Fenêtre CID voir plus...

Moondarim · le 2 janvier 2010

Bonjour à tous,

Je tiens tout d'abord à souhaiter la bonne année 2010 à toute la communauté de Zebulon.fr et comme une bonne année ne commence jamais sans son lot de problème me voilà dans cette section.

Je suis donc venu dans l'espoir de solliciter votre aide pour un problème qui persiste depuis maintenant 3 jours.

En effet, depuis quelque temps une fenêtre de pub (toujours la même) pour les cartes de vœux 2010 apparait de façon très aléatoire.

J'ai essayé d'examiner de façon méthodique avec quelques outils traditionnel la présence de cette gène mais sans succès. En approfondissant ma recherche, j'ai détecté via GMER la présence d'un Rootkit.

Chose bizarre mon antivirus (Nod32) ne l'avait pas détecté auparavant. Maintenant il apparait en quarantaine sous ce descriptif: "a variant of Win32/Rootkit.Kryptik.AF trojan".

Voilà donc je reste à votre entière disposition pour suivre scrupuleusement vos procédures pour rendre mon poste de travail de nouveau sécurisé.

En vous remerciant d'avance.

Modifié le 2 janvier 2010 par Moondarim

pear · le 2 janvier 2010

Désactiver les protections résidentes ( Antivirus, etc...), vous les réactiverez ensuite,

Vous devez désactiver vos protections et ne savez pas comment faire

Sur Bleeping Computers en Anglais:

Sur PCA,En Français

Télécharger Lop S&D de Eric71

sur le bureau,

* Double-cliquer dessus pour lancer l'installation

* Puis double-cliquer sur le raccourci Lop S&D présent sur le bureau

* Séléctionner la langue souhaitée , puis choisir l'Option 1:Recherche

* En cas de blocage au démarrage

Démarrer / Exécuter / cmd

Copiez/collez, dans la fenêtre del /Q "%systemdrive%\Lop SD\osv.exe" & "%systemdrive%\Lop SD\lopsd.cmd"

et valider , il devrait se lancer tout seul ,

* Patienter jusqu'à la fin du scan

* Poster le rapport généré (C:\lopR.txt)

( Si le Bureau ne réapparait pas

presser Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , taper explorer.exe et valider )

Relancer Lop S&D

* Choisir l'Option 2 :Suppression

* Ne fermez pas la fenêtre lors de la suppression !

* Poster le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparaît pas presser Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , taper explorer.exe et valider)

Les tâches LOP (*.job)sont bien cachées,

Elles ont les attributs "Archive" et "Hidden".

Recherche des tâches

Bureau->Clic droit->Nouveau->Document texte

Copier/coller

@echo off

dir %Windir%\tasks /a h > files.txt

notepad files.txt

Exit

Enregister sous lop.bat

Double clic pour le lancer

Postez en le contenu.

Nettoyage des tâches

Bureau->Clic droit->Nouveau->Document texte

Copier/coller

@echo off

del tâche à tuer.job

Exit

Enregister sous Clop.bat

Double clic pour le lancer

Maintenant il apparait en quarantaine sous ce descriptif: "a variant of Win32/Rootkit.Kryptik.AF trojan".

En quarantaine il est inoffensif.

Est-ce Gmer ou nod32 qui l'y a mis ?

Téléchargez MBAM

Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Vous devez désactiver vos protections et ne savez pas comment faire

Sur Bleeping Computers en Anglais:

Sur PCA,En Français

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

Téléchargez Random's system information tool (RSIT) par random/random et sauvegardez-le sur le Bureau.

Double-cliquez sur RSIT.exe afin de lancer RSIT.

* Cliquez Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou détecté sur l'ordinateur, RSIT le télécharge et vous acceptez la licence.

* L'analyse terminée, deux fichiers texte s'ouvriront.:

Poster le contenu de log.txt (qui sera affiché)

ainsi que de info.txt (qui sera réduit dans la Barre des Tâches).

* Si ces deux rapports n'apparaissent pas, vous les trouverez dans le dossier C:\rsit

Si les rapports sont trop lourds, postez les en plusieurs fois

Modifié le 2 janvier 2010 par pear

Moondarim · le 2 janvier 2010

Bonjour,

Voici le premier rapport Lop:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6002 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Core2 Quad CPU Q6600 @ 2.40GHz )

BIOS : BIOS Date: 09/02/08 12:07:12 Ver: 08.00.12

USER : Choucri ( Administrator )

BOOT : Normal boot

Antivirus : ESET Smart Security 3.0 3.0 (Not Activated)

Firewall : ESET Personal firewall 3.0.684.0 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:139 Go (Free:31 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:465 Go (Free:47 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 02/01/2010|13:50 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[16/07/2009|14:49] C:\Users\Choucri\AppData\Local\.msf3

[04/11/2008|03:03] C:\Users\Choucri\AppData\Local\Adobe

[18/07/2008|19:37] C:\Users\Choucri\AppData\Local\Apple

[25/10/2009|00:07] C:\Users\Choucri\AppData\Local\Apple Computer

[17/05/2008|17:12] C:\Users\Choucri\AppData\Local\Application Data

[20/12/2008|10:45] C:\Users\Choucri\AppData\Local\Apps

[17/10/2008|12:29] C:\Users\Choucri\AppData\Local\Ascaron Entertainment

[02/08/2009|23:17] C:\Users\Choucri\AppData\Local\assembly

[23/08/2009|15:44] C:\Users\Choucri\AppData\Local\BC

[27/08/2009|12:14] C:\Users\Choucri\AppData\Local\Boss Media

[13/01/2009|03:17] C:\Users\Choucri\AppData\Local\CurseClient

[01/01/2010|13:22] C:\Users\Choucri\AppData\Local\d3d9caps.dat

[28/12/2009|22:33] C:\Users\Choucri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[13/10/2009|08:40] C:\Users\Choucri\AppData\Local\Deployment

[07/01/2009|09:19] C:\Users\Choucri\AppData\Local\Dyyno Receiver

[05/11/2009|08:03] C:\Users\Choucri\AppData\Local\EA Core

[20/01/2009|09:50] C:\Users\Choucri\AppData\Local\eMule

[31/12/2009|18:21] C:\Users\Choucri\AppData\Local\ESET

[17/05/2008|20:24] C:\Users\Choucri\AppData\Local\Funcom

[16/04/2009|14:30] C:\Users\Choucri\AppData\Local\Gas Powered Games

[02/01/2010|11:45] C:\Users\Choucri\AppData\Local\GDIPFONTCACHEV1.DAT

[17/05/2008|17:12] C:\Users\Choucri\AppData\Local\Historique

[01/01/2010|19:03] C:\Users\Choucri\AppData\Local\IconCache.db

[10/11/2008|10:44] C:\Users\Choucri\AppData\Local\Installer384

[10/11/2008|10:39] C:\Users\Choucri\AppData\Local\Installer3980

[07/11/2008|02:29] C:\Users\Choucri\AppData\Local\IsolatedStorage

[18/08/2009|19:00] C:\Users\Choucri\AppData\Local\Microsoft

[18/05/2008|20:07] C:\Users\Choucri\AppData\Local\Microsoft Games

[31/07/2008|09:58] C:\Users\Choucri\AppData\Local\Microsoft Help

[21/05/2008|17:38] C:\Users\Choucri\AppData\Local\Mozilla

[16/07/2009|14:47] C:\Users\Choucri\AppData\Local\msf32

[07/11/2008|02:28] C:\Users\Choucri\AppData\Local\Nokia

[13/11/2009|21:16] C:\Users\Choucri\AppData\Local\NokiaAccount

[30/12/2009|00:24] C:\Users\Choucri\AppData\Local\PMB Files

[07/10/2009|20:35] C:\Users\Choucri\AppData\Local\PokerStars.NET

[22/08/2008|11:55] C:\Users\Choucri\AppData\Local\QuickPar

[04/06/2009|10:44] C:\Users\Choucri\AppData\Local\Sony

[02/01/2010|13:48] C:\Users\Choucri\AppData\Local\temp

[17/05/2008|17:12] C:\Users\Choucri\AppData\Local\Temporary Internet Files

[22/05/2008|06:54] C:\Users\Choucri\AppData\Local\Thunderbird

[11/07/2008|21:58] C:\Users\Choucri\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[02/01/2010 13:47][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0D0E0635-D129-4021-95AD-3F5136A6BA98}.job

[01/01/2010 19:04][--ah-----] C:\Windows\tasks\SA.DAT

[01/01/2010 19:03][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[12/09/2009|13:24] C:\ProgramData\.zreglib

[22/03/2009|14:43] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[19/04/2009|09:31] C:\ProgramData\{1E77E486-38CF-4688-B1E4-B86D08856D09}

[24/09/2009|21:05] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[10/04/2009|11:27] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[27/12/2009|20:21] C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[08/11/2008|22:20] C:\ProgramData\Adobe

