel\Logitech\SetPoint\SetPoint.exe

G:\Logiciel\WinBar\WinBar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS.0\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\wscntfy.exe

C:\WINDOWS.0\System32\alg.exe

G:\Jeux\Alerte Rouge 3\RA3.exe

G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game

G:\Logiciel\mIRC\mirc.exe

C:\WINDOWS.0\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

G:\Logiciel\Mozilla Firefox\firefox.exe

C:\WINDOWS.0\system32\NOTEPAD.EXE

C:\Documents and Settings\BaPoR\Bureau\RSIT.exe

C:\WINDOWS.0\system32\wbem\wmiprvse.exe

G:\Logiciel\BaPoR.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\logiciel\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [avgnt] "G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKCU\..\Run: [superCopier2.exe] g:\logiciel\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] "G:\logiciel\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe

O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\logiciel\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\logiciel\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS.0\system32\mscico.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe

 

--

End of file - 9221 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS.0\tasks\1-Click Maintenance.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-25 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

FDMIECookiesBHO Class - G:\logiciel\Free Download Manager\iefdm2.dll [2008-06-18 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-25 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-25 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-25 136600]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024]

"Kernel and Hardware Abstraction Layer"=C:\WINDOWS.0\KHALMNPR.EXE [2008-02-29 76304]

"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-11-04 49152]

"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]

"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-07-13 122880]

"Adobe Reader Speed Launcher"=G:\logiciel\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"CTxfiHlp"=C:\WINDOWS.0\system32\CTXFIHLP.EXE [2008-07-11 19968]

"avgnt"=G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"KernelFaultCheck"=C:\WINDOWS.0\system32\dumprep 0 -k []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]

"SuperCopier2.exe"=g:\logiciel\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

"Free Download Manager"=G:\logiciel\Free Download Manager\fdm.exe [2008-05-20 2474031]

"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

 

C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage

Logitech SetPoint.lnk - G:\Logiciel\Logitech\SetPoint\SetPoint.exe

 

C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage

WinBar.lnk - G:\Logiciel\WinBar\WinBar.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS.0\system32\Ati2evxx.dll [2008-08-21 143360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll [2008-05-07 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"MemCheckBoxInRunDlg"=1

"NoSMBalloonTip"=1

"NoDesktopCleanupWizard"=1

"NoWelcomeScreen"=1

"NoStrCmpLogical"=0

"NoInstrumentation"=0

"NoDrives"=0

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"G:\Logiciel\Azureus\Azureus.exe"="G:\Logiciel\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE"="G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

 

======List of files/folders created in the last 1 months======

 

2008-12-03 19:51:28 ----D---- C:\rsit

2008-12-03 12:49:19 ----D---- C:\_OTMoveIt

2008-12-03 01:41:29 ----A---- C:\WINDOWS.0\system32\unrar.dll

2008-12-03 01:41:28 ----A---- C:\WINDOWS.0\system32\yv12vfw.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidvfw.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidcore.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\qt-dx331.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\dpl100.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\divx.dll

2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll.manifest

2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll

2008-12-03 00:33:08 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira

2008-12-02 02:41:03 ----SHD---- C:\RECYCLER

2008-12-02 02:35:07 ----A---- C:\ComboFix.txt

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\zip.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\VFIND.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWXCACLS.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWSC.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWREG.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\sed.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\NIRCMD.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\grep.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\fdsv.exe

2008-12-01 21:41:12 ----D---- C:\Qoobox

2008-12-01 16:31:46 ----HD---- C:\WINDOWS.0\system32\GroupPolicy

2008-12-01 13:52:14 ----A---- C:\WINDOWS.0\NeroDigital.ini

2008-12-01 12:52:55 ----D---- C:\Documents and Settings\BaPoR\Application Data\vlc

2008-12-01 01:37:46 ----A---- C:\resultat.txt

2008-11-30 21:04:29 ----D---- C:\Program Files\Veetle

2008-11-30 21:04:29 ----A---- C:\WINDOWS.0\UninstVeetleTVPlayer.exe

2008-11-30 19:33:34 ----D---- C:\Documents and Settings\BaPoR\Application Data\WinRAR

2008-11-30 19:29:49 ----D---- C:\WINDOWS.0\ERUNT

2008-11-30 19:20:19 ----D---- C:\SDFix

2008-11-28 16:52:58 ----A---- C:\WINDOWS.0\system32\TwnLib20.dll

2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXRA7.dll

2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXR7.dll

2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXpr7.dll

2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagX7.dll

2008-11-28 16:52:57 ----D---- C:\Program Files\Fichiers communs\Ahead

2008-11-28 16:52:57 ----A---- C:\WINDOWS.0\system32\NeroCheck.exe

2008-11-25 01:14:51 ----A---- C:\WINDOWS.0\wininit.ini

2008-11-24 23:57:19 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

2008-11-24 23:57:19 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)

2008-11-24 23:57:18 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)

2008-11-24 23:56:30 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

2008-11-24 23:55:26 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy

2008-11-22 01:23:03 ----A---- C:\Program Files\cvhx.txt

2008-11-22 01:09:05 ----A---- C:\WINDOWS.0\obzgi.txt

2008-11-22 01:06:31 ----D---- C:\Documents and Settings\BaPoR\Application Data\Malwarebytes

2008-11-22 01:06:27 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes

2008-11-22 00:23:41 ----A---- C:\Boot.bak

2008-11-22 00:23:38 ----RASHD---- C:\cmdcons

2008-11-22 00:20:34 ----D---- C:\WINDOWS.0\ERDNT

2008-11-20 15:35:38 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi

2008-11-19 23:43:00 ----D---- C:\Program Files\Fichiers communs\Creative Labs Shared

2008-11-19 23:27:38 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml32.tmp

2008-11-19 23:27:38 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml31.tmp

2008-11-19 23:27:38 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml30.tmp

2008-11-19 23:27:33 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2F.tmp

2008-11-19 23:27:32 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2E.tmp

2008-11-19 23:27:32 ----A---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2D.tmp

2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DX9_40.dll

2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\d3dx10_40.dll

2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DCompiler_40.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_3.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_2.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_2.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_1.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\xactengine3_3.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\X3DAudio1_5.dll