[04/11/2008|02:01] C:\ProgramData\ALM

[04/06/2009|10:45] C:\ProgramData\Apple

[21/09/2008|15:28] C:\ProgramData\Apple Computer

[02/11/2006|14:00] C:\ProgramData\Application Data

[23/08/2009|15:44] C:\ProgramData\BC

[05/11/2009|08:03] C:\ProgramData\BioWare

[27/08/2009|12:14] C:\ProgramData\Boss Media

[17/05/2008|17:10] C:\ProgramData\Bureau

[12/09/2009|13:32] C:\ProgramData\Canneverbe Limited

[01/11/2009|12:24] C:\ProgramData\DAEMON Tools Lite

[16/04/2009|15:03] C:\ProgramData\dbg

[02/11/2006|14:00] C:\ProgramData\Desktop

[02/11/2006|14:00] C:\ProgramData\Documents

[01/05/2008|03:28] C:\ProgramData\DynuEncrypt.dll

[05/11/2009|08:03] C:\ProgramData\Electronic Arts

[20/01/2009|09:50] C:\ProgramData\eMule

[31/12/2009|18:15] C:\ProgramData\ESET

[17/05/2008|17:10] C:\ProgramData\Favoris

[02/11/2006|14:00] C:\ProgramData\Favorites

[24/01/2009|09:28] C:\ProgramData\FLEXnet

[17/05/2008|19:53] C:\ProgramData\Funcom

[20/05/2008|08:39] C:\ProgramData\Futuremark

[01/04/2009|11:31] C:\ProgramData\id Software

[02/06/2009|23:02] C:\ProgramData\ijjigame

[10/11/2009|08:28] C:\ProgramData\Installations

[05/07/2008|14:00] C:\ProgramData\InstallShield

[13/08/2008|21:03] C:\ProgramData\IsolatedStorage

[18/08/2009|19:03] C:\ProgramData\LauncherAccess.dt

[17/05/2008|19:05] C:\ProgramData\LogiShrd

[17/05/2008|19:04] C:\ProgramData\Logitech

[31/12/2009|18:02] C:\ProgramData\Malwarebytes

[05/11/2009|07:44] C:\ProgramData\Media Center Programs

[17/05/2008|17:10] C:\ProgramData\Menu D‚marrer

[15/07/2009|07:50] C:\ProgramData\Microsoft

[10/12/2009|11:56] C:\ProgramData\Microsoft Help

[17/05/2008|17:10] C:\ProgramData\ModŠles

[07/11/2008|02:19] C:\ProgramData\Nokia

[06/11/2008|21:23] C:\ProgramData\NokiaMusic

[06/06/2009|11:25] C:\ProgramData\ntuser.pol

[01/01/2010|13:43] C:\ProgramData\NVIDIA

[01/01/2010|19:05] C:\ProgramData\nvModes.001

[01/01/2010|19:05] C:\ProgramData\nvModes.dat

[08/10/2009|06:34] C:\ProgramData\Office Genuine Advantage

[10/11/2009|08:39] C:\ProgramData\OviInstallerCache

[07/11/2008|23:37] C:\ProgramData\PC Suite

[30/05/2009|18:24] C:\ProgramData\Skype

[21/08/2009|17:57] C:\ProgramData\SonicFocus

[04/06/2009|10:39] C:\ProgramData\Sony

[02/01/2010|13:35] C:\ProgramData\Spybot - Search & Destroy

[19/04/2009|10:26] C:\ProgramData\Stardock

[02/11/2006|14:00] C:\ProgramData\Start Menu

[01/01/2010|12:40] C:\ProgramData\TEMP

[02/11/2006|14:00] C:\ProgramData\Templates

[19/05/2008|16:09] C:\ProgramData\WLInstaller

[16/07/2009|17:17] C:\ProgramData\Xfire

--------------------\\ Listing des dossiers dans C:\Program Files

[10/02/2009|11:43] C:\Program Files\AC Tool

[10/11/2008|10:39] C:\Program Files\Adobe

[01/01/2010|19:41] C:\Program Files\Ad-Remover

[04/09/2009|12:11] C:\Program Files\AGEIA Technologies

[21/08/2009|17:57] C:\Program Files\Analog Devices

[21/09/2008|15:28] C:\Program Files\Apple Software Update

[01/01/2010|13:20] C:\Program Files\a-squared Free

[07/11/2008|20:43] C:\Program Files\ASUS

[17/03/2009|12:39] C:\Program Files\AutoIt3

[01/07/2008|12:18] C:\Program Files\AviSynth 2.5

[21/12/2008|14:42] C:\Program Files\Bonjour

[08/05/2009|10:41] C:\Program Files\CCleaner

[01/01/2010|14:55] C:\Program Files\Common Files

[24/12/2009|16:48] C:\Program Files\Conduit

[13/01/2009|03:17] C:\Program Files\Curse

[01/11/2009|12:25] C:\Program Files\DAEMON Tools Lite

[21/08/2009|16:38] C:\Program Files\DAEMON Tools Toolbar

[29/10/2009|11:25] C:\Program Files\Darkfall

[17/10/2008|11:50] C:\Program Files\Deep Silver

[10/11/2009|08:37] C:\Program Files\DIFX

[18/11/2009|00:01] C:\Program Files\DivX

[08/09/2009|07:35] C:\Program Files\Download Manager

[05/11/2009|07:45] C:\Program Files\Electronic Arts

[16/01/2009|16:13] C:\Program Files\ESET

[01/07/2008|14:14] C:\Program Files\ffdshow

[17/05/2008|17:10] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[17/10/2008|05:42] C:\Program Files\GetRight

[21/12/2008|00:53] C:\Program Files\GGPO

[25/10/2009|16:19] C:\Program Files\HLSW

[28/12/2009|10:52] C:\Program Files\InstallShield Installation Information

[17/05/2008|17:15] C:\Program Files\Intel

[22/08/2008|18:20] C:\Program Files\InterActual

[10/12/2009|11:58] C:\Program Files\Internet Explorer

[05/11/2009|07:49] C:\Program Files\iPod

[05/11/2009|07:50] C:\Program Files\iTunes

[31/03/2009|16:58] C:\Program Files\Java

[18/02/2009|21:57] C:\Program Files\JitBit

[19/11/2009|16:38] C:\Program Files\JoWooD

[01/01/2010|14:42] C:\Program Files\KeyScrambler

[30/12/2008|00:51] C:\Program Files\KeyToPlay

[26/11/2008|12:10] C:\Program Files\Lavalys

[26/04/2009|10:55] C:\Program Files\LibUSB-Win32-0.1.10.1

[17/05/2008|19:04] C:\Program Files\Logitech

[01/01/2010|15:17] C:\Program Files\Malwarebytes' Anti-Malware

[09/10/2009|11:33] C:\Program Files\Microsoft

[02/11/2006|13:35] C:\Program Files\Microsoft Games

[18/02/2009|16:36] C:\Program Files\Microsoft Games for Windows - LIVE

[31/07/2008|09:59] C:\Program Files\Microsoft Office

[10/10/2009|14:58] C:\Program Files\Microsoft Silverlight

[31/07/2008|09:59] C:\Program Files\Microsoft Visual Studio

[01/05/2009|07:20] C:\Program Files\Microsoft Works

[31/07/2008|09:59] C:\Program Files\Microsoft.NET

[01/11/2008|02:26] C:\Program Files\Miranda IM

[21/10/2009|10:00] C:\Program Files\Movie Maker

[17/10/2008|05:34] C:\Program Files\MozBackup

[02/01/2010|11:59] C:\Program Files\Mozilla Firefox

[13/01/2009|04:03] C:\Program Files\Mozilla Firefox 3 Beta 5

[23/08/2009|08:51] C:\Program Files\Mozilla Thunderbird

[08/11/2008|20:22] C:\Program Files\mp3DirectCut

[04/10/2008|08:49] C:\Program Files\MSBuild

[13/11/2008|14:59] C:\Program Files\MSXML 4.0

[04/08/2009|01:10] C:\Program Files\NCSoft

[13/11/2009|17:16] C:\Program Files\Neoact

[02/06/2009|23:01] C:\Program Files\NHN USA

[10/11/2009|08:42] C:\Program Files\Nokia

[24/06/2008|07:57] C:\Program Files\Notepad++

[01/01/2010|13:21] C:\Program Files\NVIDIA Corporation

[01/12/2009|21:10] C:\Program Files\OpenOffice.org 3

[07/11/2008|22:56] C:\Program Files\Orb Networks

[31/12/2009|16:44] C:\Program Files\Pando Networks

[10/11/2009|08:42] C:\Program Files\PC Connectivity Solution

[05/12/2008|19:52] C:\Program Files\PlayNC

[24/09/2009|21:04] C:\Program Files\QuickTime

[14/09/2008|18:02] C:\Program Files\Real

[04/10/2008|08:49] C:\Program Files\Reference Assemblies

[11/07/2008|21:46] C:\Program Files\RomStation

[13/11/2009|13:31] C:\Program Files\Runic Games

[18/08/2009|18:28] C:\Program Files\Samsung

[02/07/2008|12:27] C:\Program Files\Satsuki Decoder Pack

[30/09/2009|08:17] C:\Program Files\SealOnlineUSA

[30/05/2009|18:24] C:\Program Files\Skype

[12/09/2009|13:28] C:\Program Files\SlySoft

[05/07/2008|20:14] C:\Program Files\Sony

[01/01/2010|15:01] C:\Program Files\Sophos

[27/12/2009|23:34] C:\Program Files\Spybot - Search & Destroy

[19/04/2009|09:31] C:\Program Files\Stardock

[19/04/2009|10:25] C:\Program Files\Stardock Games

[30/12/2009|15:05] C:\Program Files\Steam

[17/05/2008|19:41] C:\Program Files\Teamspeak2_RC2

[18/02/2009|16:27] C:\Program Files\THQ

[01/01/2010|12:14] C:\Program Files\trend micro

[02/11/2006|14:00] C:\Program Files\Uninstall Information

[24/09/2009|20:51] C:\Program Files\Utilitaire de configuration iPhone

[10/06/2008|21:43] C:\Program Files\uTorrent

[16/01/2009|08:46] C:\Program Files\Ventrilo

[30/01/2009|21:41] C:\Program Files\Veoh Networks

[13/08/2008|21:04] C:\Program Files\VideoLAN

[03/04/2009|05:06] C:\Program Files\VirtualDub

[04/06/2009|10:40] C:\Program Files\Vstplugins

[27/12/2009|15:34] C:\Program Files\VuPassword

[16/01/2009|16:08] C:\Program Files\Wakfu

[01/01/2010|14:55] C:\Program Files\WC3Banlist

[28/12/2009|10:52] C:\Program Files\WEBZEN

[06/10/2008|01:22] C:\Program Files\WiFiConnector

[21/10/2009|10:00] C:\Program Files\Windows Calendar

[21/10/2009|10:00] C:\Program Files\Windows Collaboration

[21/10/2009|10:00] C:\Program Files\Windows Defender

[21/10/2009|10:00] C:\Program Files\Windows Journal

[15/07/2009|07:52] C:\Program Files\Windows Live

[08/01/2009|13:02] C:\Program Files\Windows Live Safety Center

[09/10/2009|11:33] C:\Program Files\Windows Live SkyDrive

[10/12/2009|11:58] C:\Program Files\Windows Mail

[28/10/2009|08:46] C:\Program Files\Windows Media Player

[17/05/2008|17:10] C:\Program Files\Windows NT

[21/10/2009|10:00] C:\Program Files\Windows Photo Gallery

[18/11/2009|01:26] C:\Program Files\Windows Portable Devices

[21/10/2009|10:00] C:\Program Files\Windows Sidebar

[16/07/2009|14:47] C:\Program Files\WinPcap

[10/06/2008|17:52] C:\Program Files\WinRAR

[03/04/2009|05:20] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[21/10/2009|10:32] C:\Program Files\Common Files\Adobe

[05/11/2009|07:45] C:\Program Files\Common Files\Adobe AIR

[05/11/2009|07:49] C:\Program Files\Common Files\Apple

[27/12/2009|15:30] C:\Program Files\Common Files\BioWare

[09/12/2009|14:01] C:\Program Files\Common Files\Blizzard Entertainment

[04/11/2008|02:02] C:\Program Files\Common Files\Control Panels

[31/07/2008|09:59] C:\Program Files\Common Files\DESIGNER

[03/04/2009|05:11] C:\Program Files\Common Files\DivX Shared

[10/08/2008|15:17] C:\Program Files\Common Files\INCA Shared

[05/07/2008|13:56] C:\Program Files\Common Files\InstallShield

[01/01/2010|14:55] C:\Program Files\Common Files\Logishrd

[04/11/2008|01:52] C:\Program Files\Common Files\Macrovision Shared

[01/05/2009|07:21] C:\Program Files\Common Files\microsoft shared

[10/11/2009|08:43] C:\Program Files\Common Files\Nokia

[01/07/2008|12:42] C:\Program Files\Common Files\PX Storage Engine

[17/09/2008|05:59] C:\Program Files\Common Files\Real

[02/11/2006|12:18] C:\Program Files\Common Files\Services

[30/05/2009|18:24] C:\Program Files\Common Files\Skype

[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines

[19/11/2009|16:48] C:\Program Files\Common Files\Steam

[04/10/2008|22:08] C:\Program Files\Common Files\SWF Studio

[21/10/2009|10:00] C:\Program Files\Common Files\System

[15/07/2009|07:50] C:\Program Files\Common Files\Windows Live

[19/05/2008|16:12] C:\Program Files\Common Files\WindowsLiveInstaller

[30/11/2009|20:33] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 53 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-02 13:51:15

Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Choucri\AppData\Local\msf32\tools\lm2ntcrack.rb

C:\Users\Choucri\AppData\Local\msf32\tools\.svn\prop-base\lm2ntcrack.rb.svn-base

C:\Users\Choucri\AppData\Local\msf32\tools\.svn\text-base\lm2ntcrack.rb.svn-base

C:\Users\Choucri\Saved Games\Music\iTunes\iTunes Music\Eminem\Relapse (Deluxe Version)\18 Crack a Bottle (feat. Dr. Dre & 5.m4a

C:\Users\Choucri\Saved Games\Music\iTunes\iTunes Music\Eminem\Relapse (Deluxe Version)\22 Crack a Bottle (Single Version) [.m4a

[F:2][D:0]-> C:\Users\Choucri\AppData\Local\Temp

[F:2][D:1]-> C:\Users\Choucri\AppData\Roaming\MICROS~1\Windows\Cookies

[F:2][D:0]-> C:\Users\Choucri\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 02/01/2010|13:52 - Option : [1]

--------------------\\ Fin du rapport a 13:52:41

[ UAC => 1 ]

Le second rapport Lop:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6002 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Core2 Quad CPU Q6600 @ 2.40GHz )

BIOS : BIOS Date: 09/02/08 12:07:12 Ver: 08.00.12

USER : Choucri ( Administrator )

BOOT : Normal boot

Antivirus : ESET Smart Security 3.0 3.0 (Not Activated)

Firewall : ESET Personal firewall 3.0.684.0 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:139 Go (Free:31 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:465 Go (Free:47 Go)

H:\ (USB) - FAT32 - Total:7672 Mo (Free:5 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 02/01/2010|13:54 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[16/07/2009|14:49] C:\Users\Choucri\AppData\Local\.msf3

[04/11/2008|03:03] C:\Users\Choucri\AppData\Local\Adobe

[18/07/2008|19:37] C:\Users\Choucri\AppData\Local\Apple

[25/10/2009|00:07] C:\Users\Choucri\AppData\Local\Apple Computer

[17/05/2008|17:12] C:\Users\Choucri\AppData\Local\Application Data

[20/12/2008|10:45] C:\Users\Choucri\AppData\Local\Apps

[17/10/2008|12:29] C:\Users\Choucri\AppData\Local\Ascaron Entertainment

[02/08/2009|23:17] C:\Users\Choucri\AppData\Local\assembly

[23/08/2009|15:44] C:\Users\Choucri\AppData\Local\BC

[27/08/2009|12:14] C:\Users\Choucri\AppData\Local\Boss Media

[13/01/2009|03:17] C:\Users\Choucri\AppData\Local\CurseClient

[01/01/2010|13:22] C:\Users\Choucri\AppData\Local\d3d9caps.dat

[28/12/2009|22:33] C:\Users\Choucri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[13/10/2009|08:40] C:\Users\Choucri\AppData\Local\Deployment

[07/01/2009|09:19] C:\Users\Choucri\AppData\Local\Dyyno Receiver

[05/11/2009|08:03] C:\Users\Choucri\AppData\Local\EA Core

[20/01/2009|09:50] C:\Users\Choucri\AppData\Local\eMule

[31/12/2009|18:21] C:\Users\Choucri\AppData\Local\ESET

[17/05/2008|20:24] C:\Users\Choucri\AppData\Local\Funcom

[16/04/2009|14:30] C:\Users\Choucri\AppData\Local\Gas Powered Games

[02/01/2010|11:45] C:\Users\Choucri\AppData\Local\GDIPFONTCACHEV1.DAT

[17/05/2008|17:12] C:\Users\Choucri\AppData\Local\Historique

[01/01/2010|19:03] C:\Users\Choucri\AppData\Local\IconCache.db

[10/11/2008|10:44] C:\Users\Choucri\AppData\Local\Installer384

[10/11/2008|10:39] C:\Users\Choucri\AppData\Local\Installer3980

[07/11/2008|02:29] C:\Users\Choucri\AppData\Local\IsolatedStorage

[18/08/2009|19:00] C:\Users\Choucri\AppData\Local\Microsoft

[18/05/2008|20:07] C:\Users\Choucri\AppData\Local\Microsoft Games

[31/07/2008|09:58] C:\Users\Choucri\AppData\Local\Microsoft Help

[21/05/2008|17:38] C:\Users\Choucri\AppData\Local\Mozilla

[16/07/2009|14:47] C:\Users\Choucri\AppData\Local\msf32

[07/11/2008|02:28] C:\Users\Choucri\AppData\Local\Nokia

[13/11/2009|21:16] C:\Users\Choucri\AppData\Local\NokiaAccount

[30/12/2009|00:24] C:\Users\Choucri\AppData\Local\PMB Files

[07/10/2009|20:35] C:\Users\Choucri\AppData\Local\PokerStars.NET

[22/08/2008|11:55] C:\Users\Choucri\AppData\Local\QuickPar

[04/06/2009|10:44] C:\Users\Choucri\AppData\Local\Sony

[02/01/2010|13:55] C:\Users\Choucri\AppData\Local\temp

[17/05/2008|17:12] C:\Users\Choucri\AppData\Local\Temporary Internet Files

[22/05/2008|06:54] C:\Users\Choucri\AppData\Local\Thunderbird

[11/07/2008|21:58] C:\Users\Choucri\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[02/01/2010 13:47][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0D0E0635-D129-4021-95AD-3F5136A6BA98}.job

[01/01/2010 19:04][--ah-----] C:\Windows\tasks\SA.DAT

[01/01/2010 19:03][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[12/09/2009|13:24] C:\ProgramData\.zreglib

[22/03/2009|14:43] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[19/04/2009|09:31] C:\ProgramData\{1E77E486-38CF-4688-B1E4-B86D08856D09}

[24/09/2009|21:05] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[10/04/2009|11:27] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[27/12/2009|20:21] C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[08/11/2008|22:20] C:\ProgramData\Adobe

[04/11/2008|02:01] C:\ProgramData\ALM

[04/06/2009|10:45] C:\ProgramData\Apple

[21/09/2008|15:28] C:\ProgramData\Apple Computer

[02/11/2006|14:00] C:\ProgramData\Application Data

[23/08/2009|15:44] C:\ProgramData\BC

[05/11/2009|08:03] C:\ProgramData\BioWare

[27/08/2009|12:14] C:\ProgramData\Boss Media

[17/05/2008|17:10] C:\ProgramData\Bureau

[12/09/2009|13:32] C:\ProgramData\Canneverbe Limited

[01/11/2009|12:24] C:\ProgramData\DAEMON Tools Lite

[16/04/2009|15:03] C:\ProgramData\dbg

[02/11/2006|14:00] C:\ProgramData\Desktop

[02/11/2006|14:00] C:\ProgramData\Documents

[01/05/2008|03:28] C:\ProgramData\DynuEncrypt.dll

[05/11/2009|08:03] C:\ProgramData\Electronic Arts

[20/01/2009|09:50] C:\ProgramData\eMule

[31/12/2009|18:15] C:\ProgramData\ESET

[17/05/2008|17:10] C:\ProgramData\Favoris

[02/11/2006|14:00] C:\ProgramData\Favorites

[24/01/2009|09:28] C:\ProgramData\FLEXnet

[17/05/2008|19:53] C:\ProgramData\Funcom

[20/05/2008|08:39] C:\ProgramData\Futuremark

[01/04/2009|11:31] C:\ProgramData\id Software

[02/06/2009|23:02] C:\ProgramData\ijjigame

[10/11/2009|08:28] C:\ProgramData\Installations

[05/07/2008|14:00] C:\ProgramData\InstallShield

[13/08/2008|21:03] C:\ProgramData\IsolatedStorage

[18/08/2009|19:03] C:\ProgramData\LauncherAccess.dt

[17/05/2008|19:05] C:\ProgramData\LogiShrd

[17/05/2008|19:04] C:\ProgramData\Logitech

[31/12/2009|18:02] C:\ProgramData\Malwarebytes

[05/11/2009|07:44] C:\ProgramData\Media Center Programs

[17/05/2008|17:10] C:\ProgramData\Menu D‚marrer

[15/07/2009|07:50] C:\ProgramData\Microsoft

[10/12/2009|11:56] C:\ProgramData\Microsoft Help

[17/05/2008|17:10] C:\ProgramData\ModŠles

[07/11/2008|02:19] C:\ProgramData\Nokia

[06/11/2008|21:23] C:\ProgramData\NokiaMusic

[06/06/2009|11:25] C:\ProgramData\ntuser.pol

[01/01/2010|13:43] C:\ProgramData\NVIDIA

[01/01/2010|19:05] C:\ProgramData\nvModes.001

[01/01/2010|19:05] C:\ProgramData\nvModes.dat

[08/10/2009|06:34] C:\ProgramData\Office Genuine Advantage

[10/11/2009|08:39] C:\ProgramData\OviInstallerCache

[07/11/2008|23:37] C:\ProgramData\PC Suite

[30/05/2009|18:24] C:\ProgramData\Skype

[21/08/2009|17:57] C:\ProgramData\SonicFocus

[04/06/2009|10:39] C:\ProgramData\Sony

[02/01/2010|13:35] C:\ProgramData\Spybot - Search & Destroy

[19/04/2009|10:26] C:\ProgramData\Stardock

[02/11/2006|14:00] C:\ProgramData\Start Menu

[01/01/2010|12:40] C:\ProgramData\TEMP

[02/11/2006|14:00] C:\ProgramData\Templates

[19/05/2008|16:09] C:\ProgramData\WLInstaller

[16/07/2009|17:17] C:\ProgramData\Xfire

--------------------\\ Listing des dossiers dans C:\Program Files

[10/02/2009|11:43] C:\Program Files\AC Tool

[10/11/2008|10:39] C:\Program Files\Adobe

[01/01/2010|19:41] C:\Program Files\Ad-Remover

[04/09/2009|12:11] C:\Program Files\AGEIA Technologies

[21/08/2009|17:57] C:\Program Files\Analog Devices

[21/09/2008|15:28] C:\Program Files\Apple Software Update

[01/01/2010|13:20] C:\Program Files\a-squared Free

[07/11/2008|20:43] C:\Program Files\ASUS

[17/03/2009|12:39] C:\Program Files\AutoIt3

[01/07/2008|12:18] C:\Program Files\AviSynth 2.5

[21/12/2008|14:42] C:\Program Files\Bonjour

[08/05/2009|10:41] C:\Program Files\CCleaner

[01/01/2010|14:55] C:\Program Files\Common Files

[24/12/2009|16:48] C:\Program Files\Conduit

[13/01/2009|03:17] C:\Program Files\Curse

[01/11/2009|12:25] C:\Program Files\DAEMON Tools Lite

[21/08/2009|16:38] C:\Program Files\DAEMON Tools Toolbar

[29/10/2009|11:25] C:\Program Files\Darkfall

[17/10/2008|11:50] C:\Program Files\Deep Silver

[10/11/2009|08:37] C:\Program Files\DIFX

[18/11/2009|00:01] C:\Program Files\DivX

[08/09/2009|07:35] C:\Program Files\Download Manager

[05/11/2009|07:45] C:\Program Files\Electronic Arts

[16/01/2009|16:13] C:\Program Files\ESET

[01/07/2008|14:14] C:\Program Files\ffdshow

[17/05/2008|17:10] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]