2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\xactengine3_2.dll

2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DX9_39.dll

2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\d3dx10_39.dll

2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DCompiler_39.dll

2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAudio2_1.dll

2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAPOFX1_0.dll

2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\xactengine3_1.dll

2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\X3DAudio1_4.dll

2008-11-16 21:26:10 ----A---- C:\WINDOWS.0\system32\XAudio2_0.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\xactengine3_0.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\X3DAudio1_3.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DX9_37.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\d3dx10_37.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DCompiler_37.dll

2008-11-16 21:26:06 ----A---- C:\WINDOWS.0\system32\xactengine2_9.dll

 

======List of files/folders modified in the last 1 months======

 

2008-12-03 19:51:33 ----D---- C:\Documents and Settings\BaPoR\Application Data\Free Download Manager

2008-12-03 19:32:29 ----D---- C:\WINDOWS.0\Prefetch

2008-12-03 18:52:33 ----A---- C:\WINDOWS.0\SchedLgU.Txt

2008-12-03 18:48:36 ----D---- C:\WINDOWS.0\Temp

2008-12-03 18:48:02 ----D---- C:\WINDOWS.0

2008-12-03 14:35:13 ----D---- C:\WINDOWS.0\Minidump

2008-12-03 12:50:07 ----D---- C:\Documents and Settings\BaPoR\Application Data\Azureus

2008-12-03 12:40:06 ----D---- C:\WINDOWS.0\system32

2008-12-03 01:30:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\Spybot - Search & Destroy

2008-12-03 01:17:35 ----D---- C:\WINDOWS.0\system32\CatRoot2

2008-12-03 00:33:09 ----D---- C:\WINDOWS.0\system32\drivers

2008-12-02 02:34:11 ----A---- C:\WINDOWS.0\system.ini

2008-12-02 02:31:56 ----D---- C:\WINDOWS.0\system32\config

2008-12-02 02:31:26 ----D---- C:\WINDOWS.0\AppPatch

2008-12-02 02:31:26 ----D---- C:\Program Files\Fichiers communs

2008-12-01 16:51:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\dvdcss

2008-12-01 16:17:21 ----D---- C:\WINDOWS.0\Help

2008-11-30 21:04:29 ----RD---- C:\Program Files

2008-11-30 20:02:18 ----SHD---- C:\System Volume Information

2008-11-30 20:02:18 ----D---- C:\WINDOWS.0\system32\Restore

2008-11-30 19:30:18 ----A---- C:\WINDOWS.0\ntbtlog.txt

2008-11-30 19:27:45 ----D---- C:\Documents and Settings

2008-11-30 16:20:55 ----A---- C:\WINDOWS.0\win.ini

2008-11-30 15:07:23 ----SD---- C:\WINDOWS.0\Downloaded Program Files

2008-11-30 15:07:21 ----HD---- C:\WINDOWS.0\inf

2008-11-25 23:12:45 ----A---- C:\WINDOWS.0\system32\CmdLineExt.dll

2008-11-22 00:23:41 ----RASH---- C:\boot.ini

2008-11-20 15:35:13 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi-Backup

2008-11-20 15:30:01 ----D---- C:\Temp

2008-11-19 23:43:04 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-19 23:42:54 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Creative

2008-11-19 23:42:49 ----A---- C:\WINDOWS.0\system32\wrap_oal.dll

2008-11-19 23:42:49 ----A---- C:\WINDOWS.0\system32\OpenAL32.dll

2008-11-19 23:42:35 ----D---- C:\WINDOWS.0\system32\Data

2008-11-19 23:42:30 ----RSHDC---- C:\WINDOWS.0\system32\dllcache

2008-11-19 23:36:45 ----D---- C:\WINDOWS.0\system

2008-11-19 22:53:30 ----RSD---- C:\WINDOWS.0\assembly

2008-11-19 22:53:10 ----D---- C:\WINDOWS.0\system32\DirectX

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2008-10-30 75072]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 irda;Protocole IrDA; C:\WINDOWS.0\system32\DRIVERS\irda.sys [2008-04-13 88192]

R2 tmcomm;tmcomm; \??\C:\WINDOWS.0\system32\drivers\tmcomm.sys []

R3 ati2mtag;ati2mtag; C:\WINDOWS.0\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]

R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS.0\system32\DRIVERS\atinavt2.sys [2008-05-15 171520]

R3 avgntflt;avgntflt; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS.0\system32\CT20XUT.DLL [2008-07-15 170520]

R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS.0\system32\drivers\ctac32k.sys [2008-07-15 511000]

R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS.0\system32\drivers\ctaud2k.sys [2008-07-15 527384]

R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS.0\system32\CTEXFIFX.DLL [2008-07-15 1323544]

R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS.0\system32\CTHWIUT.DLL [2008-07-15 72728]

R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS.0\system32\drivers\ctprxy2k.sys [2008-07-15 14360]

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\drivers\ctsfm2k.sys [2008-07-15 157208]

R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS.0\system32\drivers\emupia2k.sys [2008-07-15 92696]

R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS.0\system32\drivers\ha20x2k.sys [2008-07-15 1173016]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS.0\system32\DRIVERS\hamachi.sys [2008-11-20 25544]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS.0\system32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS.0\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]

R3 mouhid;Pilote HID de souris; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS.0\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\drivers\ctoss2k.sys [2008-07-15 127000]

R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS.0\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS.0\system32\drivers\WmBEnum.sys [2008-01-24 19336]

R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS.0\system32\drivers\WmXlCore.sys [2008-01-24 48904]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S3 akwhoahx;akwhoahx; C:\WINDOWS.0\system32\drivers\akwhoahx.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS.0\system32\drivers\ctdvda2k.sys [2008-07-15 347080]

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]

S3 mbr;mbr; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys []

S3 MPE;Filtre BDA MPE; C:\WINDOWS.0\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS.0\system32\drivers\ccdcmb.sys [2008-05-07 17536]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS.0\system32\drivers\ccdcmbo.sys [2008-05-07 20864]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS.0\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS.0\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS.0\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]

S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS.0\system32\drivers\WmFilter.sys [2008-01-24 28168]

S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS.0\system32\drivers\WmHidLo.sys [2008-01-24 29192]

S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS.0\system32\drivers\WmVirHid.sys [2008-01-24 14728]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\system32\Ati2evxx.exe [2008-08-21 573440]