[17/10/2008|05:42] C:\Program Files\GetRight

[21/12/2008|00:53] C:\Program Files\GGPO

[25/10/2009|16:19] C:\Program Files\HLSW

[28/12/2009|10:52] C:\Program Files\InstallShield Installation Information

[17/05/2008|17:15] C:\Program Files\Intel

[22/08/2008|18:20] C:\Program Files\InterActual

[10/12/2009|11:58] C:\Program Files\Internet Explorer

[05/11/2009|07:49] C:\Program Files\iPod

[05/11/2009|07:50] C:\Program Files\iTunes

[31/03/2009|16:58] C:\Program Files\Java

[18/02/2009|21:57] C:\Program Files\JitBit

[19/11/2009|16:38] C:\Program Files\JoWooD

[01/01/2010|14:42] C:\Program Files\KeyScrambler

[30/12/2008|00:51] C:\Program Files\KeyToPlay

[26/11/2008|12:10] C:\Program Files\Lavalys

[26/04/2009|10:55] C:\Program Files\LibUSB-Win32-0.1.10.1

[17/05/2008|19:04] C:\Program Files\Logitech

[01/01/2010|15:17] C:\Program Files\Malwarebytes' Anti-Malware

[09/10/2009|11:33] C:\Program Files\Microsoft

[02/11/2006|13:35] C:\Program Files\Microsoft Games

[18/02/2009|16:36] C:\Program Files\Microsoft Games for Windows - LIVE

[31/07/2008|09:59] C:\Program Files\Microsoft Office

[10/10/2009|14:58] C:\Program Files\Microsoft Silverlight

[31/07/2008|09:59] C:\Program Files\Microsoft Visual Studio

[01/05/2009|07:20] C:\Program Files\Microsoft Works

[31/07/2008|09:59] C:\Program Files\Microsoft.NET

[01/11/2008|02:26] C:\Program Files\Miranda IM

[21/10/2009|10:00] C:\Program Files\Movie Maker

[17/10/2008|05:34] C:\Program Files\MozBackup

[02/01/2010|11:59] C:\Program Files\Mozilla Firefox

[13/01/2009|04:03] C:\Program Files\Mozilla Firefox 3 Beta 5

[23/08/2009|08:51] C:\Program Files\Mozilla Thunderbird

[08/11/2008|20:22] C:\Program Files\mp3DirectCut

[04/10/2008|08:49] C:\Program Files\MSBuild

[13/11/2008|14:59] C:\Program Files\MSXML 4.0

[04/08/2009|01:10] C:\Program Files\NCSoft

[13/11/2009|17:16] C:\Program Files\Neoact

[02/06/2009|23:01] C:\Program Files\NHN USA

[10/11/2009|08:42] C:\Program Files\Nokia

[24/06/2008|07:57] C:\Program Files\Notepad++

[01/01/2010|13:21] C:\Program Files\NVIDIA Corporation

[01/12/2009|21:10] C:\Program Files\OpenOffice.org 3

[07/11/2008|22:56] C:\Program Files\Orb Networks

[31/12/2009|16:44] C:\Program Files\Pando Networks

[10/11/2009|08:42] C:\Program Files\PC Connectivity Solution

[05/12/2008|19:52] C:\Program Files\PlayNC

[24/09/2009|21:04] C:\Program Files\QuickTime

[14/09/2008|18:02] C:\Program Files\Real

[04/10/2008|08:49] C:\Program Files\Reference Assemblies

[11/07/2008|21:46] C:\Program Files\RomStation

[13/11/2009|13:31] C:\Program Files\Runic Games

[18/08/2009|18:28] C:\Program Files\Samsung

[02/07/2008|12:27] C:\Program Files\Satsuki Decoder Pack

[30/09/2009|08:17] C:\Program Files\SealOnlineUSA

[30/05/2009|18:24] C:\Program Files\Skype

[12/09/2009|13:28] C:\Program Files\SlySoft

[05/07/2008|20:14] C:\Program Files\Sony

[01/01/2010|15:01] C:\Program Files\Sophos

[27/12/2009|23:34] C:\Program Files\Spybot - Search & Destroy

[19/04/2009|09:31] C:\Program Files\Stardock

[19/04/2009|10:25] C:\Program Files\Stardock Games

[30/12/2009|15:05] C:\Program Files\Steam

[17/05/2008|19:41] C:\Program Files\Teamspeak2_RC2

[18/02/2009|16:27] C:\Program Files\THQ

[01/01/2010|12:14] C:\Program Files\trend micro

[02/11/2006|14:00] C:\Program Files\Uninstall Information

[24/09/2009|20:51] C:\Program Files\Utilitaire de configuration iPhone

[10/06/2008|21:43] C:\Program Files\uTorrent

[16/01/2009|08:46] C:\Program Files\Ventrilo

[30/01/2009|21:41] C:\Program Files\Veoh Networks

[13/08/2008|21:04] C:\Program Files\VideoLAN

[03/04/2009|05:06] C:\Program Files\VirtualDub

[04/06/2009|10:40] C:\Program Files\Vstplugins

[27/12/2009|15:34] C:\Program Files\VuPassword

[16/01/2009|16:08] C:\Program Files\Wakfu

[01/01/2010|14:55] C:\Program Files\WC3Banlist

[28/12/2009|10:52] C:\Program Files\WEBZEN

[06/10/2008|01:22] C:\Program Files\WiFiConnector

[21/10/2009|10:00] C:\Program Files\Windows Calendar

[21/10/2009|10:00] C:\Program Files\Windows Collaboration

[21/10/2009|10:00] C:\Program Files\Windows Defender

[21/10/2009|10:00] C:\Program Files\Windows Journal

[15/07/2009|07:52] C:\Program Files\Windows Live

[08/01/2009|13:02] C:\Program Files\Windows Live Safety Center

[09/10/2009|11:33] C:\Program Files\Windows Live SkyDrive

[10/12/2009|11:58] C:\Program Files\Windows Mail

[28/10/2009|08:46] C:\Program Files\Windows Media Player

[17/05/2008|17:10] C:\Program Files\Windows NT

[21/10/2009|10:00] C:\Program Files\Windows Photo Gallery

[18/11/2009|01:26] C:\Program Files\Windows Portable Devices

[21/10/2009|10:00] C:\Program Files\Windows Sidebar

[16/07/2009|14:47] C:\Program Files\WinPcap

[10/06/2008|17:52] C:\Program Files\WinRAR

[03/04/2009|05:20] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[21/10/2009|10:32] C:\Program Files\Common Files\Adobe

[05/11/2009|07:45] C:\Program Files\Common Files\Adobe AIR

[05/11/2009|07:49] C:\Program Files\Common Files\Apple

[27/12/2009|15:30] C:\Program Files\Common Files\BioWare

[09/12/2009|14:01] C:\Program Files\Common Files\Blizzard Entertainment

[04/11/2008|02:02] C:\Program Files\Common Files\Control Panels

[31/07/2008|09:59] C:\Program Files\Common Files\DESIGNER

[03/04/2009|05:11] C:\Program Files\Common Files\DivX Shared

[10/08/2008|15:17] C:\Program Files\Common Files\INCA Shared

[05/07/2008|13:56] C:\Program Files\Common Files\InstallShield

[01/01/2010|14:55] C:\Program Files\Common Files\Logishrd

[04/11/2008|01:52] C:\Program Files\Common Files\Macrovision Shared

[01/05/2009|07:21] C:\Program Files\Common Files\microsoft shared

[10/11/2009|08:43] C:\Program Files\Common Files\Nokia

[01/07/2008|12:42] C:\Program Files\Common Files\PX Storage Engine

[17/09/2008|05:59] C:\Program Files\Common Files\Real

[02/11/2006|12:18] C:\Program Files\Common Files\Services

[30/05/2009|18:24] C:\Program Files\Common Files\Skype

[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines

[19/11/2009|16:48] C:\Program Files\Common Files\Steam

[04/10/2008|22:08] C:\Program Files\Common Files\SWF Studio

[21/10/2009|10:00] C:\Program Files\Common Files\System

[15/07/2009|07:50] C:\Program Files\Common Files\Windows Live

[19/05/2008|16:12] C:\Program Files\Common Files\WindowsLiveInstaller

[30/11/2009|20:33] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-02 13:55:24

Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Choucri\AppData\Local\msf32\tools\lm2ntcrack.rb

C:\Users\Choucri\AppData\Local\msf32\tools\.svn\prop-base\lm2ntcrack.rb.svn-base

C:\Users\Choucri\AppData\Local\msf32\tools\.svn\text-base\lm2ntcrack.rb.svn-base

C:\Users\Choucri\Saved Games\Music\iTunes\iTunes Music\Eminem\Relapse (Deluxe Version)\18 Crack a Bottle (feat. Dr. Dre & 5.m4a

C:\Users\Choucri\Saved Games\Music\iTunes\iTunes Music\Eminem\Relapse (Deluxe Version)\22 Crack a Bottle (Single Version) [.m4a

[F:2][D:0]-> C:\Users\Choucri\AppData\Local\Temp

[F:2][D:1]-> C:\Users\Choucri\AppData\Roaming\MICROS~1\Windows\Cookies

[F:2][D:0]-> C:\Users\Choucri\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 02/01/2010|13:52 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 02/01/2010|13:56 - Option : [2]

--------------------\\ Fin du rapport a 13:56:51

[ UAC => 1 ]

Concernant maintenant le rootkit, j'ai lancé une inspection avec Gmer j'ai trouvé une ligne en rouge que j'ai désactivé à défaut de pouvoir la supprimer. Et j'ai découvert ce matin la présence du fichier en quarantaine sur mon antivirus. Donc je ne sais pas si indirectement en désactivant ce fichier l'antivirus l'aurait par la suite détecter. Je n'ai pas souvenir d'avoir eux d'alerte de la part de mon antivirus désolé.

pear · le 2 janvier 2010

Ok,

J'attends la suite.

Moondarim · le 2 janvier 2010

Rebonjour,

Contenu du fichier File, concernant les tâches cachée:

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est D429-601E

R‚pertoire de C:\Windows\tasks

31/12/2009 17:41 <REP> .

31/12/2009 17:41 <REP> ..

01/01/2010 19:04 6 SA.DAT

01/01/2010 19:03 32ÿ526 SCHEDLGU.TXT

02/01/2010 13:47 422 User_Feed_Synchronization-{0D0E0635-D129-4021-95AD-3F5136A6BA98}.job

3 fichier(s) 32ÿ954 octets

R‚pertoire de C:\Users\Choucri\Desktop

Voici le rapport de MBAM:

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3468

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18865

02/01/2010 15:34:50

mbam-log-2010-01-02 (15-34-50).txt

Type de recherche: Examen complet (C:\|E:\|)

Eléments examinés: 469113

Temps écoulé: 1 hour(s), 17 minute(s), 58 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

E:\Ragnarok II\Euphro2\System\Window.dll (Malware.Packer.T) -> Quarantined and deleted successfully.

Modifié le 2 janvier 2010 par Moondarim

Moondarim · le 2 janvier 2010

Voici dans un premier temps le rapport log RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Choucri at 2010-01-02 15:40:57

Microsoft® Windows Vista™ Édition Intégrale Service Pack 2

System drive C: has 32 GB (22%) free of 143 GB

Total RAM: 3326 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:41:02, on 02/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

C:\Windows\Explorer.EXE

E:\Program Files\Winamp\winampa.exe

C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Windows Mail\WinMail.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Choucri\Downloads\RSIT.exe

C:\Program Files\trend micro\HijackThis\Choucri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.naver.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [soundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKUS\S-1-5-18\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O16 - DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - https://members.hangame.com/common/CKKeyProInst.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://id.hangame.com/common/HanSetup1020.cab

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D89D97A9-12C5-45E3-9353-3540761FE15C} (SealWebLaunch Control) - http://channel.dontblynk.com/Launcher/SealWebLaunch.CAB

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: {DLL_Str}

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: NMSAccessU - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PS3 Media Server - Unknown owner - E:\Program Files\PS3 Media Server\win32\service\wrapper.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 7432 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{0D0E0635-D129-4021-95AD-3F5136A6BA98}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-04-03 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"WinampAgent"=E:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

"SoundTray"=C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe [2007-08-02 53248]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-08-28 1282048]

"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-30 1389904]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="{DLL_Str}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Windows\system32\quickset.exe"="C:\Windows\system32\quickset.exe:*:Enabled:UPnP Firewall"

"c:\qwghr.exe"="c:\qwghr.exe:*:Enabled:RUNTIME_EXECUTABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\Windows\system32\quickset.exe"="C:\Windows\system32\quickset.exe:*:Enabled:UPnP Firewall"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b9a04a4-8e68-11de-9c32-001fc662d6f6}]

shell\AutoRun\command - F:\Setup.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-02 15:40:57 ----D---- C:\rsit

2010-01-02 13:50:52 ----A---- C:\lopR.txt

2010-01-02 13:50:42 ----D---- C:\Lop SD

2010-01-01 19:23:42 ----D---- C:\Program Files\Ad-Remover

2010-01-01 15:17:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-01 15:01:01 ----D---- C:\Program Files\Sophos

2010-01-01 14:55:56 ----D---- C:\Program Files\WC3Banlist

2010-01-01 14:28:46 ----D---- C:\Program Files\KeyScrambler

2010-01-01 13:23:43 ----A---- C:\Windows\system32\NVStWiz.exe

2010-01-01 13:22:37 ----A---- C:\Windows\system32\nvuninst.exe

2009-12-31 18:16:31 ----D---- C:\Users\Choucri\AppData\Roaming\ESET

2009-12-31 18:05:30 ----D---- C:\Program Files\a-squared Free

2009-12-31 18:02:45 ----D---- C:\Users\Choucri\AppData\Roaming\Malwarebytes

2009-12-31 18:02:41 ----D---- C:\ProgramData\Malwarebytes

2009-12-31 17:54:01 ----AD---- C:\Windows\temp

2009-12-31 17:52:49 ----SHD---- C:\$RECYCLE.BIN

2009-12-31 17:24:06 ----A---- C:\Windows\system32\tmp.txt

2009-12-31 17:12:00 ----D---- C:\Program Files\trend micro

2009-12-29 09:13:23 ----A---- C:\Windows\system32\D3DX9_41.dll

2009-12-29 09:13:23 ----A---- C:\Windows\system32\d3dx10_41.dll

2009-12-29 09:13:23 ----A---- C:\Windows\system32\D3DCompiler_41.dll

2009-12-29 09:13:22 ----A---- C:\Windows\system32\XAudio2_4.dll

2009-12-29 09:13:22 ----A---- C:\Windows\system32\XAPOFX1_3.dll

2009-12-29 09:13:22 ----A---- C:\Windows\system32\xactengine3_4.dll

2009-12-29 09:13:22 ----A---- C:\Windows\system32\X3DAudio1_6.dll

2009-12-29 09:13:22 ----A---- C:\Windows\system32\D3DX9_40.dll

2009-12-29 09:13:22 ----A---- C:\Windows\system32\d3dx10_40.dll

2009-12-29 09:13:22 ----A---- C:\Windows\system32\D3DCompiler_40.dll

2009-12-28 10:52:45 ----A---- C:\Windows\system32\CMStarterCore.exe

2009-12-28 10:52:45 ----A---- C:\Windows\system32\CMStarter_Kor.dll

2009-12-28 10:52:45 ----A---- C:\Windows\system32\CMStarter_Eng.dll

2009-12-27 21:53:06 ----D---- C:\Windows\ERDNT

2009-12-27 21:25:34 ----D---- C:\Windows\pss

2009-12-27 21:15:05 ----D---- C:\%APPDATA%

2009-12-27 20:21:15 ----DC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-12-27 16:24:29 ----SHD---- C:\Windows\%APPDATA%

2009-12-27 10:13:57 ----HT---- C:\Windows\system32\f6205de.dll

2009-12-27 10:13:57 ----HT---- C:\Windows\system32\f23aa23.dll

2009-12-25 21:14:28 ----D---- C:\Nexon

2009-12-24 16:48:47 ----D---- C:\Program Files\Conduit

2009-12-19 15:48:14 ----A---- C:\Windows\system32\nvcod178.dll

2009-12-11 13:04:25 ----A---- C:\Windows\system32\iisrstap.dll

2009-12-11 13:04:25 ----A---- C:\Windows\system32\iisreset.exe

2009-12-11 13:04:24 ----A---- C:\Windows\system32\nshhttp.dll

2009-12-11 13:04:24 ----A---- C:\Windows\system32\iisRtl.dll

2009-12-11 13:04:23 ----A---- C:\Windows\system32\ahadmin.dll

2009-12-11 13:04:23 ----A---- C:\Windows\system32\admwprox.dll

2009-12-11 13:04:22 ----A---- C:\Windows\system32\wamregps.dll

2009-12-11 13:04:22 ----A---- C:\Windows\system32\httpapi.dll

2009-12-10 01:24:23 ----A---- C:\Windows\system32\winhttp.dll

2009-12-10 01:24:20 ----A---- C:\Windows\system32\mshtml.dll

2009-12-10 01:24:20 ----A---- C:\Windows\system32\ieframe.dll

2009-12-10 01:24:19 ----A---- C:\Windows\system32\wininet.dll

2009-12-10 01:24:19 ----A---- C:\Windows\system32\urlmon.dll

2009-12-10 01:24:19 ----A---- C:\Windows\system32\occache.dll

2009-12-10 01:24:19 ----A---- C:\Windows\system32\msfeeds.dll

2009-12-10 01:24:19 ----A---- C:\Windows\system32\iertutil.dll

2009-12-10 01:24:19 ----A---- C:\Windows\system32\iedkcs32.dll

2009-12-10 01:24:18 ----A---- C:\Windows\system32\msfeedssync.exe

2009-12-10 01:24:18 ----A---- C:\Windows\system32\msfeedsbs.dll

2009-12-10 01:24:18 ----A---- C:\Windows\system32\jsproxy.dll

2009-12-10 01:24:18 ----A---- C:\Windows\system32\ieUnatt.exe

2009-12-10 01:24:18 ----A---- C:\Windows\system32\ieui.dll

2009-12-10 01:24:18 ----A---- C:\Windows\system32\iesysprep.dll

2009-12-10 01:24:18 ----A---- C:\Windows\system32\iesetup.dll

2009-12-10 01:24:18 ----A---- C:\Windows\system32\iernonce.dll

2009-12-10 01:24:18 ----A---- C:\Windows\system32\iepeers.dll

2009-12-10 01:24:18 ----A---- C:\Windows\system32\ie4uinit.exe

2009-12-10 01:24:02 ----A---- C:\Windows\system32\rastls.dll

2009-12-09 14:12:14 ----A---- C:\BnetLog.txt

2009-12-09 13:39:52 ----D---- C:\Program Files\Common Files\Blizzard Entertainment

2009-12-08 23:27:35 ----D---- C:\Program Files\WEBZEN

2009-12-08 11:49:33 ----A---- C:\Windows\ScUnin.exe

2009-12-08 11:48:57 ----D---- C:\Starcraft

======List of files/folders modified in the last 1 months======

2010-01-02 15:41:02 ----D---- C:\Windows\Prefetch

2010-01-02 15:35:07 ----D---- C:\Windows\tapi

2010-01-02 15:35:07 ----D---- C:\Windows\system32\drivers

2010-01-02 15:32:29 ----D---- C:\Program Files\Mozilla Firefox

2010-01-02 13:55:13 ----D---- C:\Windows\System32

2010-01-02 13:55:13 ----D---- C:\Windows\inf

2010-01-02 13:55:13 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-01-02 13:35:24 ----D---- C:\ProgramData\Spybot - Search & Destroy

2010-01-02 13:35:23 ----D---- C:\Windows\Minidump

2010-01-02 13:35:23 ----D---- C:\Windows

2010-01-02 13:34:26 ----D---- C:\Program Files

2010-01-01 16:00:23 ----D---- C:\Users\Choucri\AppData\Roaming\Winamp

2010-01-01 15:53:13 ----D---- C:\Windows\system32\catroot2

2010-01-01 14:55:57 ----D---- C:\Program Files\Common Files\Logishrd

2010-01-01 14:55:57 ----D---- C:\Program Files\Common Files

2010-01-01 14:32:18 ----SHD---- C:\Windows\Installer

2010-01-01 13:43:44 ----D---- C:\ProgramData\NVIDIA

2010-01-01 13:43:44 ----D---- C:\ProgramData

2010-01-01 13:23:01 ----D---- C:\Windows\Help

2010-01-01 13:21:45 ----D---- C:\Program Files\NVIDIA Corporation

2010-01-01 12:40:14 ----AD---- C:\ProgramData\TEMP

2010-01-01 06:26:50 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP

2009-12-31 20:30:50 ----D---- C:\Windows\MSAgent

2009-12-31 20:30:49 ----D---- C:\Windows\Globalization

2009-12-31 18:16:18 ----D---- C:\Windows\system32\catroot

2009-12-31 18:15:58 ----D---- C:\ProgramData\ESET

2009-12-31 17:45:27 ----A---- C:\Windows\system.ini

2009-12-31 17:41:36 ----D---- C:\Windows\Tasks

2009-12-31 17:39:23 ----D---- C:\Windows\AppPatch

2009-12-31 16:44:42 ----D---- C:\Program Files\Pando Networks

2009-12-31 16:39:11 ----D---- C:\Windows\system32\Tasks

2009-12-31 00:13:15 ----D---- C:\Users\Choucri\AppData\Roaming\vlc

2009-12-30 15:05:49 ----D---- C:\Program Files\Steam

2009-12-29 09:13:32 ----D---- C:\Users\Choucri\AppData\Roaming\runic games

2009-12-29 09:13:30 ----D---- C:\Windows\winsxs

2009-12-29 09:13:16 ----RSD---- C:\Windows\assembly

2009-12-28 10:52:45 ----SD---- C:\Windows\Downloaded Program Files

2009-12-28 10:52:40 ----HD---- C:\Program Files\InstallShield Installation Information

2009-12-27 23:34:27 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-12-27 22:01:36 ----D---- C:\Windows\system32\config

2009-12-27 22:01:36 ----D---- C:\Boot

2009-12-27 21:45:11 ----A---- C:\Windows\wininit.ini

2009-12-27 21:23:09 ----D---- C:\Windows\system32\LogFiles

2009-12-27 21:15:20 ----DC---- C:\Windows\system32\DRVSTORE

2009-12-27 15:34:19 ----D---- C:\Program Files\VuPassword

2009-12-27 15:30:48 ----D---- C:\Program Files\Common Files\BioWare

2009-12-27 15:24:20 ----D---- C:\Windows\Debug

2009-12-24 14:35:34 ----D---- C:\Users\Choucri\AppData\Roaming\uTorrent

2009-12-11 13:09:36 ----D---- C:\Windows\system32\migration

2009-12-11 13:09:36 ----D---- C:\Windows\system32\inetsrv

2009-12-10 12:15:22 ----D---- C:\Windows\rescache

2009-12-10 11:58:33 ----D---- C:\Windows\system32\fr-FR

2009-12-10 11:58:33 ----D---- C:\Program Files\Internet Explorer

2009-12-10 11:58:32 ----D---- C:\Program Files\Windows Mail

2009-12-10 11:56:55 ----D---- C:\ProgramData\Microsoft Help

2009-12-09 19:36:23 ----D---- C:\Users\Choucri\AppData\Roaming\Skype

2009-12-09 19:35:48 ----D---- C:\Users\Choucri\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-10-24 53256]

R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]

R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-08-18 5632]

R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-10-24 39944]

R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2008-10-24 73224]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-08-29 345088]

R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2009-10-04 115312]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-08-16 9545152]

R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

S2 npkcrypt;npkcrypt; \??\E:\Program Files\NEXON\EuropeMapleStory\npkcrypt.sys []

S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys []

S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-25 4385792]

S3 Bcfilter;Jetico Personal Firewall Network Monitor; C:\Windows\system32\DRIVERS\bcfilter.sys []

S3 BcfilterMP;BcfilterMP; C:\Windows\system32\DRIVERS\bcfilter.sys []

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]

S3 CM1083264;C-Media CM108 Like Sound UDAX Interface; C:\Windows\system32\drivers\CM108.sys [2007-04-13 1307136]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []

S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]

S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-09-05 23152]

S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]

S3 JRSKD24;JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS []

S3 JRSUKD24;JRSUKD24; \??\C:\Windows\system32\JRSUKD24.SYS [2009-10-03 6784]

S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\7953.tmp []

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-08-15 552448]

S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]

S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]

S3 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2008-06-01 34064]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\Windows\system32\DRIVERS\rt25usbap.sys [2007-07-03 162944]

S3 RTL8169;Pilote Realtek 8169 NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]

S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2008-01-30 25216]

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-05-29 39424]

S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]

S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S3 XDva248;XDva248; \??\C:\Windows\system32\XDva248.sys []

S4 bxxfof;bxxfof; C:\Windows\system32\drivers\bxxfof.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-01 691696]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-06-07 86016]

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

R2 NMSAccessU;NMSAccessU; E:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-17 215584]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour; C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-04 654848]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]

S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-11-11 3447656]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PS3 Media Server;PS3 Media Server; E:\Program Files\PS3 Media Server\win32\service\wrapper.exe [2008-08-17 217088]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-09-17 651776]

S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-16 320760]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]

S4 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []

S4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\Windows\system32\libusbd-nt.exe [2005-03-09 18944]

-----------------EOF-----------------

Voici la suite info RSIT:

info.txt logfile of random's system information tool 1.06 2010-01-02 15:41:03

======Uninstall list======

??? ?? ????-->C:\Windows\system32\HanSetup.exe -u

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

12Sky-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4235A9E5-EEFF-42E7-BEC9-9D421DD10ECB}\setup.exe" -l0x9 -removeonly

AC Tool-->C:\PROGRA~1\ACTOOL~1\UNWISE.EXE C:\PROGRA~1\ACTOOL~1\INSTALL.LOG

Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}

Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}

Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}

Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}

Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}

Adobe InDesign CS3-->MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}

Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}

Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}

Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}

Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"

AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe

Allods Online 1.0.04.11-->E:\gPotato.com\Allods Online\uninst.exe

Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

ASUS WiFi-AP @n-->C:\Program Files\InstallShield Installation Information\{6600970A-BAE7-412A-BFFC-91AD793B3A41}\Setup.exe -runfromtemp -l0x0009 -removeonly