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS.0\system32\CTsvcCDA.exe [1999-12-13 44032]

R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]

S2 ATI Smart;ATI Smart; C:\WINDOWS.0\system32\ati2sgag.exe [2008-08-20 593920]

S2 Irmon;Moniteur infrarouge; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]

S2 mscicosd;Files Management Service; C:\WINDOWS.0\system32\mscico.exe [2008-04-14 66560]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2008-11-19 79360]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS.0\System32\TuneUpDefragService.exe [2008-10-06 307968]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

 

-----------------EOF-----------------

 

 

 

Je continue avec Gmer

bapor Member

bapor

Posté(e)
  • Auteur
Posté(e)

Et gmer

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-03 20:00:05

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.14 ----

 

SSDT sptd.sys ZwCreateKey [0xF75000B0]

SSDT A908F084 ZwCreateThread

SSDT sptd.sys ZwEnumerateKey [0xF750584E]

SSDT sptd.sys ZwEnumerateValueKey [0xF7505BEE]

SSDT sptd.sys ZwOpenKey [0xF7500090]

SSDT A908F070 ZwOpenProcess

SSDT A908F075 ZwOpenThread

SSDT sptd.sys ZwQueryKey [0xF7505CC6]

SSDT sptd.sys ZwQueryValueKey [0xF7505B46]

SSDT sptd.sys ZwSetValueKey [0xF7505D58]

SSDT A908F07F ZwTerminateProcess

SSDT A908F07A ZwWriteVirtualMemory

 

---- Kernel code sections - GMER 1.0.14 ----

 

? C:\WINDOWS.0\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

.text USBPORT.SYS!DllUnload B977C8AC 5 Bytes JMP 8991E1B8

? System32\Drivers\akwhoahx.SYS Le chemin d'accès spécifié est introuvable. !

? C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. !

? C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. !

 

---- User code sections - GMER 1.0.14 ----

 

.text G:\Logiciel\Mozilla Firefox\firefox.exe[280] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text G:\Logiciel\Mozilla Firefox\firefox.exe[280] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text G:\Logiciel\Mozilla Firefox\firefox.exe[280] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\Logiciel\Mozilla Firefox\firefox.exe[280] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\WINDOWS.0\Explorer.EXE[332] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\WINDOWS.0\Explorer.EXE[332] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS.0\Explorer.EXE[332] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE[464] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\Java\jre6\bin\jusched.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\Java\jre6\bin\jusched.exe[576] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Java\jre6\bin\jusched.exe[576] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[588] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\MessengerPlus! 3\MsgPlus.exe[604] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[624] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[628] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[652] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS.0\system32\CTXFIHLP.EXE[1004] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01BA4408 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou)

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!send 719F4C27 5 Bytes JMP 01BA48E8 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou)

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] WS2_32.dll!recv 719F676F 5 Bytes JMP 01BA48A6 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou)

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!Shell_NotifyIcon 7CA321D6 5 Bytes JMP 01BA1163 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll (Messenger Plus! Hook DLL/Patchou)

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1136] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1164] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\WINDOWS.0\system32\ctfmon.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\WINDOWS.0\system32\ctfmon.exe[1240] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS.0\system32\ctfmon.exe[1240] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\logiciel\SuperCopier2\SuperCopier2.exe[1276] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\Messenger\msmsgs.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\Messenger\msmsgs.exe[1292] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Messenger\msmsgs.exe[1292] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text G:\logiciel\Free Download Manager\fdm.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text G:\logiciel\Free Download Manager\fdm.exe[1360] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\logiciel\Free Download Manager\fdm.exe[1360] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Java\jre6\bin\jucheck.exe[1388] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\Logiciel\Logitech\SetPoint\SetPoint.exe[1572] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text G:\Logiciel\WinBar\WinBar.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A

.text G:\Logiciel\WinBar\WinBar.exe[1588] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\Logiciel\WinBar\WinBar.exe[1588] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A

.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1616] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\Jeux\Alerte Rouge 3\RA3.exe[1972] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\Documents and Settings\BaPoR\Bureau\Bapor.exe[2088] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A

.text C:\Documents and Settings\BaPoR\Bureau\Bapor.exe[2088] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text G:\Logiciel\mIRC\mirc.exe[2184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text G:\Logiciel\mIRC\mirc.exe[2184] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text G:\Logiciel\mIRC\mirc.exe[2184] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text G:\Logiciel\mIRC\mirc.exe[2184] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\WINDOWS.0\System32\alg.exe[2232] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A

.text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[2248] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A

.text G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe[2916] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text C:\WINDOWS.0\system32\CTsvcCDA.exe[2940] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[3056] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text C:\WINDOWS.0\system32\svchost.exe[3448] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text C:\WINDOWS.0\system32\wscntfy.exe[3652] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\WINDOWS.0\system32\wscntfy.exe[3652] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

.text C:\WINDOWS.0\system32\wscntfy.exe[3652] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS.0\system32\wscntfy.exe[3652] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A

.text C:\WINDOWS.0\System32\svchost.exe[3836] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]

 

---- Kernel IAT/EAT - GMER 1.0.14 ----

 

IAT \WINDOWS.0\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys

IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7513A9A] sptd.sys

 

---- User IAT/EAT - GMER 1.0.14 ----

 

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINDOWS.0\Explorer.EXE[332] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CEA7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] [00E7D50D] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetOverlappedResult] [00E5BF1B] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00E706C8] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\IPHLPAPI.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\SAMLIB.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [00E6F54C] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00E6EEB9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00E6F8F9] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!TerminateProcess] [00E7DAEB] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [00E5D354] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [00E5FC90] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetFileAttributesA] [00E557D2] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00E71788] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00E72C58] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

IAT G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game[2100] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!FindFirstFileA] [00E6C4DD] G:\Jeux\Alerte Rouge 3\Data\ra3_1.4.game (Command & Conquer Red Alert 3/Electronic Arts Inc.)

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs 89B961D8

Device \FileSystem\Fastfat \FatCdrom 88519980

Device \Driver\USBSTOR \Device\0000008e 88566980

Device \Driver\usbuhci \Device\USBPDO-0 8991D1D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C0B1D8

Device \Driver\dmio \Device\DmControl\DmConfig 89C0B1D8

Device \Driver\dmio \Device\DmControl\DmPnP 89C0B1D8

Device \Driver\dmio \Device\DmControl\DmInfo 89C0B1D8

Device \Driver\usbuhci \Device\USBPDO-1 8991D1D8

Device \Driver\usbuhci \Device\USBPDO-2 8991D1D8

Device \Driver\00000049 \Device\00000053 sptd.sys

Device \Driver\usbuhci \Device\USBPDO-3 8991D1D8

Device \Driver\usbehci \Device\USBPDO-4 898EE3D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 89B981D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 89B981D8

Device \Driver\Cdrom \Device\CdRom0 899341D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 89B981D8

Device \Driver\Cdrom \Device\CdRom1 899341D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 89B981D8

Device \Driver\Cdrom \Device\CdRom2 899341D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{7F70818D-6FD2-447D-9091-77825C7C4FFD} 885891D8

Device \Driver\NetBT \Device\NetBt_Wins_Export 885891D8

Device \Driver\USBSTOR \Device\00000091 88566980

Device \Driver\NetBT \Device\NetbiosSmb 885891D8

Device \Driver\usbuhci \Device\USBFDO-0 8991D1D8

Device \Driver\usbuhci \Device\USBFDO-1 8991D1D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88572980

Device \Driver\usbuhci \Device\USBFDO-2 8991D1D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 88572980

Device \Driver\usbuhci \Device\USBFDO-3 8991D1D8

Device \Driver\usbehci \Device\USBFDO-4 898EE3D0

Device \Driver\Ftdisk \Device\FtControl 89B981D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{0B84BA82-B0C7-45B6-8D39-3F3522CA1C76} 885891D8

Device \Driver\akwhoahx \Device\Scsi\akwhoahx1 8977D560

Device \Driver\akwhoahx \Device\Scsi\akwhoahx1Port4Path0Target0Lun0 8977D560

Device \FileSystem\Fastfat \Fat 88519980

 

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

Device \FileSystem\Cdfs \Cdfs 884F71D8

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 430378978

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -382329079

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 g:\logiciel\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x7B 0xFB 0x88 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0xC1 0x69 0xAC ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x45 0xAC 0x22 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 g:\logiciel\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x7B 0xFB 0x88 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0xC1 0x69 0xAC ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x45 0xAC 0x22 ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Core\1.0\config.txt 2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Meta\1.0\config.txt 2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Movies\1.0\config.txt 2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\EnglishAudio\1.0\config.txt 2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\Lang-french\1.0\config.txt 2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\CNC3EP1_french_1.0.SkuDef 2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\RetailExe\1.0\Data\Cursors\SCCTelestrator.ani 2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@G:\Jeux\Command & Conquer\x00a03\xa0 La Fureur de Kane\RetailExe\1.0\config.txt 2

 

---- Disk sectors - GMER 1.0.14 ----

 

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x8a781ce size 0x1ac

 

---- EOF - GMER 1.0.14 ----

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir bapor !

 

Imprime cette procédure, tu n'auras pas forcément accès à Internet en mode sans échec...

c_astuce_knife.jpg

 

1 ) Relance GMER

  • Clique-droit sur tous les éléments qui commencent par
    .text
    (utilise la touche SHIFT pour ne pas devoir cliquer des dizaines de fois !)
  • Clique ensuite sur Restore Code GmerRestore.JPG

 

 

2 ) Applique la procédure indiquée sur cette page avec la commande sfc /scannow (n'oublie pas l'espace !)

 

 

 

3 ) Télécharge SDFix de AndyManchesta et enregistre-le sur ton Bureau.

 

Double-clique sur SDFix.exe et sélectionne Install pour le décompresser à la racine de ton disque dur ; un fichier texte s'ouvre pour t'avertir que c'est terminé (ferme-le !)

 

4 ) Démarre en mode sans échec sur ta session comme indiqué ici (utilise ABSOLUMENT la première solution !)

  • Ouvre le dossier SDFix qui est apparu à la racine de ton disque dur et double-clique sur RunThis.bat pour lancer le script sd1.JPG
  • Appuie sur Y pour démarrer le nettoyage
  • SDFix va supprimer les parties de certains malware's trouvés et te demandera d'appuyer sur une touche pour redémarrer
  • Appuie donc sur une touche pour redémarrer la machine
  • Ton système sera plus long que d'habitude pour redémarrer car le fix va continuer à travailler pendant le redémarrage
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
  • Appuie sur une touche pour terminer le nettoyage et charger les icônes de ton Bureau
  • Une fois que les icônes du Bureau seront affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera dans le dossier SDFix sous le nom Report.txt
  • Copie-colle alors le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

 

 

 

5 ) Télécharge The Avenger2 par Swandog46 sur ton Bureau

(je t'envoie l'adresse en privé)

 

Clique-droit sur Avenger.zip pour extraire le dossier sur ton bureau

 

 

6 ) Copie tout le texte écrit en citation (sélectionne-le, puis choisis "Edition" --> "Copier")

 

Commence à copier ici:

 

Drivers to disable:

mscicosd

mbr

mchInjDrv

CTEXFIFX.DLL

CTHWIUT.DLL

akwhoahx

soxpeca

mabidwe

noytcyr

tdydowkc

roytctm

wsldoekd

afisicx

 

Drivers to delete:

mscicosd

mbr

mchInjDrv

CTEXFIFX.DLL

CTHWIUT.DLL

akwhoahx

soxpeca

mabidwe

noytcyr

tdydowkc

roytctm

wsldoekd

afisicx

 

Files to delete:

C:\WINDOWS.0\system32\mscico.exe

C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys

C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml32.tmp

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml31.tmp

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml30.tmp

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2F.tmp

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2E.tmp

C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2D.tmp

C:\WINDOWS.0\system32\CT20XUT.DLL

C:\WINDOWS.0\system32\CTHWIUT.DLL

C:\WINDOWS.0\system32\drivers\akwhoahx.sys

C:\WINDOWS.0\system32\tdydowkc.exe

C:\WINDOWS.0\system32\noytcyr.exe

C:\WINDOWS.0\system32\wsldoekd.exe

C:\WINDOWS.0\system32\roytctm.exe

C:\WINDOWS.0\system32\afisicx.exe

C:\WINDOWS.0\system32\soxpeca.exe

C:\WINDOWS.0\system32\mabidwe.exe

C:\WINDOWS.0\UpdReg.EXE

 

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.

si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

 

 

7 ) Exécute The Avenger en cliquant l'icône avec la petite épée

  • Accepte l'avertissement affiché au lancement de l'outil

    avav.JPG


     

  • Dans cette fenêtre, colle le texte que tu viens de copier ("Edit" --> "Paste")

    avtut.JPG


     

  • Clique sur Execute pour démarrer l'exécution du script
     
  • Réponds "Yes" deux fois quand il le demande

 

8 ) The Avenger va redémarrer ton PC, ouvrir brièvement une fenêtre noire et afficher un rapport (c:\avenger.txt)

-------> Merci de copier ce rapport dans ton prochain message et de répondre aux questions posées...