AutoIt v3.3.0.0-->C:\Program Files\AutoIt3\Uninstall.exe

Battleforge-->"C:\Program Files\Steam\steam.exe" steam://uninstall/24760

Bionic Commando-->"C:\Program Files\InstallShield Installation Information\{E1071C00-B001-4633-B9C3-164C856D5730}\setup.exe" -runfromtemp -l0x040c -removeonly

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

C9-->"E:\HanPurple\C9\unins000.exe"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDBurnerXP-->"E:\Program Files\CDBurnerXP\unins000.exe"

C-Media CM108 Like Sound Device-->C:\Windows\system32\Cmeau108.exe /rm /pusb108

Darkfall-->MsiExec.exe /I{E47A2A39-221D-4BE7-8EB9-8BC924197194}

Demigod-->"C:\Program Files\Stardock Games\Demigod\UninstHelper.exe" /autouninstall dem

Diablo II-->C:\Program Files\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Download Manager 2.3.9-->C:\Program Files\Download Manager\uninst.exe

Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe

Dragonica(FR)-->E:\Program Files\gPotato.eu\Dragonica\FR\uninst.exe

Dyyno Broadcaster-->"E:\Program Files\Dyyno\Dyyno Broadcaster\uninstall.exe"

EA Download Manager-->E:\Program Files\Electronic Arts\EADM\Uninstall.exe

EA Shared Game Component: Activation-->msiexec /qb /x {217EC467-61C4-1939-3BBF-4FA4CAEA42FF}

EA Shared Game Component: Activation-->MsiExec.exe /I{217EC467-61C4-1939-3BBF-4FA4CAEA42FF}

Emil Chronicle Online-->C:\Program Files\InstallShield Installation Information\{DA7F8DA4-FDC6-4491-88EE-C03798D373EF}\setup.exe -runfromtemp -l0x0009 -removeonly

ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}

EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"

ffdshow [rev 2019] [2008-06-22]-->"C:\Program Files\ffdshow\unins000.exe"

FileZilla Client 3.2.3.1-->E:\Program Files\FileZilla FTP Client\uninstall.exe

Fraps (remove only)-->"E:\Fraps\uninstall.exe"

Free M4a to MP3 Converter 5.9-->"E:\Program Files\Free M4a to MP3 Converter\unins000.exe"

Freeplayer-->E:\Program Files\Freeplayer\Uninstall.exe

GetRight-->"C:\Program Files\GetRight\unins000.exe"

GGPO-->MsiExec.exe /X{68BD9036-0952-4849-AE7A-963BB53EDB71}

Grand Fantasia-->C:\AeriaGames\GrandFantasia\Uninst.exe

Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220

Heroes of Newerth-->E:\Program Files\Heroes of Newerth\uninstall.exe

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis\HijackThis.exe" /uninstall

HLSW v1.3.2.1-->"C:\Program Files\HLSW\unins000.exe"

HomePlayer 1.5.7d-->E:\Program Files\HomePlayer\uninst.exe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

IDA Pro Advanced v5.2 with WinCE v5.0 debugger-->"E:\Program Files\IDA\unins000.exe"

ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly

Impulse-->"C:\ProgramData\{1E77E486-38CF-4688-B1E4-B86D08856D09}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE

Impulse-->C:\ProgramData\{1E77E486-38CF-4688-B1E4-B86D08856D09}\Impulse_setup.exe

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe

League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly

LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"

Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly

LUNA Online v1.0.0-->C:\gPotato\Luna Online\uninst.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}

Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{887868A2-D6DE-3255-AA92-AA0B5A59B874}

Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}

Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}

Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}

MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}

MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Mu-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}\Setup.exe" -l0x9 UNINSTALL

Nokia Connectivity Cable Driver-->MsiExec.exe /I{1597D0AE-34A7-4A8B-A395-2E30EB745470}

Nokia Download!-->MsiExec.exe /X{8852753D-9E27-41F6-9A20-1D4E02B013FC}

Nokia Map Loader-->MsiExec.exe /I{18B5996A-643E-4176-9BEB-27C45C9F1FC3}

Nokia Ovi Suite Software Updater-->MsiExec.exe /X{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}

Nokia Ovi Suite-->C:\ProgramData\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe

Nokia Ovi Suite-->MsiExec.exe /X{82E16F2D-804A-4990-BEEF-C9DB44AE844B}

Nokia Software Updater-->MsiExec.exe /X{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}

OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}

Operation Flashpoint: Dragon Rising-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12830

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Ovi Desktop Sync Engine-->MsiExec.exe /X{AF595D08-64AC-428B-8FB8-EEC70CCB8803}

OviMPlatform-->MsiExec.exe /I{702563CE-516C-40CF-B69C-A4E2A8FC8F14}

PC Connectivity Solution-->MsiExec.exe /I{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Quake Live Mozilla Plugin-->MsiExec.exe /I{8CADD3F6-E808-4D48-893D-797B4849DE72}

QuickPar 0.9-->E:\Program Files\QuickPar\uninst.exe

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

ROSE Online Evolution-->"C:\Windows\ROSE Online Evolution\uninstall.exe" "/U:E:\Program Files\Triggersoft\ROSE Online Evolution\Uninstall\uninstall.xml"

Ryzom-->"E:\Program Files\Ryzom\uninstaller.exe"

Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly

Satsuki Decoder Pack 4000-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}

Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove

Soul of the Ultimate Nation-->"C:\Program Files\InstallShield Installation Information\{0049D352-1D20-4FFB-8EF6-81CFBDF3ADE5}\setup.exe" -runfromtemp -l0x0009 -removeonly

SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly

Spellforce 2 - Dragon Storm -->MsiExec.exe /I{2F270E5D-573B-4507-92E0-29FB6E700C7F}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Starcraft-->C:\Windows\scunin.exe C:\Windows\scunin.dat

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"

Torchlight-->"C:\Program Files\Steam\steam.exe" steam://uninstall/41500

TvFreePlayer Tools-->c:\TFPTools3_0\Uninstal.exe

UnInstall_SealOnlineUSA-->"C:\Windows\IFinst27.exe" -UC:\Program Files\SealOnlineUSA\IFUBD5A.inf

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}

Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}

Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}

Utilitaire de configuration iPhone-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}

Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{97E038E1-41AD-4C93-BCDC-6A2394AEE352}

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"

Version d'évaluation de Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL

VirtualDub 1.8.8 Fr-->"C:\Program Files\VirtualDub\unins000.exe"

VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Warhammer 40,000: Dawn of War II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15620

Webzen Game Starter-->"C:\Program Files\InstallShield Installation Information\{255FC1CF-2620-4B64-BE02-79B9E609BB3D}\setup.exe" -runfromtemp -l0x0009 -removeonly

Winamp-->"E:\Program Files\Winamp\UninstWA.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"

Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}

winpcap-nmap 4.02-->"e:\Program Files\WinPcap\uninstall.exe"

WonderKing-->MsiExec.exe /I{1A4E71A5-643D-4536-B624-995F7E212272}

Xfire (remove only)-->"E:\Program Files\Xfire\uninst.exe"

Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2010-01-01]

======Security center information======

AV: ESET Smart Security 3.0 (disabled)

FW: ESET Personal firewall

AS: ESET Smart Security 3.0 (disabled)

AS: Spybot - Search and Destroy (disabled)

AS: Windows Defender

======System event log======

Computer Name: Orion

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB972145(Update) n’est pas applicable à ce système.

Record Number: 141657

Source Name: Microsoft-Windows-Servicing

Time Written: 20091028074558.000000-000

Event Type: Avertissement

User: Orion\Choucri

Computer Name: Orion

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB972145(Update) n’est pas applicable à ce système.

Record Number: 141656

Source Name: Microsoft-Windows-Servicing

Time Written: 20091028074558.000000-000

Event Type: Avertissement

User: Orion\Choucri

Computer Name: Orion

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB972145(Update) n’est pas applicable à ce système.

Record Number: 141655

Source Name: Microsoft-Windows-Servicing

Time Written: 20091028074558.000000-000

Event Type: Avertissement

User: Orion\Choucri

Computer Name: Orion

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB972145(Update) n’est pas applicable à ce système.

Record Number: 141654

Source Name: Microsoft-Windows-Servicing

Time Written: 20091028074558.000000-000

Event Type: Avertissement

User: Orion\Choucri

Computer Name: Orion

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB972145(Update) n’est pas applicable à ce système.

Record Number: 141653

Source Name: Microsoft-Windows-Servicing

Time Written: 20091028074558.000000-000

Event Type: Avertissement

User: Orion\Choucri

=====Application event log=====

Computer Name: Orion

Event Code: 1000

Message: Application défaillante AgeOfConan.exe, version 1.0.0.0, horodatage 0x48304989, module défaillant ntdll.dll, version 6.0.6001.18000, horodatage 0x4791a7a6, code d’exception 0xc0000005, décalage d’erreur 0x000681cb, ID du processus 0xde0, heure de début de l’application 0x01c8bb545c02e640.

Record Number: 1229

Source Name: Application Error

Time Written: 20080521160349.000000-000

Event Type: Erreur

User:

Computer Name: Orion

Event Code: 1000

Message: Application défaillante AgeOfConan.exe, version 1.0.0.0, horodatage 0x48304989, module défaillant d3d9.dll, version 6.0.6001.18000, horodatage 0x4791a65d, code d’exception 0xc0000005, décalage d’erreur 0x0000a69f, ID du processus 0x694, heure de début de l’application 0x01c8bb450e9da890.

Record Number: 1218

Source Name: Application Error

Time Written: 20080521132251.000000-000

Event Type: Erreur

User:

Computer Name: Orion

Event Code: 1002

Message: Le programme AgeOfConan.exe version 1.0.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 1b0 Heure de début : 01c8bb3de8b87591 Heure de fin : 105

Record Number: 1215

Source Name: Application Hang

Time Written: 20080521124228.000000-000

Event Type: Erreur

User:

Computer Name: Orion

Event Code: 1002

Message: Le programme AgeOfConan.exe version 1.0.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : a60 Heure de début : 01c8bb3b5cf96201 Heure de fin : 209

Record Number: 1206

Source Name: Application Hang

Time Written: 20080521122031.000000-000

Event Type: Erreur

User:

Computer Name: Orion

Event Code: 1002

Message: Le programme AgeOfConan.exe version 1.0.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : a30 Heure de début : 01c8bb19d0c584b1 Heure de fin : 2997

Record Number: 1198

Source Name: Application Hang

Time Written: 20080521111538.000000-000

Event Type: Erreur

User:

=====Security event log=====

Computer Name: Orion

Event Code: 1101

Message: Les événements d’audit ont été ignorés par le transport. Le fichier de sauvegarde en temps réel a été endommagé suite à un arrêt incorrect.

Record Number: 14536

Source Name: Microsoft-Windows-Eventlog

Time Written: 20081104192521.846639-000

Event Type: Succès de l'audit

User:

Computer Name: Orion

Event Code: 4672

Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 14535

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20081104040656.222800-000

Event Type: Succès de l'audit

User:

Computer Name: Orion

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : ORION$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :

ID du processus : 0x270

Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :

Nom de la station de travail :

Adresse du réseau source : -

Port source : -

Informations détaillées sur l’authentification :

Processus d’ouverture de session : Advapi

Package d’authentification : Negotiate

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 14534

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20081104040656.222800-000

Event Type: Succès de l'audit

User:

Computer Name: Orion

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : ORION$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

Informations sur le processus :

ID du processus : 0x270

Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :

Adresse du réseau : -

Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 14533

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20081104040656.222800-000

Event Type: Succès de l'audit

User:

Computer Name: Orion

Event Code: 4672

Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 14532

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20081104040100.293200-000

Event Type: Succès de l'audit

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=4

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Modifié le 2 janvier 2010 par Moondarim

pear · le 2 janvier 2010

Bonsoir,

Poste de travail->Outils ->Options des dossiers ->Affichage

Cocher "Afficher les dossiers cachés"

Décocher" Masquer les extension des fichiers dont le type est connus "ainsi que "Masquer les fichiers protégés du système d exploitation"

--> un message dit que cela peut endommager le système, ne pas en tenir compte, valider par oui.