 

 

J'attends donc ton retour avec les rapports de :

  1. SDFix
  2. Avenger

 

 

Bonne soirée à toi !

thumb52.jpg

bapor Member

bapor

Posté(e)
  • Auteur
Posté(e)

SDFix: Version 1.240

Run by BaPoR on 03/12/2008 at 22:12

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS.EXE - Deleted

C:\WINDOWS.EXE - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-03 22:15:34

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:19a70fe2

"s2"=dword:e9361f09

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="g:\logiciel\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:66,7b,fb,88,89,26,46,ed,09,9b,01,17,b4,1c,d9,4d,c9,95,23,29,9c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,7d,db,b3,75,9a,0c,bf,df,45,cb,0c,b5,2b,ef,ca,77,83,..

"khjeh"=hex:3b,c1,69,ac,ab,b8,99,02,a4,fc,4a,3f,43,94,eb,9c,2c,39,36,a1,a4,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9f,dd,7a,e1,59,a3,59,bb,dd,0c,19,59,af,fd,63,dd,4c,f8,e6,89,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="g:\logiciel\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:66,7b,fb,88,89,26,46,ed,09,9b,01,17,b4,1c,d9,4d,c9,95,23,29,9c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,7d,db,b3,75,9a,0c,bf,df,45,cb,0c,b5,2b,ef,ca,77,83,..

"khjeh"=hex:3b,c1,69,ac,ab,b8,99,02,a4,fc,4a,3f,43,94,eb,9c,2c,39,36,a1,a4,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9f,dd,7a,e1,59,a3,59,bb,dd,0c,19,59,af,fd,63,dd,4c,f8,e6,89,88,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"G:\\Logiciel\\Azureus\\Azureus.exe"="G:\\Logiciel\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"G:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"

Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"

Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"

Wed 3 Dec 2008 2,834 ...HR --- "C:\Documents and Settings\BaPoR\Application Data\SecuROM\UserData\securom_v7_01.bak"

 

Finished!

bapor Member

bapor

Posté(e)
  • Auteur
Posté(e)

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

Driver "mscicosd" disabled successfully.

Driver "mbr" disabled successfully.

 

Error: could not open driver "mchInjDrv"

Disablement of driver "mchInjDrv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

Driver "CTEXFIFX.DLL" disabled successfully.

Driver "CTHWIUT.DLL" disabled successfully.

 

Error: could not open driver "akwhoahx"

Disablement of driver "akwhoahx" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open driver "soxpeca"

Disablement of driver "soxpeca" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open driver "mabidwe"

Disablement of driver "mabidwe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open driver "noytcyr"

Disablement of driver "noytcyr" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open driver "tdydowkc"

Disablement of driver "tdydowkc" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open driver "roytctm"

Disablement of driver "roytctm" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open driver "wsldoekd"

Disablement of driver "wsldoekd" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open driver "afisicx"

Disablement of driver "afisicx" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

Driver "mscicosd" deleted successfully.

Driver "mbr" deleted successfully.

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mchInjDrv" not found!

Deletion of driver "mchInjDrv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

Driver "CTEXFIFX.DLL" deleted successfully.

Driver "CTHWIUT.DLL" deleted successfully.

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\akwhoahx" not found!

Deletion of driver "akwhoahx" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\soxpeca" not found!

Deletion of driver "soxpeca" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mabidwe" not found!

Deletion of driver "mabidwe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\noytcyr" not found!

Deletion of driver "noytcyr" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdydowkc" not found!

Deletion of driver "tdydowkc" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\roytctm" not found!

Deletion of driver "roytctm" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\wsldoekd" not found!

Deletion of driver "wsldoekd" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\afisicx" not found!

Deletion of driver "afisicx" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

File "C:\WINDOWS.0\system32\mscico.exe" deleted successfully.

 

Error: file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys" not found!

Deletion of file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mbr.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp" not found!

Deletion of file "C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml32.tmp" deleted successfully.

File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml31.tmp" deleted successfully.

File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml30.tmp" deleted successfully.

File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2F.tmp" deleted successfully.

File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2E.tmp" deleted successfully.

File "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\xml2D.tmp" deleted successfully.

File "C:\WINDOWS.0\system32\CT20XUT.DLL" deleted successfully.

File "C:\WINDOWS.0\system32\CTHWIUT.DLL" deleted successfully.

 

Error: file "C:\WINDOWS.0\system32\drivers\akwhoahx.sys" not found!

Deletion of file "C:\WINDOWS.0\system32\drivers\akwhoahx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS.0\system32\tdydowkc.exe" not found!

Deletion of file "C:\WINDOWS.0\system32\tdydowkc.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS.0\system32\noytcyr.exe" not found!

Deletion of file "C:\WINDOWS.0\system32\noytcyr.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS.0\system32\wsldoekd.exe" not found!

Deletion of file "C:\WINDOWS.0\system32\wsldoekd.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS.0\system32\roytctm.exe" not found!

Deletion of file "C:\WINDOWS.0\system32\roytctm.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS.0\system32\afisicx.exe" not found!

Deletion of file "C:\WINDOWS.0\system32\afisicx.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS.0\system32\soxpeca.exe" not found!

Deletion of file "C:\WINDOWS.0\system32\soxpeca.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS.0\system32\mabidwe.exe" not found!