Rendez vous à cette addresse:

Cliquez sur parcourir pour trouver ces fichiers:

C:\Windows\system32\f6205de.dll

C:\Windows\system32\f23aa23.dll

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now

Télécharger Usb Fix de C_XX & Chiquitine29, sur le bureau

Installez le.

Vous devez désactiver la protection en temps réel de votre Antivirus qui peut considérer certains composants de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Si vous êtes Sous Vista:

Désactivez le contrôle des comptes utilisateurs (Vous le réactiverez par la suite):

http://www.zebulon.fr/astuces/220-desactiv...dans-vista.html

- Démarrer puis panneau de configuration->"Comptes d'utilisateurs"

- Cliquer ensuite sur désactiver et valider.

Lancer l'installation avec les paramètres par défault

Brancher les périphériques externes (clé USB, disque dur externe, etc...) sans les ouvrir

Faire un Clic-droit sur le raccourci Usbfix sur le bureau et choisir "Exécuter en tant qu'administrateur".

Lancer l' option 1(Recherche)

le rapport UsbFix.txt est sauvegardé à la racine du disque .

Faites en un copier/coller dans le bloc notes pour le poster.

Ensuite,

Lancer l'option 2(Suppression)

Le bureau disparait et le pc redémarre

Patientez le temps du scan.

le rapport UsbFix.txt est sauvegardé à la racine du disque

Faites en un copier/coller dans le bloc notes pour le poster.

Moondarim · le 2 janvier 2010

Rapport du fichier f6205de.dll:

Fichier f6205de.dll reçu le 2010.01.02 15:58:36 (UTC)
Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.46 2010.01.02 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.02 -

Avast 4.8.1351.0 2010.01.02 -

AVG 8.5.0.430 2010.01.02 -

BitDefender 7.2 2010.01.02 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.01 -

Comodo 3448 2010.01.02 -

DrWeb 5.0.1.12222 2010.01.02 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.02 -

F-Secure 9.0.15370.0 2010.01.02 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.02 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.02 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.02 -

McAfee 5849 2010.01.02 -

McAfee+Artemis 5849 2010.01.02 -

McAfee-GW-Edition 6.8.5 2010.01.01 -

Microsoft 1.5302 2010.01.02 -

NOD32 4737 2010.01.02 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2009.12.31 -

Panda 10.0.2.2 2010.01.02 -

PCTools 7.0.3.5 2010.01.02 -

Prevx 3.0 2010.01.02 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.02 -

Sunbelt 3.2.1858.2 2010.01.01 -

TheHacker 6.5.0.3.125 2010.01.02 -

TrendMicro 9.120.0.1004 2010.01.02 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.01 -

Information additionnelle

File size: 179200 bytes

MD5...: b304d47d5744ba20fcb99fb8b2c07b0b

SHA1..: 40ff7bde32ce0e5f5e0fb4283f8c65b66f72b13f

SHA256: 16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8

ssdeep: 3072:x3HvZMUw4WOy04HNF4gHTfGimd40QFW+eIpqPvbG8plrjk/Nj11:t2UTa04 7rGimd4057G8p1k/Nj1 

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1434 timedatestamp.....: 0x4791a798 (Sat Jan 19 07:32:40 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x23e0b 0x24000 6.53 fb1ec7d791831e78feb564120f1e026b .data 0x25000 0xe2c 0xe00 4.51 ace438accfaf763efa64fccc40f5d733 .rsrc 0x26000 0x4e50 0x5000 3.66 b11b749fc580f178f5322a87a0d20986 .reloc 0x2b000 0x1818 0x1a00 6.50 841c9be872a9a158368ff23898435452 ( 6 imports ) > msvcrt.dll: _vsnwprintf, _vsnprintf, wcsstr, strtoul, __isascii, strchr, wcschr, _wcsnicmp, memset, atoi, fgets, fopen, fclose, _stricmp, sprintf_s, strcpy_s, towupper, isspace, wcsncmp, _XcptFilter, malloc, free, _initterm, _amsg_exit, _adjust_fdiv, _except_handler4_common, _unlock, __dllonexit, _lock, _onexit, memcpy > ADVAPI32.dll: OpenProcessToken, IsValidSid, CopySid, GetTokenInformation, EventRegister, EventWrite, EventUnregister, GetSecurityDescriptorDacl, AllocateAndInitializeSid, FreeSid, GetLengthSid, GetAclInformation, GetAce, EqualSid, InitializeSecurityDescriptor, InitializeAcl, AddAccessDeniedAce, AddAccessAllowedAce, SetSecurityDescriptorDacl, RegGetKeySecurity, CreateServiceA, ChangeServiceConfigA, ImpersonateLoggedOnUser, RevertToSelf, OpenSCManagerA, OpenServiceA, CloseServiceHandle, StartServiceA, QueryServiceStatus, OpenThreadToken, CheckTokenMembership, TraceMessage, RegQueryValueExW, RegCreateKeyExA, RegCloseKey, RegOpenKeyExA, RegSetValueExW, RegSetValueExA, RegLoadMUIStringW, RegQueryValueExA, RegDeleteKeyA, RegEnumKeyExA, RegNotifyChangeKeyValue > KERNEL32.dll: LocalAlloc, HeapReAlloc, lstrcmpA, InitializeCriticalSectionAndSpinCount, IsWow64Process, GetCurrentProcess, CreateEventW, GetCurrentThread, GetCurrentThreadId, DuplicateHandle, QueueUserAPC, GlobalFree, GetModuleFileNameA, GlobalAlloc, ResumeThread, GetModuleHandleA, DeviceIoControl, GetCurrentProcessId, InterlockedExchangeAdd, PulseEvent, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, DelayLoadFailureHook, GetTickCount, SetLastError, TlsGetValue, InterlockedDecrement, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, SetEvent, EnterCriticalSection, InterlockedIncrement, FreeLibraryAndExitThread, CloseHandle, WaitForSingleObject, FreeLibrary, CreateThread, GetModuleHandleExA, CreateEventA, GetProcAddress, LoadLibraryA, LoadLibraryExW, ExpandEnvironmentStringsW, lstrlenW, HeapDestroy, TlsFree, GetProcessHeap, HeapCreate, GetSystemInfo, TlsAlloc, SwitchToThread, LocalFree, GetCommandLineW, GetModuleFileNameW, InterlockedExchange, LoadLibraryW, GetHandleInformation, TlsSetValue, ResetEvent, WaitForMultipleObjectsEx, GetWindowsDirectoryA, GetSystemDirectoryA, ExpandEnvironmentStringsA, GetVersionExA, GetComputerNameA, GetEnvironmentVariableA, HeapFree, HeapAlloc, InterlockedCompareExchange, lstrlenA, Sleep > ntdll.dll: RtlGetNtProductType, NtOpenFile, NtQueryDirectoryFile, NtCreateNamedPipeFile, NtFsControlFile, NtWaitForSingleObject, NtCreateFile, RtlNtStatusToDosError, RtlImpersonateSelf, RtlAdjustPrivilege, NtLoadDriver, NtDeviceIoControlFile, NtClose, NtDelayExecution, RtlCompareMemory, RtlIpv6StringToAddressExW, RtlIpv6AddressToStringExW, RtlIpv4AddressToStringExW, RtlIpv6AddressToStringExA, RtlIpv4AddressToStringExA, RtlIpv6StringToAddressW, RtlIpv4StringToAddressW, RtlIpv6StringToAddressA, RtlIpv4StringToAddressA, RtlInitUnicodeString > RPCRT4.dll: RpcEpRegisterW, RpcServerInqBindings, RpcServerUseProtseqW, RpcServerUnregisterIfEx, RpcServerUnregisterIf, RpcServerRegisterIfEx, RpcServerListen, RpcRevertToSelf, RpcImpersonateClient, RpcBindingInqAuthClientW, I_RpcBindingInqTransportType, NdrAsyncServerCall, NdrServerCall2, UuidCreate, RpcBindingVectorFree, RpcBindingInqObject, RpcAsyncCompleteCall, RpcEpUnregister > NSI.dll: NsiSetAllParameters, NsiGetParameter, NsiGetAllParameters ( 167 exports ) FreeAddrInfoEx, FreeAddrInfoExW, FreeAddrInfoW, GetAddrInfoExA, GetAddrInfoExW, GetAddrInfoW, GetNameInfoW, InetNtopW, InetPtonW, SetAddrInfoExA, SetAddrInfoExW, WEP, WPUCompleteOverlappedRequest, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAdvertiseProvider, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSAConnectByList, WSAConnectByNameA, WSAConnectByNameW, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersExA, WSAEnumNameSpaceProvidersExW, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANSPIoctl, WSANtohl, WSANtohs, WSAPoll, WSAProviderCompleteAsyncCall, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendMsg, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnadvertiseProvider, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSApSetPostRoutine, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetApplicationCategory, WSCGetProviderInfo, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallNameSpaceEx, WSCInstallProvider, WSCInstallProviderAndChains, WSCSetApplicationCategory, WSCSetProviderInfo, WSCUnInstallNameSpace, WSCUpdateProvider, WSCWriteNameSpaceOrder, WSCWriteProviderOrder, WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahCloseSocketHandle, WahCloseThread, WahCompleteRequest, WahCreateHandleContextTable, WahCreateNotificationHandle, WahCreateSocketHandle, WahDestroyHandleContextTable, WahDisableNonIFSHandleSupport, WahEnableNonIFSHandleSupport, WahEnumerateHandleContexts, WahInsertHandleContext, WahNotifyAllProcesses, WahOpenApcHelper, WahOpenCurrentThread, WahOpenHandleHelper, WahOpenNotificationHandleHelper, WahQueueUserApc, WahReferenceContextByHandle, WahRemoveHandleContext, WahWaitForNotification, WahWriteLSPEvent, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, inet_ntop, inet_pton, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket 

RDS...: NSRL Reference Data Set -

pdfid.: -

trid..: Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%)

sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Windows Socket 2.0 32-Bit DLL original name: ws2_32.dll internal name: ws2_32.dll file version.: 6.0.6001.18000 (longhorn_rtm.080118-1840) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

Rapport du fichier fichier f23aa23.dll:

Fichier f23aa23.dll reçu le 2010.01.02 15:52:21 (UTC)
Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.46 2010.01.02 -

AhnLab-V3 5.0.0.2 2010.01.02 -

AntiVir 7.9.1.122 2009.12.31 -

Antiy-AVL 2.0.3.7 2009.12.31 -

Authentium 5.2.0.5 2010.01.02 -

Avast 4.8.1351.0 2010.01.02 -

AVG 8.5.0.430 2010.01.02 -

BitDefender 7.2 2010.01.02 -

CAT-QuickHeal 10.00 2010.01.02 -

ClamAV 0.94.1 2010.01.01 -

Comodo 3448 2010.01.02 -

DrWeb 5.0.1.12222 2010.01.02 -

eSafe 7.0.17.0 2009.12.31 -

eTrust-Vet 35.1.7210 2010.01.01 -

F-Prot 4.5.1.85 2010.01.02 -

F-Secure 9.0.15370.0 2010.01.02 -

Fortinet 4.0.14.0 2010.01.02 -

GData 19 2010.01.02 -

Ikarus T3.1.1.79.0 2009.12.31 -

Jiangmin 13.0.900 2010.01.02 -

K7AntiVirus 7.10.936 2010.01.02 -

Kaspersky 7.0.0.125 2010.01.02 -

McAfee 5849 2010.01.02 -

McAfee+Artemis 5849 2010.01.02 -

McAfee-GW-Edition 6.8.5 2010.01.01 -

Microsoft 1.5302 2010.01.02 -

NOD32 4737 2010.01.02 -

Norman 6.04.03 2009.12.31 -

nProtect 2009.1.8.0 2009.12.31 -

Panda 10.0.2.2 2010.01.02 -

PCTools 7.0.3.5 2010.01.02 -

Prevx 3.0 2010.01.02 -

Rising 22.28.03.04 2009.12.31 -

Sophos 4.49.0 2010.01.02 -

Sunbelt 3.2.1858.2 2010.01.01 -

TheHacker 6.5.0.3.125 2010.01.02 -

TrendMicro 9.120.0.1004 2010.01.02 -

VBA32 3.12.12.1 2010.01.01 -

ViRobot 2009.12.31.2118 2009.12.31 -

VirusBuster 5.0.21.0 2010.01.01 -

Information additionnelle

File size: 179200 bytes

MD5...: b304d47d5744ba20fcb99fb8b2c07b0b

SHA1..: 40ff7bde32ce0e5f5e0fb4283f8c65b66f72b13f

SHA256: 16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8

ssdeep: 3072:x3HvZMUw4WOy04HNF4gHTfGimd40QFW+eIpqPvbG8plrjk/Nj11:t2UTa04 7rGimd4057G8p1k/Nj1 