Deletion of file "C:\WINDOWS.0\system32\mabidwe.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

File "C:\WINDOWS.0\UpdReg.EXE" deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir bapor,

 

*** Ces outils ont fait un excellent travail... et toi aussi ! *** :P

# Comment fonctionne ton PC ?

 

 

1) Peux-tu générer un nouveau rapport avec RSIT et le poster stp ?

 

 

2) Nous allons vérifier qu'il ne reste pas d'infection à l'aide d'un scan en ligne :

 

Rends-toi sur le site de Kaspersky WebScanner

 

Pour démarrer l'analyse, tu sélectionnes "Démarrer Online scanner".kas.JPG

 

Cette manipulation doit absolument être effectuée avec Internet Explorer

 

Télécharge le contôle Active X, accepte .

Dans le menu "Choisissez la cible de l'analyse", sélectionne "Poste de travail".

Le scan va commencer. Poste le rapport qui sera généré stp.

 

Très bon tutoriel ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

 

@ la prochaine !

phantasy-quest-50.jpg

bapor Member

bapor

Posté(e)
  • Auteur
Posté(e)

Logfile of random's system information tool 1.04 (written by random/random)

Run by BaPoR at 2008-12-03 23:50:27

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 51 GB (72%) free of 71 GB

Total RAM: 2047 MB (71% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:50:33, on 03/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\csrss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\Ati2evxx.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\Ati2evxx.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS.0\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS.0\CTHELPER.EXE

C:\WINDOWS.0\system32\CTXFIHLP.EXE

C:\WINDOWS.0\system32\ctfmon.exe

C:\WINDOWS.0\SYSTEM32\CTXFISPI.EXE

G:\logiciel\SuperCopier2\SuperCopier2.exe

C:\Program Files\Messenger\msmsgs.exe

G:\logiciel\Free Download Manager\fdm.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

G:\Logiciel\Logitech\SetPoint\SetPoint.exe

G:\Logiciel\WinBar\WinBar.exe

C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS.0\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\system32\wscntfy.exe

C:\WINDOWS.0\System32\alg.exe

g:\Logiciel\Mozilla Firefox\firefox.exe

C:\WINDOWS.0\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\BaPoR\Bureau\RSIT.exe

C:\WINDOWS.0\system32\wbem\wmiprvse.exe

G:\Logiciel\BaPoR.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\logiciel\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\logiciel\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKCU\..\Run: [superCopier2.exe] g:\logiciel\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] "G:\logiciel\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: WinBar.lnk = G:\Logiciel\WinBar\WinBar.exe

O4 - Global Startup: Logitech SetPoint.lnk = G:\Logiciel\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\logiciel\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://G:\logiciel\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://G:\logiciel\Free Download Manager\dlfvideo.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\logiciel\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS.0\System32\TuneUpDefragService.exe

 

--

End of file - 8859 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS.0\tasks\1-Click Maintenance.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-25 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

FDMIECookiesBHO Class - G:\logiciel\Free Download Manager\iefdm2.dll [2008-06-18 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-25 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-25 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-25 136600]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024]

"Kernel and Hardware Abstraction Layer"=C:\WINDOWS.0\KHALMNPR.EXE [2008-02-29 76304]

"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -1 AudioDrvEmulator C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll []

"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]

"Adobe Reader Speed Launcher"=G:\logiciel\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"avgnt"=G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"KernelFaultCheck"=C:\WINDOWS.0\system32\dumprep 0 -k []

"CTHelper"=C:\WINDOWS.0\CTHELPER.EXE [2006-08-17 17920]

"CTxfiHlp"=C:\WINDOWS.0\system32\CTXFIHLP.EXE [2006-08-17 18944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]

"SuperCopier2.exe"=g:\logiciel\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-07 190024]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

"Free Download Manager"=G:\logiciel\Free Download Manager\fdm.exe [2008-05-20 2474031]

"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

 

C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage

Logitech SetPoint.lnk - G:\Logiciel\Logitech\SetPoint\SetPoint.exe

 

C:\Documents and Settings\BaPoR\Menu Démarrer\Programmes\Démarrage

WinBar.lnk - G:\Logiciel\WinBar\WinBar.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS.0\system32\Ati2evxx.dll [2008-08-21 143360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll [2008-05-07 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"MemCheckBoxInRunDlg"=1

"NoSMBalloonTip"=1

"NoDesktopCleanupWizard"=1

"NoWelcomeScreen"=1

"NoStrCmpLogical"=0

"NoInstrumentation"=0

"NoDrives"=0

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"G:\Logiciel\Azureus\Azureus.exe"="G:\Logiciel\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE"="G:\Logiciel\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

 

======List of files/folders created in the last 1 months======

 

2008-12-03 23:28:06 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Creative Labs

2008-12-03 23:26:55 ----A---- C:\WINDOWS.0\system32\instwdm.ini

2008-12-03 23:26:55 ----A---- C:\WINDOWS.0\system32\ctzapxx.ini

2008-12-03 22:23:24 ----D---- C:\Avenger

2008-12-03 22:23:23 ----A---- C:\avenger.txt

2008-12-03 22:20:42 ----A---- C:\cleanup.exe

2008-12-03 19:55:35 ----A---- C:\WINDOWS.0\gmer.ini

2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer_uninstall.cmd

2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer.exe

2008-12-03 19:55:34 ----A---- C:\WINDOWS.0\gmer.dll

2008-12-03 19:51:28 ----D---- C:\rsit

2008-12-03 12:49:19 ----D---- C:\_OTMoveIt

2008-12-03 01:41:29 ----A---- C:\WINDOWS.0\system32\unrar.dll

2008-12-03 01:41:28 ----A---- C:\WINDOWS.0\system32\yv12vfw.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidvfw.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\xvidcore.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\qt-dx331.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\dpl100.dll

2008-12-03 01:41:27 ----A---- C:\WINDOWS.0\system32\divx.dll

2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll.manifest

2008-12-03 01:41:26 ----A---- C:\WINDOWS.0\system32\ff_vfw.dll

2008-12-03 00:33:08 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira

2008-12-02 02:41:03 ----SHD---- C:\RECYCLER

2008-12-02 02:35:07 ----A---- C:\ComboFix.txt

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\zip.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\VFIND.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWXCACLS.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWSC.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\SWREG.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\sed.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\NIRCMD.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\grep.exe

2008-12-01 21:41:16 ----A---- C:\WINDOWS.0\fdsv.exe

2008-12-01 21:41:12 ----D---- C:\Qoobox

2008-12-01 16:31:46 ----HD---- C:\WINDOWS.0\system32\GroupPolicy

2008-12-01 13:52:14 ----A---- C:\WINDOWS.0\NeroDigital.ini

2008-12-01 12:52:55 ----D---- C:\Documents and Settings\BaPoR\Application Data\vlc

2008-12-01 01:37:46 ----A---- C:\resultat.txt

2008-11-30 21:04:29 ----D---- C:\Program Files\Veetle

2008-11-30 21:04:29 ----A---- C:\WINDOWS.0\UninstVeetleTVPlayer.exe

2008-11-30 19:33:34 ----D---- C:\Documents and Settings\BaPoR\Application Data\WinRAR

2008-11-30 19:29:49 ----D---- C:\WINDOWS.0\ERUNT

2008-11-30 19:20:19 ----D---- C:\SDFix

2008-11-28 16:52:58 ----A---- C:\WINDOWS.0\system32\TwnLib20.dll

2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXRA7.dll

2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXR7.dll

2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagXpr7.dll

2008-11-28 16:52:57 ----N---- C:\WINDOWS.0\system32\ImagX7.dll

2008-11-28 16:52:57 ----D---- C:\Program Files\Fichiers communs\Ahead

2008-11-28 16:52:57 ----A---- C:\WINDOWS.0\system32\NeroCheck.exe

2008-11-25 01:14:51 ----A---- C:\WINDOWS.0\wininit.ini

2008-11-24 23:57:19 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

2008-11-24 23:57:19 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)

2008-11-24 23:57:18 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)

2008-11-24 23:56:30 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

2008-11-24 23:55:26 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy

2008-11-22 01:23:03 ----A---- C:\Program Files\cvhx.txt

2008-11-22 01:09:05 ----A---- C:\WINDOWS.0\obzgi.txt

2008-11-22 01:06:31 ----D---- C:\Documents and Settings\BaPoR\Application Data\Malwarebytes

2008-11-22 01:06:27 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes

2008-11-22 00:23:41 ----A---- C:\Boot.bak

2008-11-22 00:23:38 ----RASHD---- C:\cmdcons

2008-11-22 00:20:34 ----D---- C:\WINDOWS.0\ERDNT

2008-11-20 15:35:38 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi

2008-11-19 23:43:00 ----D---- C:\Program Files\Fichiers communs\Creative Labs Shared

2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DX9_40.dll

2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\d3dx10_40.dll

2008-11-16 21:26:14 ----A---- C:\WINDOWS.0\system32\D3DCompiler_40.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_3.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAudio2_2.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_2.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\XAPOFX1_1.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\xactengine3_3.dll

2008-11-16 21:26:13 ----A---- C:\WINDOWS.0\system32\X3DAudio1_5.dll

2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\xactengine3_2.dll

2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DX9_39.dll

2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\d3dx10_39.dll

2008-11-16 21:26:12 ----A---- C:\WINDOWS.0\system32\D3DCompiler_39.dll

2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAudio2_1.dll

2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\XAPOFX1_0.dll

2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\xactengine3_1.dll

2008-11-16 21:26:11 ----A---- C:\WINDOWS.0\system32\X3DAudio1_4.dll

2008-11-16 21:26:10 ----A---- C:\WINDOWS.0\system32\XAudio2_0.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\xactengine3_0.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\X3DAudio1_3.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DX9_37.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\d3dx10_37.dll

2008-11-16 21:26:09 ----A---- C:\WINDOWS.0\system32\D3DCompiler_37.dll

2008-11-16 21:26:06 ----A---- C:\WINDOWS.0\system32\xactengine2_9.dll

 

======List of files/folders modified in the last 1 months======

 

2008-12-03 23:48:04 ----D---- C:\Documents and Settings\BaPoR\Application Data\Free Download Manager

2008-12-03 23:32:39 ----A---- C:\WINDOWS.0\SchedLgU.Txt

2008-12-03 23:30:15 ----D---- C:\WINDOWS.0\Temp

2008-12-03 23:30:14 ----D---- C:\WINDOWS.0

2008-12-03 23:28:23 ----D---- C:\WINDOWS.0\system32

2008-12-03 23:27:20 ----RSHDC---- C:\WINDOWS.0\system32\dllcache

2008-12-03 23:27:15 ----D---- C:\WINDOWS.0\system32\drivers

2008-12-03 23:27:15 ----D---- C:\WINDOWS.0\system32\Data

2008-12-03 23:27:11 ----HD---- C:\WINDOWS.0\inf

2008-12-03 23:27:10 ----D---- C:\WINDOWS.0\system32\CatRoot2

2008-12-03 23:27:05 ----D---- C:\WINDOWS.0\Prefetch

2008-12-03 23:26:57 ----D---- C:\WINDOWS.0\system

2008-12-03 23:23:56 ----D---- C:\Program Files\Creative

2008-12-03 23:22:15 ----A---- C:\WINDOWS.0\ntbtlog.txt

2008-12-03 23:22:01 ----SHD---- C:\WINDOWS.0\CSC

2008-12-03 23:18:11 ----D---- C:\WINDOWS.0\system32\ReinstallBackups

2008-12-03 23:18:09 ----A---- C:\WINDOWS.0\system32\wrap_oal.dll

2008-12-03 23:18:08 ----A---- C:\WINDOWS.0\system32\OpenAL32.dll

2008-12-03 23:17:39 ----HD---- C:\Program Files\InstallShield Installation Information

2008-12-03 18:48:02 ----D---- C:\WINDOWS.0\Minidump

2008-12-03 12:50:07 ----D---- C:\Documents and Settings\BaPoR\Application Data\Azureus

2008-12-03 01:30:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\Spybot - Search & Destroy

2008-12-02 02:34:11 ----A---- C:\WINDOWS.0\system.ini

2008-12-02 02:31:56 ----D---- C:\WINDOWS.0\system32\config

2008-12-02 02:31:26 ----D---- C:\WINDOWS.0\AppPatch

2008-12-02 02:31:26 ----D---- C:\Program Files\Fichiers communs

2008-12-01 16:51:15 ----D---- C:\Documents and Settings\BaPoR\Application Data\dvdcss

2008-12-01 16:17:21 ----D---- C:\WINDOWS.0\Help

2008-11-30 21:04:29 ----RD---- C:\Program Files

2008-11-30 20:02:18 ----SHD---- C:\System Volume Information

2008-11-30 20:02:18 ----D---- C:\WINDOWS.0\system32\Restore

2008-11-30 19:27:45 ----D---- C:\Documents and Settings

2008-11-30 16:20:55 ----A---- C:\WINDOWS.0\win.ini

2008-11-30 15:07:23 ----SD---- C:\WINDOWS.0\Downloaded Program Files

2008-11-25 23:12:45 ----A---- C:\WINDOWS.0\system32\CmdLineExt.dll

2008-11-22 00:23:41 ----RASH---- C:\boot.ini

2008-11-20 15:35:13 ----D---- C:\Documents and Settings\BaPoR\Application Data\Hamachi-Backup

2008-11-20 15:30:01 ----D---- C:\Temp

2008-11-19 23:42:54 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Creative

2008-11-19 22:53:30 ----RSD---- C:\WINDOWS.0\assembly

2008-11-19 22:53:10 ----D---- C:\WINDOWS.0\system32\DirectX

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2008-10-30 75072]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 irda;Protocole IrDA; C:\WINDOWS.0\system32\DRIVERS\irda.sys [2008-04-13 88192]

R2 tmcomm;tmcomm; \??\C:\WINDOWS.0\system32\drivers\tmcomm.sys []

R3 ati2mtag;ati2mtag; C:\WINDOWS.0\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]

R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS.0\system32\DRIVERS\atinavt2.sys [2008-05-15 171520]

R3 avgntflt;avgntflt; \??\G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS.0\system32\drivers\ctac32k.sys [2006-08-17 502272]

R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS.0\system32\drivers\ctaud2k.sys [2006-08-17 500480]

R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS.0\system32\drivers\ctprxy2k.sys [2006-08-17 7168]

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\drivers\ctsfm2k.sys [2006-08-17 143872]

R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS.0\system32\drivers\emupia2k.sys [2006-08-17 78336]

R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS.0\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS.0\system32\drivers\ha20x2k.sys [2006-08-17 1110528]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS.0\system32\DRIVERS\hamachi.sys [2008-11-20 25544]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS.0\system32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS.0\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]

R3 mouhid;Pilote HID de souris; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS.0\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\drivers\ctoss2k.sys [2006-08-17 116224]

R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS.0\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS.0\system32\drivers\WmBEnum.sys [2008-01-24 19336]

R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS.0\system32\drivers\WmXlCore.sys [2008-01-24 48904]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S3 amxebysb;amxebysb; C:\WINDOWS.0\system32\drivers\amxebysb.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS.0\system32\CT20XUT.DLL [2006-08-17 158720]

S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS.0\system32\drivers\ctdvda2k.sys [2006-08-17 340176]

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS.0\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]

S3 gmer;gmer; C:\WINDOWS.0\System32\DRIVERS\gmer.sys [2008-12-03 85969]

S3 MPE;Filtre BDA MPE; C:\WINDOWS.0\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS.0\system32\drivers\ccdcmb.sys [2008-05-07 17536]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS.0\system32\drivers\ccdcmbo.sys [2008-05-07 20864]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS.0\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS.0\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS.0\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]

S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS.0\system32\drivers\WmFilter.sys [2008-01-24 28168]

S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS.0\system32\drivers\WmHidLo.sys [2008-01-24 29192]

S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS.0\system32\drivers\WmVirHid.sys [2008-01-24 14728]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; G:\Logiciel\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\system32\Ati2evxx.exe [2008-08-21 573440]

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS.0\system32\CTsvcCDA.exe [1999-12-13 44032]

R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS.0\System32\svchost.exe [2008-04-14 14336]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]

S2 ATI Smart;ATI Smart; C:\WINDOWS.0\system32\ati2sgag.exe [2008-08-20 593920]

S2 Irmon;Moniteur infrarouge; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2008-11-19 79360]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS.0\System32\TuneUpDefragService.exe [2008-10-06 307968]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

 

-----------------EOF-----------------

 

C'est surtout a vous que je dois dire merci. Par contre j'ai du reinstaller le son.

Sinon j'ai un bug tres chiant, je perds le son (sauf les sons windows ou msn) au bout de 5mns je suis oblige de reactiver ca via les services (Pilote DirectSound incorrect, erreur 88780078). Je poste ca ou sur le forum ?

 

Je fais mon scan kapersky.

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e) (modifié)

Bonsoir bapor !

 

*** mchInjDrv est revenu !! *** :P

 

 

S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp []

--> As-tu ré-activé le Teatimer de Spybot ?

--> Si ce n'est pas le cas, il y a quelque chose qui le ramène...

Edit : Il est peut-être légitime, merci LonnyRJones !

 

--> Qu'as-tu exécuté comme programme entre Avenger et ce nouveau rapport ?

 

Bonne nuit...

:P

Modifié par WawaSeb
bapor Member

bapor

Posté(e)
  • Auteur
Posté(e)

J'ai desinstalle spybot.

 

J'ai rien change mais a un moment, au bout de 5 mns ma barre en bas change car un truc charge, ce qui me coupe le son d'ailleurs, que je suis oblige de relancer dans les services. (peut etre un rapport.

 

Le seul truc que j'ai fait c'est que j'ai lance alerte rouge 3 lol.

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir bapor,

 

*** Il semble que les problèmes d'infections aient disparu ! *** :P

 

Le seul truc que j'ai fait c'est que j'ai lance alerte rouge 3 lol.

--> S'agit-il d'une version légale et officielle ?

--> Si ce n'est pas le cas, je te demande de lire ce qui suit :

------------> ATTENTION, les cracks ne sont rentables que parce qu'ils infectent ta machine !!! Je te renvoie à ce très bon article de tesgaz : A lire !

------------> En vidéo, prends cet avertissement au sérieux : http://secubox.aldria.com/topic-2393.html

 

 

Avant de voir ton problème de son, peux-tu mettre le rapport de Kaspersky en ligne stp ?

J'aimerais également voir un rapport HijackThis...

 

 

@ très vite...

:P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...