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1434 timedatestamp.....: 0x4791a798 (Sat Jan 19 07:32:40 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x23e0b 0x24000 6.53 fb1ec7d791831e78feb564120f1e026b .data 0x25000 0xe2c 0xe00 4.51 ace438accfaf763efa64fccc40f5d733 .rsrc 0x26000 0x4e50 0x5000 3.66 b11b749fc580f178f5322a87a0d20986 .reloc 0x2b000 0x1818 0x1a00 6.50 841c9be872a9a158368ff23898435452 ( 6 imports ) > msvcrt.dll: _vsnwprintf, _vsnprintf, wcsstr, strtoul, __isascii, strchr, wcschr, _wcsnicmp, memset, atoi, fgets, fopen, fclose, _stricmp, sprintf_s, strcpy_s, towupper, isspace, wcsncmp, _XcptFilter, malloc, free, _initterm, _amsg_exit, _adjust_fdiv, _except_handler4_common, _unlock, __dllonexit, _lock, _onexit, memcpy > ADVAPI32.dll: OpenProcessToken, IsValidSid, CopySid, GetTokenInformation, EventRegister, EventWrite, EventUnregister, GetSecurityDescriptorDacl, AllocateAndInitializeSid, FreeSid, GetLengthSid, GetAclInformation, GetAce, EqualSid, InitializeSecurityDescriptor, InitializeAcl, AddAccessDeniedAce, AddAccessAllowedAce, SetSecurityDescriptorDacl, RegGetKeySecurity, CreateServiceA, ChangeServiceConfigA, ImpersonateLoggedOnUser, RevertToSelf, OpenSCManagerA, OpenServiceA, CloseServiceHandle, StartServiceA, QueryServiceStatus, OpenThreadToken, CheckTokenMembership, TraceMessage, RegQueryValueExW, RegCreateKeyExA, RegCloseKey, RegOpenKeyExA, RegSetValueExW, RegSetValueExA, RegLoadMUIStringW, RegQueryValueExA, RegDeleteKeyA, RegEnumKeyExA, RegNotifyChangeKeyValue > KERNEL32.dll: LocalAlloc, HeapReAlloc, lstrcmpA, InitializeCriticalSectionAndSpinCount, IsWow64Process, GetCurrentProcess, CreateEventW, GetCurrentThread, GetCurrentThreadId, DuplicateHandle, QueueUserAPC, GlobalFree, GetModuleFileNameA, GlobalAlloc, ResumeThread, GetModuleHandleA, DeviceIoControl, GetCurrentProcessId, InterlockedExchangeAdd, PulseEvent, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, DelayLoadFailureHook, GetTickCount, SetLastError, TlsGetValue, InterlockedDecrement, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, SetEvent, EnterCriticalSection, InterlockedIncrement, FreeLibraryAndExitThread, CloseHandle, WaitForSingleObject, FreeLibrary, CreateThread, GetModuleHandleExA, CreateEventA, GetProcAddress, LoadLibraryA, LoadLibraryExW, ExpandEnvironmentStringsW, lstrlenW, HeapDestroy, TlsFree, GetProcessHeap, HeapCreate, GetSystemInfo, TlsAlloc, SwitchToThread, LocalFree, GetCommandLineW, GetModuleFileNameW, InterlockedExchange, LoadLibraryW, GetHandleInformation, TlsSetValue, ResetEvent, WaitForMultipleObjectsEx, GetWindowsDirectoryA, GetSystemDirectoryA, ExpandEnvironmentStringsA, GetVersionExA, GetComputerNameA, GetEnvironmentVariableA, HeapFree, HeapAlloc, InterlockedCompareExchange, lstrlenA, Sleep > ntdll.dll: RtlGetNtProductType, NtOpenFile, NtQueryDirectoryFile, NtCreateNamedPipeFile, NtFsControlFile, NtWaitForSingleObject, NtCreateFile, RtlNtStatusToDosError, RtlImpersonateSelf, RtlAdjustPrivilege, NtLoadDriver, NtDeviceIoControlFile, NtClose, NtDelayExecution, RtlCompareMemory, RtlIpv6StringToAddressExW, RtlIpv6AddressToStringExW, RtlIpv4AddressToStringExW, RtlIpv6AddressToStringExA, RtlIpv4AddressToStringExA, RtlIpv6StringToAddressW, RtlIpv4StringToAddressW, RtlIpv6StringToAddressA, RtlIpv4StringToAddressA, RtlInitUnicodeString > RPCRT4.dll: RpcEpRegisterW, RpcServerInqBindings, RpcServerUseProtseqW, RpcServerUnregisterIfEx, RpcServerUnregisterIf, RpcServerRegisterIfEx, RpcServerListen, RpcRevertToSelf, RpcImpersonateClient, RpcBindingInqAuthClientW, I_RpcBindingInqTransportType, NdrAsyncServerCall, NdrServerCall2, UuidCreate, RpcBindingVectorFree, RpcBindingInqObject, RpcAsyncCompleteCall, RpcEpUnregister > NSI.dll: NsiSetAllParameters, NsiGetParameter, NsiGetAllParameters ( 167 exports ) FreeAddrInfoEx, FreeAddrInfoExW, FreeAddrInfoW, GetAddrInfoExA, GetAddrInfoExW, GetAddrInfoW, GetNameInfoW, InetNtopW, InetPtonW, SetAddrInfoExA, SetAddrInfoExW, WEP, WPUCompleteOverlappedRequest, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAdvertiseProvider, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSAConnectByList, WSAConnectByNameA, WSAConnectByNameW, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersExA, WSAEnumNameSpaceProvidersExW, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANSPIoctl, WSANtohl, WSANtohs, WSAPoll, WSAProviderCompleteAsyncCall, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendMsg, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnadvertiseProvider, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSApSetPostRoutine, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetApplicationCategory, WSCGetProviderInfo, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallNameSpaceEx, WSCInstallProvider, WSCInstallProviderAndChains, WSCSetApplicationCategory, WSCSetProviderInfo, WSCUnInstallNameSpace, WSCUpdateProvider, WSCWriteNameSpaceOrder, WSCWriteProviderOrder, WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahCloseSocketHandle, WahCloseThread, WahCompleteRequest, WahCreateHandleContextTable, WahCreateNotificationHandle, WahCreateSocketHandle, WahDestroyHandleContextTable, WahDisableNonIFSHandleSupport, WahEnableNonIFSHandleSupport, WahEnumerateHandleContexts, WahInsertHandleContext, WahNotifyAllProcesses, WahOpenApcHelper, WahOpenCurrentThread, WahOpenHandleHelper, WahOpenNotificationHandleHelper, WahQueueUserApc, WahReferenceContextByHandle, WahRemoveHandleContext, WahWaitForNotification, WahWriteLSPEvent, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, inet_ntop, inet_pton, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket 

RDS...: NSRL Reference Data Set -

pdfid.: -

trid..: Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%)

sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Windows Socket 2.0 32-Bit DLL original name: ws2_32.dll internal name: ws2_32.dll file version.: 6.0.6001.18000 (longhorn_rtm.080118-1840) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

Modifié le 2 janvier 2010 par Moondarim

pear · le 2 janvier 2010

C'est bon pour les 2 fichiers.

Voyons la suite.

Moondarim · le 2 janvier 2010

Voici le rapport UsbFix:

############################## | UsbFix V6.069 |

User : Choucri (Administrateurs) # ORION

Update on 01/01/2010 by El Desaparecido , C_XX & Chimay8

Start at: 17:10:36 | 02/01/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

Intel® Core2 Quad CPU Q6600 @ 2.40GHz

Microsoft® Windows Vista™ Édition Intégrale (6.0.6002 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18865

Windows Firewall Status : Disabled

AV : ESET Smart Security 3.0 3.0 [ (!) Disabled | Updated ]

FW : ESET Personal firewall[ Enabled ]3.0.684.0

A:\ -> Lecteur de disquettes 3 ½ pouces

C:\ -> Disque fixe local # 139,73 Go (31,4 Go free) # NTFS

D:\ -> Disque CD-ROM

E:\ -> Disque fixe local # 465,76 Go (46,73 Go free) [Data] # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe 436

C:\Windows\system32\csrss.exe 504

C:\Windows\system32\wininit.exe 564

C:\Windows\system32\csrss.exe 572

C:\Windows\system32\services.exe 612

C:\Windows\system32\lsass.exe 624

C:\Windows\system32\lsm.exe 632

C:\Windows\system32\svchost.exe 780

C:\Windows\system32\winlogon.exe 844

C:\Windows\system32\nvvsvc.exe 856

C:\Windows\system32\svchost.exe 900

C:\Windows\System32\svchost.exe 1040

C:\Windows\System32\svchost.exe 1096

C:\Windows\system32\svchost.exe 1148

C:\Windows\system32\svchost.exe 1248

C:\Windows\system32\SLsvc.exe 1304

C:\Windows\system32\nvvsvc.exe 1368

C:\Windows\system32\svchost.exe 1384

C:\Windows\system32\svchost.exe 1500

C:\Windows\System32\spoolsv.exe 1780

C:\Windows\system32\svchost.exe 1804

C:\Windows\system32\AEADISRV.EXE 212

C:\Windows\system32\svchost.exe 324

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 336

C:\Program Files\Bonjour\mDNSResponder.exe 308

C:\Program Files\ESET\ESET Smart Security\ekrn.exe 12

E:\Program Files\CDBurnerXP\NMSAccessU.exe 628

C:\Windows\system32\svchost.exe 1140

C:\Windows\system32\svchost.exe 1460

C:\Windows\system32\svchost.exe 1672

C:\Windows\system32\taskeng.exe 744

C:\Windows\System32\svchost.exe 1888

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 2148

C:\Windows\system32\taskeng.exe 2684

C:\Windows\system32\Dwm.exe 2732

C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe 2808

C:\Windows\Explorer.EXE 2816

E:\Program Files\Winamp\winampa.exe 3116

C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe 3124

C:\Program Files\Analog Devices\Core\smax4pnp.exe 3136

C:\Program Files\ESET\ESET Smart Security\egui.exe 3144

C:\Program Files\Logitech\SetPoint\SetPoint.exe 3160

C:\Windows\system32\wbem\unsecapp.exe 3384

C:\Windows\system32\wbem\wmiprvse.exe 3428

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE 3656

C:\Program Files\Windows Mail\WinMail.exe 3900

C:\Windows\system32\conime.exe 2120

C:\Program Files\Mozilla Firefox\firefox.exe 2660

c:\windows\system32\inetsrv\w3wp.exe 3708

C:\Windows\system32\wbem\wmiprvse.exe 3500

################## | Elements infectieux |

C:\Windows\IFinst27.exe

################## | Registre |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{6b9a04a4-8e68-11de-9c32-001fc662d6f6}

shell\AutoRun\command =F:\Setup.exe

################## | Cracks > Keygens > Serials |

################## | ! Fin du rapport # UsbFix V6.069 ! |

Connexion

Pas encore inscrit ?

Fenêtre CID voir plus...

Messages recommandés

Moondarim

pear

Moondarim

pear

Moondarim

Moondarim

pear

Moondarim

pear

Moondarim

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer