Se connecter / S'enregistrer
Votre question

Un bon gros virus...

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Août 2008 23:33:04

Bonjour,

c'était trop beau pour durer longtemps, depuis 1 ans quasiment, je n'avais pas eu de virus (disons, "très infectant") mais malgré tout, mon antivirus (Avast!), Spybot Search & Destroy, Ccleaner et Ad-Aware, je possède depuis un peu plus d'un mois un virus (ou vers, trojan, comme vous voulez) qui me fait planter mon PC, avec ce magnifique écran bleu doté de termes aussi incompréhensible soit-il, et qui me pousse donc à appuyer sur le bouton de démarrage de ma tour.

Lors du redémarrage, j'ai sans cesse le message (Windows a trouver une erreur sérieuse et a du fermer), et vas-y que j'envoie un rapport d'erreur...

Rien de bien concluant, si ce n'est que c'est censé être lié à des pilotes ou à mon antivirus parait-il, j'en sais trop rien, ça varie tout les 36 du mois...

Ce pour ça que je demande pour ce cas précis, (et, je m'y connais un peu) mais avant d'me lancer, j'aimerai avoir l'aide pour suivre étape par étape ma démarche

MERCI ^^



Autres pages sur : bon gros virus

26 Août 2008 12:54:20

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    26 Août 2008 13:39:56

    Bonjour, et merci pour l'aide que tu va m'apporter ^^

    Voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:39:14, on 26/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Logiciels Création, Utilitaires & Emulateurs\BitComet\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Logiciels Création, Utilitaires & Emulateurs\BitComet\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Logiciels Création, Utilitaires & Emulateurs\BitComet\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Logiciels Création, Utilitaires & Emulateurs\BitComet\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 10246 bytes
    Contenus similaires
    26 Août 2008 14:43:07

    Il n'y a rien de visible via ce log.

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    -------------

    Télécharge Gmer.

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe.
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    26 Août 2008 18:25:09

    Re,
    Avast > Désinstaller
    Ccleaner> effectuer

    voici le rapport : merci encore pour ton aide ^^

    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-08-26 18:20:55
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.14 ----

    SSDT sppp.sys ZwCreateKey [0xF72870E0]
    SSDT EDB7C054 ZwCreateThread
    SSDT sppp.sys ZwEnumerateKey [0xF72A5CA2]
    SSDT sppp.sys ZwEnumerateValueKey [0xF72A6030]
    SSDT sppp.sys ZwOpenKey [0xF72870C0]
    SSDT EDB7C040 ZwOpenProcess
    SSDT EDB7C045 ZwOpenThread
    SSDT sppp.sys ZwQueryKey [0xF72A6108]
    SSDT sppp.sys ZwQueryValueKey [0xF72A5F88]
    SSDT sppp.sys ZwSetValueKey [0xF72A619A]
    SSDT EDB7C04F ZwTerminateProcess
    SSDT EDB7C04A ZwWriteVirtualMemory

    INT 0x62 ? 86571BF8
    INT 0x63 ? 863CBF00
    INT 0x73 ? 86571BF8
    INT 0x82 ? 86571BF8
    INT 0x83 ? 86571BF8
    INT 0xB4 ? 863CBF00

    ---- Kernel code sections - GMER 1.0.14 ----

    ? sppp.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload F5C6D8AC 5 Bytes JMP 863CB4E0
    .text a7mrfvtj.SYS F50F1384 1 Byte [ 20 ]
    .text a7mrfvtj.SYS F50F1386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
    .text a7mrfvtj.SYS F50F13AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
    .text a7mrfvtj.SYS F50F13C4 3 Bytes [ 00, 00, 00 ]
    .text a7mrfvtj.SYS F50F13C9 1 Byte [ 00 ]
    .text ...

    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\system32\lsass.exe[904] ole32.dll!CoGetPSClsid + 11C2 774DA9B2 1 Byte [ 1C ]
    .text C:\WINDOWS\system32\svchost.exe[1200] ole32.dll!CoGetPSClsid + 11C2 774DA9B2 1 Byte [ 1C ]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001B90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001DF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] ADVAPI32.dll!CryptDecrypt 77DBA109 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28004010 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 280057C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28005A20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 28006020 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 280037A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005900 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 28006210 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28005C10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 280048F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2800A300 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WS2_32.dll!send 719F4C27 5 Bytes JMP 28009EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 28009CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WS2_32.dll!recv 719F676F 5 Bytes JMP 28009B20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2800A0C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] SHELL32.dll!Shell_NotifyIconW 7CA3A52F 5 Bytes JMP 28002F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] ole32.dll!CoInitializeEx 774BEF7B 5 Bytes JMP 28002100 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] ole32.dll!CoRegisterClassObject 774D7E90 5 Bytes JMP 28002200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WININET.dll!InternetCloseHandle 4408DA59 5 Bytes JMP 28008CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WININET.dll!HttpOpenRequestA 44094341 5 Bytes JMP 280089A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WININET.dll!InternetReadFile 4409ABB4 5 Bytes JMP 28008B30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1740] WININET.dll!HttpSendRequestA 4409CD40 5 Bytes JMP 28008C10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\WINDOWS\Explorer.EXE[1764] ole32.dll!CoGetPSClsid + 11C2 774DA9B2 1 Byte [ 1C ]

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7288040] sppp.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728813C] sppp.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72880BE] sppp.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72887FC] sppp.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72886D2] sppp.sys
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!KfRaiseIrql] 000000AF
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!KfLowerIrql] 0000009C
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!HalGetInterruptVector] 000000A4
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!HalTranslateBusAddress] 00000072
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!READ_PORT_USHORT] 00000093
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
    IAT \SystemRoot\System32\Drivers\a7mrfvtj.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 865701F8
    Device \FileSystem\Fastfat \FatCdrom 85F33500
    Device \Driver\usbohci \Device\USBPDO-0 863CC500
    Device \Driver\usbohci \Device\USBPDO-1 863CC500
    Device \Driver\usbehci \Device\USBPDO-2 863CD500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{4F56EDA6-0166-456E-AE37-351080DC447B} 854AB1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 865721F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 865721F8
    Device \Driver\Cdrom \Device\CdRom0 863911F8
    Device \Driver\Cdrom \Device\CdRom1 863911F8
    Device \Driver\Cdrom \Device\CdRom2 863911F8
    Device \Driver\nvatabus \Device\00000077 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\NetBT \Device\NetBt_Wins_Export 854AB1F8
    Device \Driver\nvatabus \Device\00000078 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\sptd \Device\1853369262 sppp.sys
    Device \Driver\nvatabus \Device\00000079 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\NetBT \Device\NetbiosSmb 854AB1F8
    Device \Driver\PCI_PNP4262 \Device\0000005b sppp.sys
    Device \Driver\usbohci \Device\USBFDO-0 863CC500
    Device \Driver\nvatabus \Device\0000007a sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\nvatabus \Device\NvAta0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\usbohci \Device\USBFDO-1 863CC500
    Device \Driver\nvatabus \Device\NvAta1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\usbehci \Device\USBFDO-2 863CD500
    Device \Driver\nvatabus \Device\NvAta2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\Ftdisk \Device\FtControl 865721F8
    Device \Driver\a7mrfvtj \Device\Scsi\a7mrfvtj1 8634D1F8
    Device \Driver\a7mrfvtj \Device\Scsi\a7mrfvtj1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\a7mrfvtj \Device\Scsi\a7mrfvtj1Port3Path0Target0Lun0 8634D1F8
    Device \Driver\a7mrfvtj \Device\Scsi\a7mrfvtj1Port3Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \FileSystem\Fastfat \Fat 85F33500

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 861CA1F8

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x7F 0x8A 0xEF ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0xFE 0x05 0xA3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0xB3 0x34 0x88 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3F 0x46 0x29 0xBB ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0xFE 0x05 0xA3 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0x09 0x8C 0x57 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x7F 0x8A 0xEF ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0xFE 0x05 0xA3 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0xB3 0x34 0x88 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31821791-8326-DC0D-D746-2F20C815F6EF}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31821791-8326-DC0D-D746-2F20C815F6EF}@oaepdbhgjjmpcmhlpccgkdcphfhlcc 0x64 0x61 0x6A 0x66 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31821791-8326-DC0D-D746-2F20C815F6EF}@oaaaeogafffehjpfdkflfcamciafll 0x6A 0x61 0x6A 0x66 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31821791-8326-DC0D-D746-2F20C815F6EF}@naopnbmedakaainkijpakjophcmc 0x6A 0x61 0x6A 0x66 ...

    ---- EOF - GMER 1.0.14 ----
    26 Août 2008 19:36:19

    Apparemment rien d'anormal..
    Tu as tenté une réparation Windows voir si ça résolvait ton problème ?
    26 Août 2008 19:44:12

    Une réparation Windows ?... que veux tu dire par là?...
    26 Août 2008 19:46:05

    Avec le CD de Windows.
    Tu l'insères et tu fais réparer.

    Il y a plein de tutos disponibles sur le net ;) 
    26 Août 2008 19:50:07

    Aaah avec le CD d'installation d'origine XP ?
    26 Août 2008 21:42:53

    Ouaip ;) 
    26 Août 2008 21:57:28

    Je viens de faire la manipulation complète avec la réparation, mais rien n'y a changer, pourtant j'y ai cru, je me mets à jouer tranquillement à Fable, et boum, magnifique écran bleu, dans le même style et comme informations: win32ks.sys (comme étant le fichier en partie responsable de mon bon gros problème...) XD
    26 Août 2008 22:01:36

    Hello,

    Je n'ai rien trouvé sur ce driver.

    As-tu sa localisation ?
    Sinon on va le chercher pour analyse.
    26 Août 2008 23:03:48

    ben en fait, s'il revient, je noterai exactement, parce qu'en faite, c'est systématiquement le même qui revient 1/3 donc...(car ça ne laisse pas de trace)

    J'te dis ça la prochaine fois que ça arrive (1 à 2 jours donc, repasse de temps en temps ^^)

    See you soon, et merci encore :) 
    27 Août 2008 00:01:08

    On peut faire une recherche :p 

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Coche Afficher les fichiers et dossiers cachés
    - Décoche Masquer les extensions des fichiers dont le type est connu
    - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    cd\
    dir /S /A *win32ks.sys* >> search.log
    search.log & del search.log
    exit

    Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
    Enregistre le sur ton Bureau sous le nom de Correction.bat
    Double-clique dessus. Poste le rapport généré (si présent).
    27 Août 2008 01:02:08

    fichier introuvable

    Le volume dans le lecteur C s'appelle XP
    Le num‚ro de s‚rie du volume est 5CFC-3ADC

    !!! XD !!!
    27 Août 2008 12:43:43

    Re,

    Télécharge OTViewIt et sauvegarde-le sur ton bureau.
  • Ferme toutes les fenêtres et double-clique sur l'icône d'OTviewIT pour l'ouvrir.
  • Clique sur le bouton Run Scan et laisse le programme travailler sans l'interrompre.
  • Il va produire deux rapports, l'un nommé OTViewIt.txt, et un autre nommé Extras qui sera sauvegardé sur ton bureau. Merci de me poster les deux rapports dans ta prochaine réponse.
  • Un rapport par message ! Merci.
    28 Août 2008 22:47:15

    Re,

    voici le rapport OTViewlt.Txt

    OTViewIt logfile created on: 28/08/2008 22:46:03 - Run 2
    OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\jean\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1023,48 Mb Total Physical Memory | 627,95 Mb Available Physical Memory | 61,35% Memory free
    2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,83% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38,34 Gb Total Space | 5,20 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
    Drive D: | 74,52 Gb Total Space | 34,08 Gb Free Space | 45,73% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: XXX-ED3642B9CA3
    Current User Name: jean
    Logged in as Administrator.
    Current Boot Mode: Normal
    Scan Mode: Current user
    Whitelist: On

    ===== Processes - Non-Microsoft Only =====

    [05/21/2004 08:11 PM | 00,221,184 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\LVCOMSX.EXE
    [02/18/2008 11:16 AM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    [10/16/2002 09:56 PM | 00,176,128 | ---- | M] (Executive Software International, Inc.) - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    [11/29/2007 12:42 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
    [09/01/2006 12:13 PM | 00,487,424 | ---- | M] () - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    [07/03/2008 04:56 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe

    ===== Win32 Services - Non-Microsoft Only =====

    (Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
    [11/21/2007 10:29 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

    (Apple Mobile Device) Apple Mobile Device [Auto | Running]
    [02/18/2008 11:16 AM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    (aswUpdSv) avast! iAVS4 Control Service [Auto | Stopped]
    File not found - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    (avast! Antivirus) avast! Antivirus [Auto | Stopped]
    [07/19/2008 04:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    (avast! Mail Scanner) avast! Mail Scanner [On_Demand | Stopped]
    File not found - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    (avast! Web Scanner) avast! Web Scanner [On_Demand | Stopped]
    File not found - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    (Diskeeper) Diskeeper [Auto | Running]
    [10/16/2002 09:56 PM | 00,176,128 | ---- | M] (Executive Software International, Inc.) - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

    (maconfservice) Ma-Config Service [On_Demand | Stopped]
    [07/25/2008 08:57 PM | 00,191,656 | ---- | M] (CybelSoft) - C:\Program Files\ma-config.com\maconfservice.exe

    (PnkBstrA) PnkBstrA [Auto | Running]
    [11/29/2007 12:42 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe

    ===== Driver Services - Non-Microsoft Only =====

    (AmdK8) Pilote de processeur AMD [System | Running]
    [07/01/2006 10:42 PM | 00,043,520 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

    (AmdPPM) Pilote de processeur AMD HwPState [System | Stopped]
    File not found - C:\WINDOWS\System32\DRIVERS\AmdPPM.sys

    (Aspi32) Aspi32 [Auto | Running]
    [09/10/1999 02:06 PM | 00,025,244 | ---- | M] (Adaptec) - C:\WINDOWS\System32\drivers\aspi32.sys

    (aswFsBlk) aswFsBlk [Auto | Stopped]
    File not found - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys

    (atksgt) atksgt [Auto | Running]
    [11/24/2007 01:32 PM | 00,271,360 | ---- | M] () - C:\WINDOWS\system32\drivers\atksgt.sys

    (BRGSp50) BRGSp50 NDIS Protocol Driver [On_Demand | Stopped]
    [06/08/2005 07:44 PM | 00,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) - C:\WINDOWS\system32\drivers\BRGSp50.sys

    (driverhardwarev2) driverhardwarev2 [On_Demand | Stopped]
    [07/25/2008 09:14 PM | 00,015,352 | ---- | M] (Ma-Config.com) - C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys

    (EagleNT) EagleNT [On_Demand | Stopped]
    File not found - C:\WINDOWS\system32\drivers\EagleNT.sys

    (enodpl) enodpl [Auto | Running]
    [03/02/2003 05:44 PM | 00,007,552 | ---- | M] () - C:\WINDOWS\system32\drivers\enodpl.sys

    (gmer) gmer [On_Demand | Stopped]
    [08/26/2008 06:12 PM | 00,085,969 | ---- | M] (GMER) - C:\WINDOWS\system32\drivers\gmer.sys

    (jswmidin) jswmidin [On_Demand | Stopped]
    File not found - C:\DOCUME~1\jean\LOCALS~1\Temp\jswmidin.sys

    (lirsgt) lirsgt [Auto | Running]
    [11/24/2007 01:32 PM | 00,018,048 | ---- | M] () - C:\WINDOWS\system32\drivers\lirsgt.sys

    (LVUSBSta) Logitech USB Monitor Filter [On_Demand | Stopped]
    [05/27/2004 05:47 PM | 00,019,968 | ---- | M] () - C:\WINDOWS\system32\drivers\LVUSBSta.sys

    (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1) [On_Demand | Stopped]
    [05/21/2004 09:16 PM | 00,245,760 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\CamDrL20.sys

    (sfdrv01) StarForce Protection Environment Driver (version 1.x) [Boot | Running]
    [08/10/2005 02:44 PM | 00,050,688 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfdrv01.sys

    (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) [Boot | Running]
    [07/05/2006 02:46 PM | 00,063,352 | ---- | M] (Protection Technology (StarForce)) - C:\WINDOWS\system32\drivers\sfdrv01a.sys

    (sfhlp02) StarForce Protection Helper Driver (version 2.x) [Boot | Running]
    [06/14/2006 04:56 PM | 00,013,680 | ---- | M] (Protection Technology (StarForce)) - C:\WINDOWS\system32\drivers\sfhlp02.sys

    (sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Boot | Running]
    [07/10/2006 06:19 PM | 00,027,032 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfsync02.sys

    (sfsync03) StarForce Protection Synchronization Driver (version 3.x) [Boot | Running]
    [10/13/2005 03:46 PM | 00,035,328 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfsync03.sys

    (sfsync04) StarForce Protection Synchronization Driver (version 4.x) [Boot | Running]
    [12/12/2005 09:12 PM | 00,049,664 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfsync04.sys

    (sfvfs02) StarForce Protection VFS Driver (version 2.x) [Boot | Running]
    [01/12/2007 08:09 PM | 00,082,296 | ---- | M] (Protection Technology (StarForce)) - C:\WINDOWS\system32\drivers\sfvfs02.sys

    (sptd) sptd [Boot | Running]
    [05/21/2008 05:24 PM | 00,717,296 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

    (SQTECH905C) DualCamera [On_Demand | Stopped]
    [07/13/2005 12:08 PM | 00,033,890 | ---- | M] (Service & Quality Technology.) - C:\WINDOWS\system32\drivers\Capt905c.sys

    (SVKP) SVKP [Auto | Running]
    [05/04/2008 07:25 PM | 00,002,368 | ---- | M] (AntiCracking) - C:\WINDOWS\system32\SVKP.sys

    (tandpl) tandpl [Auto | Running]
    [04/19/2003 12:32 AM | 00,004,736 | ---- | M] () - C:\WINDOWS\system32\drivers\tandpl.sys

    (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) [On_Demand | Running]
    [08/24/2006 02:44 PM | 00,477,696 | ---- | M] (ZyDAS Technology Corporation) - C:\WINDOWS\system32\drivers\ZD1211BU.sys

    (ZDPSp50) ZDPSp50 NDIS Protocol Driver [On_Demand | Running]
    [10/25/2004 02:40 PM | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) - C:\WINDOWS\system32\drivers\ZDPSp50.sys

    ===== Run Keys =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
    "avgnt" = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min [06/12/2008 02:28 PM | 00,266,497 | ---- | M] (Avira GmbH)
    "LVCOMSX" = C:\WINDOWS\system32\LVCOMSX.EXE [05/21/2004 08:11 PM | 00,221,184 | ---- | M] (Logitech Inc.)
    "NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [05/16/2008 02:01 PM | 13,529,088 | ---- | M] (NVIDIA Corporation)
    "NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [05/16/2008 02:01 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
    "NVMixerTray" = "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [06/03/2004 09:51 PM | 00,131,072 | ---- | M] (NVIDIA Corporation)
    "nwiz" = nwiz.exe /install [05/16/2008 02:01 PM | 01,630,208 | ---- | M] ()
    "SoundMan" = SOUNDMAN.EXE [04/16/2007 03:28 PM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "load" = Reg Error: Value load does not exist or could not be read.
    "run" = Reg Error: Value run does not exist or could not be read.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "load" =
    "run" = Reg Error: Value run does not exist or could not be read.

    ===== Startup Folders =====

    [All Users Startup Folder - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
    [11/15/2003 04:48 PM | 00,110,592 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    [09/01/2006 12:13 PM | 00,487,424 | ---- | M] () - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

    [jean Startup Folder - C:\Documents and Settings\jean\Menu Démarrer\Programmes\Démarrage]
    [11/15/2003 04:48 PM | 00,110,592 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\jean\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    ===== BHO's =====

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    HKLM CLSID: (FGCatchUrl) - [08/06/2007 11:11 AM | 00,094,308 | ---- | M] (www.flashget.com) C:\Program Files\FlashGet\jccatch.dll

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    HKLM CLSID: (Spybot-S&D IE Protection) - [07/30/2008 02:45 PM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    HKLM CLSID: (SSVHelper Class) - [09/25/2007 02:11 AM | 00,501,136 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    HKLM CLSID: (FlashGet GetFlash Class) - [05/18/2007 06:13 PM | 00,163,840 | ---- | M] (www.flashget.com) C:\Program Files\FlashGet\getflash.dll

    ===== Toolbars =====

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

    "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"
    HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

    ===== Policies =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "dontdisplaylastusername" = 0
    "legalnoticecaption" =
    "legalnoticetext" =
    "shutdownwithoutlogon" = 1
    "undockwithoutlogon" = 1

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun" = 145
    "NoChangeStartMenu" = 0
    "NoClose" = 0
    "NoLogOff" = 0

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

    ===== Desktop Components =====

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "FriendlyName" = "Ma page d'accueil"
    "Source" = "About:Home"
    "SubscribedURL" = "About:Home"

    ===== Shared Task Scheduler =====

    ===== AppInit_Dlls =====

    ===== Lsa Authentication Packages =====

    ===== Lsa Security Packages =====

    ===== Authorized Applications List =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:34 PM | 00,142,848 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [12/17/2007 06:44 PM | 00,067,128 | ---- | M] (Logitech Inc.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:34 PM | 00,142,848 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe [09/25/2007 10:10 AM | 02,007,088 | ---- | M] (FlashGet.com)
    "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe File not found
    "C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe [08/13/2008 12:08 AM | 03,065,168 | ---- | M] (Xfire Inc.)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe [11/18/2007 11:05 PM | 00,214,560 | ---- | M] (RealNetworks, Inc.)
    "D:\JEUX\TRACKMANIA\TrackMania Original\TmOriginal.exe" = D:\JEUX\TRACKMANIA\TrackMania Original\TmOriginal.exe File not found
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe File not found
    "C:\Rollcage\rollcage_fr__Slasher404\rollcage\direct3d\rollcage.exe" = C:\Rollcage\rollcage_fr__Slasher404\rollcage\direct3d\rollcage.exe [02/12/1999 08:56 AM | 00,757,760 | ---- | M] (Attention To Detail)
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [12/17/2007 06:44 PM | 00,067,128 | ---- | M] (Logitech Inc.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
    "C:\Spn2008\edt.exe" = C:\Spn2008\edt.exe File not found
    "D:\JEUX\CoDMP.exe" = D:\JEUX\CoDMP.exe File not found
    "D:\JEUX\CALL OF DUTY\CoDMP.exe" = D:\JEUX\CALL OF DUTY\CoDMP.exe [11/19/2004 07:43 AM | 01,830,912 | ---- | M] ()
    "C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe" = C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe [04/21/2006 04:49 AM | 10,147,096 | ---- | M] (Big Huge Games, Inc.)
    "C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe" = C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe [12/16/2005 11:43 AM | 09,744,384 | ---- | M] (Empire Interactive Europe Limited)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
    "D:\JEUX\TRACKMANIA NATIONS\TrackMania Nations ESWC\TmNationsESWC.exe" = D:\JEUX\TRACKMANIA NATIONS\TrackMania Nations ESWC\TmNationsESWC.exe File not found
    "D:\JEUX\TRACKMANIA NATIONS\TmNationsForever\TmForever.exe" = D:\JEUX\TRACKMANIA NATIONS\TmNationsForever\TmForever.exe [04/14/2008 01:03 AM | 11,976,704 | ---- | M] ()
    "D:\JEUX\RISE OF NATIONS\RISE.EXE" = D:\JEUX\RISE OF NATIONS\RISE.EXE File not found
    "D:\Logiciels Création, Utilitaires & Emulateurs\VSDownloader\vXdownloader.exe" = D:\Logiciels Création, Utilitaires & Emulateurs\VSDownloader\vXdownloader.exe [06/08/2008 06:59 PM | 01,986,560 | ---- | M] ()
    "D:\JEUX\GHOST RECON ADVANCED WARFIGHTER\GRAW.exe" = D:\JEUX\GHOST RECON ADVANCED WARFIGHTER\GRAW.exe File not found
    "D:\JEUX\XIII\system\XIII.exe" = D:\JEUX\XIII\system\XIII.exe [02/17/2004 04:17 PM | 00,126,976 | ---- | M] ()
    "C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe [07/25/2008 08:57 PM | 00,191,656 | ---- | M] (CybelSoft)
    "C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe File not found
    "D:\JEUX\METIN 2\metin2.bin" = D:\JEUX\METIN 2\metin2.bin File not found

    ===== HKLM Winlogon Settings =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
    "Explorer.exe" - [04/13/2008 07:34 PM | 01,037,824 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
    "C:\WINDOWS\system32\userinit.exe" - [04/13/2008 07:34 PM | 00,026,624 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
    "logonui.exe" - [04/13/2008 07:34 PM | 00,515,584 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
    "rundll32 shell32" - [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    "Control_RunDLL "sysdm.cpl"" - [04/13/2008 07:34 PM | 00,307,200 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

    ===== User's Winlogon Settings =====

    ===== Winlogon Notify Settings =====

    ===== Safeboot Options =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
    "AlternateShell" = cmd.exe

    ===== Disabled MsConfig Items =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    "path" = C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk File not found
    "backup" = C:\WINDOWS\pss\Logitech Desktop Messenger.lnk File not found
    "location" = Common Startup
    "command" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [12/17/2007 06:44 PM | 00,067,128 | ---- | M] (Logitech Inc.)
    "item" = Logitech Desktop Messenger

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path" = C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk File not found
    "backup" = C:\WINDOWS\pss\Microsoft Office.lnk File not found
    "location" = Common Startup
    "command" = C:\Program Files\Microsoft Office\Office10\OSA.EXE [02/13/2001 10:01 AM | 00,083,360 | ---- | M] (Microsoft Corporation)
    "item" = Microsoft Office

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^jean^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    "path" = C:\Documents and Settings\jean\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk File not found
    "backup" = C:\WINDOWS\pss\OpenOffice.org File not found
    "location" = Startup
    "command" = C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE File not found
    "item" = OpenOffice.org 2.3

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = Reader_sl
    "hkey" = HKLM
    "command" = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = daemon
    "hkey" = HKCU
    "command" = C:\Program Files\DAEMON Tools\daemon.exe File not found
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = BackWeb-8876480
    "hkey" = HKCU
    "command" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe File not found
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechSoftwareUpdate]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = ManifestEngine
    "hkey" = HKCU
    "command" = C:\Program Files\Logitech\Video\ManifestEngine.exe [06/01/2004 12:46 PM | 00,196,608 | ---- | M] (Logitech Inc.)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoRepair]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = ISStart
    "hkey" = HKLM
    "command" = C:\Program Files\Logitech\Video\ISStart.exe [06/01/2004 12:09 PM | 00,458,752 | ---- | M] (Logitech Inc.)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = LogiTray
    "hkey" = HKLM
    "command" = C:\Program Files\Logitech\Video\LogiTray.exe [06/01/2004 12:03 PM | 00,217,088 | ---- | M] (Logitech Inc.)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = msmsgs
    "hkey" = HKCU
    "command" = C:\Program Files\Messenger\msmsgs.exe [04/13/2008 07:34 PM | 01,695,232 | ---- | M] (Microsoft Corporation)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = msnmsgr
    "hkey" = HKCU
    "command" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBJ]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = NBJ
    "hkey" = HKCU
    "command" = C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [09/16/2005 05:41 PM | 01,961,984 | ---- | M] (Ahead Software AG)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = NBKeyScan
    "hkey" = HKLM
    "command" = C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe [09/16/2005 05:41 PM | 01,757,184 | ---- | M] (Ahead Software AG)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = C:\WINDOWS\system32\NeroCheck.exe [07/09/2001 12:50 PM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
    "hkey" = HKLM
    "command" = C:\WINDOWS\system32\NeroCheck.exe [07/09/2001 12:50 PM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NWEReboot]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" =
    "hkey" = HKLM
    "command" =
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = C:\WINDOWS\system32\qttask.exe [02/19/2008 11:23 PM | 00,098,304 | ---- | M] (Apple Computer, Inc.)
    "hkey" = HKLM
    "command" = C:\WINDOWS\system32\qttask.exe [02/19/2008 11:23 PM | 00,098,304 | ---- | M] (Apple Computer, Inc.)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartDefrag]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = IObit SmartDefrag
    "hkey" = HKLM
    "command" = C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [08/04/2008 06:26 PM | 02,231,624 | ---- | M] (IObit)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = TeaTimer
    "hkey" = HKCU
    "command" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = jusched
    "hkey" = HKLM
    "command" = C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [09/25/2007 02:11 AM | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = realsched
    "hkey" = HKLM
    "command" = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [11/18/2007 11:05 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
    "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "item" = winampa
    "hkey" = HKLM
    "command" = C:\Program Files\Winamp\winampa.exe [08/04/2008 01:02 AM | 00,036,352 | ---- | M] ()
    "inimapping" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
    "system.ini" = 0
    "win.ini" = 0
    "bootini" = 0
    "services" = 0
    "startup" = 2

    ===== DNS Name Servers =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4F56EDA6-0166-456E-AE37-351080DC447B}]
    Servers: | Description:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{53C17116-6923-43D9-B4CC-1559EDDBB11C}]
    Servers: | Description:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AD95887B-F2A0-434E-B1BB-737F1D5CF1B5}]
    Servers: | Description: (ZD1211B)IEEE 802.11 b+g USB Adapter

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B7228B2C-6D40-4BF6-A4EF-5F901C165937}]
    Servers: | Description: (ZD1211B)IEEE 802.11 b+g USB Adapter

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{BAD80900-80C7-4E7B-AEC8-B31541704AE4}]
    Servers: | Description: (ZD1211B)IEEE 802.11 b+g USB Adapter

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DF84D774-CF00-477A-AADB-AE2236B5A03A}]
    Servers: | Description: (ZD1211B)IEEE 802.11 b+g USB Adapter

    ===== CDRom AutoRun Settings =====

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
    "AutoRun" = 1

    ===== Autorun Files on Drives =====

    AUTOEXEC.BAT []
    [11/14/2007 05:01 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

    autorun.inf []
    [08/06/2008 08:06 PM | RHSD | M] D:\autorun.inf [ NTFS ]

    ===== MountPoints2 =====

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22802a1e-92c3-11dc-88f0-e7a18f668c58}\Shell]
    "" = Open(0)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22802a1e-92c3-11dc-88f0-e7a18f668c58}\Shell\AutoRun]
    "" = &Exécution automatique

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22802a1e-92c3-11dc-88f0-e7a18f668c58}\Shell\AutoRun\command]
    "" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22802a1e-92c3-11dc-88f0-e7a18f668c58}\Shell\Open(0)]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22802a1e-92c3-11dc-88f0-e7a18f668c58}\Shell\Open(0)\command]
    "" = G:\Recycled\ctfmon.exe File not found

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{467719d1-a808-11dc-892f-000272644d49}\Shell]
    "" = Open(0)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{467719d1-a808-11dc-892f-000272644d49}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{467719d1-a808-11dc-892f-000272644d49}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{467719d1-a808-11dc-892f-000272644d49}\Shell\AutoRun]
    "" = &Exécution automatique

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{467719d1-a808-11dc-892f-000272644d49}\Shell\AutoRun\command]
    "" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{467719d1-a808-11dc-892f-000272644d49}\Shell\Open(0)]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{467719d1-a808-11dc-892f-000272644d49}\Shell\Open(0)\command]
    "" = Recycled\ctfmon.exe

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eecac88-e55d-11dc-8993-000272644d49}\Shell]
    "" = None

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eecac88-e55d-11dc-8993-000272644d49}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eecac88-e55d-11dc-8993-000272644d49}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5280d532-968e-11dc-88ff-000272644d49}\Shell]
    "" = None

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5280d532-968e-11dc-88ff-000272644d49}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5280d532-968e-11dc-88ff-000272644d49}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e39211-dfdd-11dc-8987-000272644d49}\Shell]
    "" = Open(0)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e39211-dfdd-11dc-8987-000272644d49}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e39211-dfdd-11dc-8987-000272644d49}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e39211-dfdd-11dc-8987-000272644d49}\Shell\AutoRun]
    "" = &Exécution automatique

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e39211-dfdd-11dc-8987-000272644d49}\Shell\AutoRun\command]
    "" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e39211-dfdd-11dc-8987-000272644d49}\Shell\Open(0)]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e39211-dfdd-11dc-8987-000272644d49}\Shell\Open(0)\command]
    "" = H:\Recycled\ctfmon.exe File not found

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5175d4-9685-11dc-88fe-000272644d49}\Shell]
    "" = None

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5175d4-9685-11dc-88fe-000272644d49}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5175d4-9685-11dc-88fe-000272644d49}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell]
    "" = Open

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\AutoRun]
    "Extended" =

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\AutoRun\command]
    "" = q83iwmgf.bat

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\explore]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\explore\Command]
    "" = q83iwmgf.bat

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\open]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\open\Command]
    "" = q83iwmgf.bat

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87375be0-c9dc-11dc-895a-000272644d49}\Shell\open\Default]
    "" = 1

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell]
    "" = Open

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\AutoRun]
    "Extended" =

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\AutoRun\command]
    "" = q83iwmgf.bat

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\explore]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\explore\Command]
    "" = q83iwmgf.bat

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\open]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\open\Command]
    "" = q83iwmgf.bat

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9100af84-a9a0-11dc-8933-000272644d49}\Shell\open\Default]
    "" = 1

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db6caebc-08d3-11dd-89c6-cebf02648353}\Shell]
    "" = Open(0)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db6caebc-08d3-11dd-89c6-cebf02648353}\Shell\Autoplay]
    "MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db6caebc-08d3-11dd-89c6-cebf02648353}\Shell\Autoplay\DropTarget]
    "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db6caebc-08d3-11dd-89c6-cebf02648353}\Shell\AutoRun]
    "" = &Exécution automatique

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db6caebc-08d3-11dd-89c6-cebf02648353}\Shell\AutoRun\command]
    "" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:33 PM | 08,517,632 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db6caebc-08d3-11dd-89c6-cebf02648353}\Shell\Open(0)]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db6caebc-08d3-11dd-89c6-cebf02648353}\Shell\Open(0)\command]
    "" = Recycled\ctfmon.exe

    ===== Hosts File =====

    HOSTS File = (261312 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    First 25 entries...
    127.0.0.1 localhost
    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com
    127.0.0.1 1001-search.info
    127.0.0.1 www.1001-search.info
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 132.com
    127.0.0.1 www.132.com
    127.0.0.1 136136.net
    127.0.0.1 www.136136.net



    [Files/Folders - Created Within 90 days]
    [07/19/2008 05:58 PM | ---D | C] - C:\Downloads
    [08/17/2008 09:10 PM | ---D | C] - C:\Config.Msi
    [08/24/2008 10:36 PM | ---D | C] - C:\YouTubeGet
    [06/08/2008 01:07 PM | 00,013,312 | ---- | C] () - C:\WINDOWS\System32\dllcache\msdmo.dll
    [06/08/2008 01:07 PM | 00,030,208 | ---- | C] () - C:\WINDOWS\System32\dllcache\psisrndr.ax
    [06/08/2008 01:07 PM | 00,034,304 | ---- | C] () - C:\WINDOWS\System32\dllcache\mciqtz32.dll
    [06/08/2008 01:07 PM | 00,052,224 | ---- | C] () - C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [06/08/2008 01:07 PM | 00,064,512 | ---- | C] () - C:\WINDOWS\System32\dllcache\amstream.dll
    [06/08/2008 01:07 PM | 00,136,192 | ---- | C] () - C:\WINDOWS\System32\dllcache\mpg2splt.ax
    [06/08/2008 01:07 PM | 00,354,816 | ---- | C] () - C:\WINDOWS\System32\dllcache\psisdecd.dll
    [06/08/2008 01:07 PM | 00,733,184 | ---- | C] () - C:\WINDOWS\System32\dllcache\qedwipes.dll
    [07/22/2008 08:29 PM | 00,239,234 | ---- | C] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
    [07/22/2008 08:31 PM | 00,084,820 | ---- | C] () - C:\WINDOWS\System32\dllcache\apps.chm
    [08/14/2008 08:39 PM | 00,009,696 | ---- | C] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
    [08/14/2008 08:39 PM | 00,790,846 | ---- | C] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
    [08/14/2008 08:39 PM | 01,214,526 | ---- | C] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
    [07/28/2008 03:12 PM | 00,004,736 | ---- | C] () - C:\WINDOWS\System32\drivers\tandpl.sys
    [07/28/2008 03:12 PM | 00,007,552 | ---- | C] () - C:\WINDOWS\System32\drivers\enodpl.sys
    [08/03/2008 11:19 PM | 00,043,520 | ---- | C] (Advanced Micro Devices) - C:\WINDOWS\System32\drivers\AmdK8.sys
    [08/17/2008 05:36 PM | 00,071,184 | R--- | C] (Raxco Software, Inc.) - C:\WINDOWS\System32\drivers\DefragFS.sys
    [08/26/2008 06:12 PM | 00,085,969 | ---- | C] (GMER) - C:\WINDOWS\System32\drivers\gmer.sys
    [05/31/2008 01:16 PM | ---D | C] - C:\WINDOWS\System32\AGEIA
    [06/08/2008 01:07 PM | 00,030,208 | ---- | C] () - C:\WINDOWS\System32\psisrndr.ax
    [06/08/2008 01:07 PM | 00,052,224 | ---- | C] () - C:\WINDOWS\System32\msdvbnp.ax
    [06/08/2008 01:07 PM | 00,354,816 | ---- | C] () - C:\WINDOWS\System32\psisdecd.dll
    [06/08/2008 12:55 PM | 00,231,936 | ---- | C] (Cendant Software) - C:\WINDOWS\System32\SNWValid.dll
    [06/08/2008 12:55 PM | 01,022,976 | ---- | C] (Cendant Software) - C:\WINDOWS\System32\SierraNW.dll
    [07/18/2008 03:02 PM | 00,230,664 | ---- | C] (Raxco Software, Inc.) - C:\WINDOWS\System32\PDBoot.exe
    [07/23/2008 06:46 PM | 00,012,288 | ---- | C] () - C:\WINDOWS\System32\DivXWMPExtType.dll
    [07/23/2008 06:47 PM | 00,003,067 | ---- | C] () - C:\WINDOWS\System32\dtu_fr.qm
    [07/23/2008 06:47 PM | 00,008,835 | ---- | C] () - C:\WINDOWS\System32\dpufr.qm
    [07/23/2008 06:47 PM | 00,352,401 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\DivXMedia.ax
    [07/23/2008 06:47 PM | 00,634,880 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divxdec.ax
    [07/23/2008 06:48 PM | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) - C:\WINDOWS\System32\ssldivx.dll
    [07/23/2008 06:48 PM | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) - C:\WINDOWS\System32\libdivx.dll
    [07/23/2008 06:50 PM | 00,009,878 | ---- | C] () - C:\WINDOWS\System32\dsm_fr.qm
    [07/23/2008 06:50 PM | 03,596,288 | ---- | C] () - C:\WINDOWS\System32\qt-dx331.dll
    [07/25/2008 10:34 AM | 00,053,248 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpuGUI10.dll
    [07/25/2008 10:34 AM | 00,057,344 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpv11.dll
    [07/25/2008 10:34 AM | 00,081,920 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\dpl100.dll
    [07/25/2008 10:34 AM | 00,161,096 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\DivXCodecVersionChecker.exe
    [07/25/2008 10:34 AM | 00,196,608 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\dtu100.dll
    [07/25/2008 10:34 AM | 00,294,912 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpu10.dll
    [07/25/2008 10:34 AM | 00,294,912 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpu11.dll
    [07/25/2008 10:34 AM | 00,344,064 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpus11.dll
    [07/25/2008 10:34 AM | 00,593,920 | ---- | C] (DivXNetworks) - C:\WINDOWS\System32\dpuGUI11.dll
    [07/25/2008 10:34 AM | 00,683,520 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\DivX.dll
    [07/25/2008 10:34 AM | 00,802,816 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx11.dll
    [07/25/2008 10:34 AM | 00,815,104 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx0a.dll
    [07/25/2008 10:34 AM | 00,823,296 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx07.dll
    [07/25/2008 10:34 AM | 00,823,296 | ---- | C] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx0c.dll
    [07/25/2008 10:36 AM | 00,004,816 | ---- | C] () - C:\WINDOWS\System32\divxsm.tlb
    [07/25/2008 10:36 AM | 00,524,288 | ---- | C] (DivX Inc.) - C:\WINDOWS\System32\DivXsm.exe
    [07/31/2008 09:40 PM | 00,024,576 | ---- | C] () - C:\WINDOWS\System32\ControlSubX.ocx
    [07/31/2008 09:40 PM | 00,208,500 | ---- | C] () - C:\WINDOWS\System32\ReyXpBasics.tlb
    [07/31/2008 09:40 PM | 00,258,048 | ---- | C] (Koyote Soft) - C:\WINDOWS\System32\TubeFinder.exe
    [07/31/2008 09:40 PM | 00,364,544 | ---- | C] () - C:\WINDOWS\System32\PropertyGrid.ocx
    [08/01/2008 11:44 PM | 00,003,596 | ---- | C] () - C:\WINDOWS\System32\nvnrm.nvu
    [08/06/2008 08:05 PM | 00,026,112 | ---- | C] (NirSoft) - C:\WINDOWS\System32\nircmd.exe
    [08/13/2008 12:08 AM | 00,042,320 | ---- | C] () - C:\WINDOWS\System32\xfcodec.dll
    [08/14/2008 03:12 PM | 00,018,070 | ---- | C] () - C:\WINDOWS\System32\nvdisp.nvu
    [08/14/2008 03:12 PM | 00,186,910 | ---- | C] () - C:\WINDOWS\System32\nvapps.xml
    [08/14/2008 08:42 PM | ---D | C] - C:\WINDOWS\System32\GroupPolicy
    [3 C:\WINDOWS\*.tmp files]
    [06/08/2008 01:07 PM | ---D | C] - C:\WINDOWS\RegisteredPackages
    [06/08/2008 12:25 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\PowerReg.dat
    [06/08/2008 12:54 PM | 00,000,282 | ---- | C] () - C:\WINDOWS\SIERRA.INI
    [07/29/2008 12:26 AM | 00,090,112 | ---- | C] (MindVision Software) - C:\WINDOWS\unvise32.exe
    [08/03/2008 12:49 AM | 00,000,033 | ---- | C] () - C:\WINDOWS\GunzLauncher.INI
    [08/06/2008 08:28 PM | 00,000,729 | ---- | C] () - C:\WINDOWS\CoD.INI
    [08/14/2008 03:12 PM | ---D | C] - C:\WINDOWS\nview
    [08/26/2008 06:12 PM | 00,000,080 | ---- | C] () - C:\WINDOWS\gmer_uninstall.cmd
    [08/26/2008 06:12 PM | 00,000,250 | ---- | C] () - C:\WINDOWS\gmer.ini
    [08/26/2008 06:12 PM | 00,811,008 | ---- | C] () - C:\WINDOWS\gmer.exe
    [08/26/2008 06:12 PM | 00,884,736 | ---- | C] () - C:\WINDOWS\gmer.dll
    [08/14/2008 09:50 PM | 00,000,268 | ---- | C] () - C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    [08/14/2008 09:50 PM | 00,000,390 | ---- | C] () - C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
    [07/02/2008 05:30 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\InstallShield
    [07/03/2008 11:21 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\ma-config.com
    [08/17/2008 05:36 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Raxco
    [08/24/2008 10:45 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [08/25/2008 11:46 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Avira
    [07/02/2008 11:44 PM | ---D | C] - C:\Documents and Settings\jean\Application Data\Eidos
    [08/03/2008 11:19 PM | ---D | C] - C:\Documents and Settings\jean\Application Data\InstallShield
    [08/17/2008 09:12 PM | ---D | C] - C:\Documents and Settings\jean\Application Data\Uniblue
    [08/17/2008 09:12 PM | ---D | C] - C:\Documents and Settings\jean\Application Data\Windows Desktop Search
    [08/17/2008 09:12 PM | ---D | C] - C:\Documents and Settings\jean\Application Data\Windows Search
    [08/24/2008 10:45 PM | ---D | C] - C:\Documents and Settings\jean\Application Data\NCH Swift Sound
    [08/12/2008 01:20 PM | 00,002,110 | ---- | C] () - C:\Documents and Settings\jean\Local Settings\Application Data\kqgqm_navps.dat
    [08/12/2008 01:20 PM | 00,004,760 | ---- | C] () - C:\Documents and Settings\jean\Local Settings\Application Data\kqgqm.dat
    [08/12/2008 01:20 PM | 00,278,528 | ---- | C] () - C:\Documents and Settings\jean\Local Settings\Application Data\kqgqm.exe
    [08/12/2008 01:20 PM | 00,288,984 | ---- | C] () - C:\Documents and Settings\jean\Local Settings\Application Data\kqgqm_nav.dat
    [08/17/2008 09:12 PM | ---D | C] - C:\Documents and Settings\jean\Local Settings\Application Data\TouchStoneSoftware
    [06/08/2008 02:41 PM | ---D | C] - C:\Documents and Settings\jean\Mes documents\JustCause
    [06/09/2008 07:49 PM | ---D | C] - C:\Documents and Settings\jean\Mes documents\ITECOM ART DESIGN
    [06/30/2008 08:43 PM | 00,067,480 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\389617971[1].gif
    [06/30/2008 12:32 PM | 00,072,705 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\1 004.jpg
    [06/30/2008 12:32 PM | 00,126,371 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\1 003.jpg
    [06/30/2008 12:34 PM | 00,178,737 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\CONTRAT AGENDA ITECOM.rar
    [06/30/2008 12:41 PM | 00,693,979 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\CV GRAPHIQUE 2008.jpg
    [07/07/2008 06:09 PM | 00,148,220 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\ps3_metal-gear-solid-4-guns-of-the-patriots_1206314606_1.jpg
    [07/15/2008 04:43 PM | 00,072,991 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\n1131348297_71196_4297[1].jpg
    [07/17/2008 12:23 PM | 00,241,243 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\Never-Change.jpg
    [07/22/2008 09:39 PM | ---D | C] - C:\Documents and Settings\jean\Mes documents\PS3
    [07/31/2008 08:22 PM | 01,705,984 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\MAQUETTE.doc
    [08/10/2008 12:07 AM | 00,026,624 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\C'est rien.doc
    [08/14/2008 10:55 PM | ---D | C] - C:\Documents and Settings\jean\Mes documents\Empire Interactive
    [08/16/2008 12:46 AM | 00,089,550 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\CVtoPDF Graphiste en ligne.pdf
    [08/19/2008 01:18 PM | 05,105,207 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\LA POSTE.pdf
    [08/20/2008 04:46 PM | ---D | C] - C:\Documents and Settings\jean\Mes documents\BOOK
    [08/20/2008 12:43 AM | 00,068,774 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\titine.jpg
    [08/26/2008 06:12 PM | 00,811,008 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\gmer.exe
    [08/26/2008 07:48 PM | 01,023,831 | ---- | C] () - C:\Documents and Settings\jean\Mes documents\photo_28042777.gif
    [08/28/2008 10:13 PM | ---D | C] - C:\Documents and Settings\jean\Mes documents\Nouveau dossier
    [08/18/2008 12:33 AM | 00,001,604 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [08/25/2008 11:46 PM | 00,001,853 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
    [08/28/2008 08:24 PM | 00,000,794 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\Smart Defrag.lnk
    [06/08/2008 05:45 PM | 00,000,882 | ---- | C] () - C:\Documents and Settings\jean\Bureau\Daemon Tools.lnk
    [07/02/2008 11:41 PM | 00,000,656 | ---- | C] () - C:\Documents and Settings\jean\Bureau\Reservoir Dogs.lnk
    [07/06/2008 01:01 AM | 00,000,543 | ---- | C] () - C:\Documents and Settings\jean\Bureau\Just Cause.lnk
    [07/28/2008 02:59 PM | 00,000,646 | ---- | C] () - C:\Documents and Settings\jean\Bureau\Beyond Good & Evil.lnk
    [07/28/2008 03:10 PM | 00,000,453 | ---- | C] () - C:\Documents and Settings\jean\Bureau\XIII.lnk
    [07/31/2008 09:40 PM | 00,000,794 | ---- | C] () - C:\Documents and Settings\jean\Bureau\Free FLV Converter.lnk
    [08/06/2008 08:36 PM | 00,000,529 | ---- | C] () - C:\Documents and Settings\jean\Bureau\Call of Duty Online.lnk
    [08/06/2008 10:42 PM | 00,000,797 | ---- | C] () - C:\Documents and Settings\jean\Bureau\DivX Player.lnk
    [08/07/2008 12:10 AM | 00,000,743 | ---- | C] () - C:\Documents and Settings\jean\Bureau\Deus Ex - Invisible War.lnk
    [08/26/2008 01:37 PM | 00,001,736 | ---- | C] () - C:\Documents and Settings\jean\Bureau\HijackThis.lnk
    [05/31/2008 01:16 PM | ---D | C] - C:\Program Files\AGEIA Technologies
    [06/18/2008 02:08 PM | ---D | C] - C:\Program Files\MSECache
    [07/03/2008 11:21 AM | ---D | C] - C:\Program Files\ma-config.com
    [07/03/2008 11:34 AM | ---D | C] - C:\Program Files\Realtek AC97
    [07/06/2008 12:14 AM | ---D | C] - C:\Program Files\FLV Player
    [07/28/2008 02:55 PM | ---D | C] - C:\Program Files\Ubi Soft
    [07/31/2008 09:40 PM | ---D | C] - C:\Program Files\Free FLV Converter
    [08/03/2008 11:19 PM | ---D | C] - C:\Program Files\AMD
    [08/06/2008 07:33 PM | ---D | C] - C:\Program Files\NT Registry Optimizer
    [08/06/2008 10:41 PM | ---D | C] - C:\Program Files\DivX
    [08/14/2008 08:42 PM | ---D | C] - C:\Program Files\Windows Desktop Search
    [08/17/2008 05:35 PM | ---D | C] - C:\Program Files\Raxco
    [08/20/2008 11:01 PM | ---D | C] - C:\Program Files\GoldWave
    [08/24/2008 03:38 PM | ---D | C] - C:\Program Files\nullDC
    [08/24/2008 10:45 PM | ---D | C] - C:\Program Files\NCH Swift Sound
    [08/24/2008 10:46 PM | ---D | C] - C:\Program Files\NCH Software
    [08/25/2008 11:46 PM | ---D | C] - C:\Program Files\Avira
    [08/26/2008 01:37 PM | ---D | C] - C:\Program Files\Trend Micro
    [08/26/2008 10:05 PM | ---D | C] - C:\Program Files\DAEMON Tools Lite

    [Files/Folders - Modified Within 90 days]
    [07/03/2008 11:54 AM | ---D | M] - C:\NVIDIA
    [08/24/2008 03:38 PM | ---D | M] - C:\Config.Msi
    [08/24/2008 11:07 PM | ---D | M] - C:\YouTubeGet
    [08/27/2008 02:41 PM | ---D | M] - C:\Downloads
    [08/28/2008 10:36 PM | R--D | M] - C:\Program Files
    [08/28/2008 10:44 PM | ---D | M] - C:\WINDOWS
    [07/22/2008 04:59 PM | 00,009,696 | ---- | M] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
    [07/22/2008 04:59 PM | 00,790,846 | ---- | M] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
    [07/22/2008 04:59 PM | 01,214,526 | ---- | M] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
    [07/22/2008 08:29 PM | 00,239,234 | ---- | M] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
    [07/22/2008 08:31 PM | 00,084,820 | ---- | M] () - C:\WINDOWS\System32\dllcache\apps.chm
    [06/05/2008 12:47 AM | 00,250,150 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080605-004802.backup
    [06/05/2008 12:48 AM | 00,250,150 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080609-002037.backup
    [06/09/2008 12:20 AM | 00,250,150 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080701-233522.backup
    [07/01/2008 11:35 PM | 00,251,401 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080701-233534.backup
    [07/01/2008 11:35 PM | 00,251,401 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080801-233056.backup
    [08/01/2008 11:30 PM | 00,257,347 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080808-012301.backup
    [08/08/2008 01:23 AM | 00,258,357 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080808-012310.backup
    [08/08/2008 01:23 AM | 00,258,357 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080808-014526.backup
    [08/08/2008 01:45 AM | 00,258,357 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080817-161556.backup
    [08/17/2008 04:15 PM | 00,259,864 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080819-203018.backup
    [08/19/2008 08:30 PM | 00,259,864 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080819-203025.backup
    [08/19/2008 08:30 PM | 00,259,864 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080823-164934.backup
    [08/23/2008 04:49 PM | 00,261,312 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
    [08/23/2008 04:49 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
    [08/26/2008 06:12 PM | 00,085,969 | ---- | M] (GMER) - C:\WINDOWS\System32\drivers\gmer.sys
    [05/31/2008 01:16 PM | ---D | M] - C:\WINDOWS\System32\AGEIA
    [06/04/2008 06:42 PM | 00,024,576 | ---- | M] () - C:\WINDOWS\System32\ControlSubX.ocx
    [06/04/2008 06:42 PM | 00,208,500 | ---- | M] () - C:\WINDOWS\System32\ReyXpBasics.tlb
    [06/04/2008 06:42 PM | 00,364,544 | ---- | M] () - C:\WINDOWS\System32\PropertyGrid.ocx
    [06/19/2008 11:45 PM | ---D | M] - C:\WINDOWS\System32\DirectX
    [06/30/2008 11:26 PM | ---D | M] - C:\WINDOWS\System32\Macromed
    [07/03/2008 10:45 AM | 00,216,856 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
    [07/18/2008 03:02 PM | 00,230,664 | ---- | M] (Raxco Software, Inc.) - C:\WINDOWS\System32\PDBoot.exe
    [07/23/2008 06:46 PM | 00,012,288 | ---- | M] () - C:\WINDOWS\System32\DivXWMPExtType.dll
    [07/23/2008 06:47 PM | 00,003,067 | ---- | M] () - C:\WINDOWS\System32\dtu_fr.qm
    [07/23/2008 06:47 PM | 00,008,835 | ---- | M] () - C:\WINDOWS\System32\dpufr.qm
    [07/23/2008 06:47 PM | 00,352,401 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\DivXMedia.ax
    [07/23/2008 06:47 PM | 00,634,880 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divxdec.ax
    [07/23/2008 06:48 PM | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) - C:\WINDOWS\System32\ssldivx.dll
    [07/23/2008 06:48 PM | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) - C:\WINDOWS\System32\libdivx.dll
    [07/23/2008 06:50 PM | 00,009,878 | ---- | M] () - C:\WINDOWS\System32\dsm_fr.qm
    [07/23/2008 06:50 PM | 03,596,288 | ---- | M] () - C:\WINDOWS\System32\qt-dx331.dll
    [07/25/2008 10:34 AM | 00,053,248 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpuGUI10.dll
    [07/25/2008 10:34 AM | 00,057,344 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpv11.dll
    [07/25/2008 10:34 AM | 00,081,920 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\dpl100.dll
    [07/25/2008 10:34 AM | 00,161,096 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\DivXCodecVersionChecker.exe
    [07/25/2008 10:34 AM | 00,196,608 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\dtu100.dll
    [07/25/2008 10:34 AM | 00,294,912 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpu10.dll
    [07/25/2008 10:34 AM | 00,294,912 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpu11.dll
    [07/25/2008 10:34 AM | 00,344,064 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpus11.dll
    [07/25/2008 10:34 AM | 00,593,920 | ---- | M] (DivXNetworks) - C:\WINDOWS\System32\dpuGUI11.dll
    [07/25/2008 10:34 AM | 00,683,520 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\DivX.dll
    [07/25/2008 10:34 AM | 00,802,816 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx11.dll
    [07/25/2008 10:34 AM | 00,815,104 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx0a.dll
    [07/25/2008 10:34 AM | 00,823,296 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx07.dll
    [07/25/2008 10:34 AM | 00,823,296 | ---- | M] (DivX, Inc.) - C:\WINDOWS\System32\divx_xx0c.dll
    [07/25/2008 10:36 AM | 00,004,816 | ---- | M] () - C:\WINDOWS\System32\divxsm.tlb
    [07/25/2008 10:36 AM | 00,524,288 | ---- | M] (DivX Inc.) - C:\WINDOWS\System32\DivXsm.exe
    [08/01/2008 11:49 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
    [08/01/2008 11:58 PM | 00,071,308 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
    [08/01/2008 11:58 PM | 00,441,624 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
    [08/03/2008 11:19 PM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
    [08/05/2008 12:52 AM | 00,043,520 | ---- | M] () - C:\WINDOWS\System32\CmdLineExt03.dll
    [08/13/2008 12:08 AM | 00,042,320 | ---- | M] () - C:\WINDOWS\System32\xfcodec.dll
    [08/14/2008 02:20 PM | 00,258,048 | ---- | M] (Koyote Soft) - C:\WINDOWS\System32\TubeFinder.exe
    [08/14/2008 08:42 PM | 00,093,700 | ---- | M] () - C:\WINDOWS\System32\perfc00C.dat
    [08/14/2008 08:42 PM | 00,533,240 | ---- | M] () - C:\WINDOWS\System32\perfh00C.dat
    [08/14/2008 08:42 PM | 01,147,234 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
    [08/14/2008 08:42 PM | ---D | M] - C:\WINDOWS\System32\fr-fr
    [08/14/2008 08:42 PM | ---D | M] - C:\WINDOWS\System32\GroupPolicy
    [08/17/2008 09:16 PM | ---D | M] - C:\WINDOWS\System32\wbem
    [08/20/2008 06:43 PM | 00,108,144 | ---- | M] (Sony DADC Austria AG.) - C:\WINDOWS\System32\CmdLineExt.dll
    [08/25/2008 11:21 PM | ---D | M] - C:\WINDOWS\System32\config
    [08/25/2008 11:39 PM | 00,003,072 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
    [08/26/2008 06:12 PM | ---D | M] - C:\WINDOWS\System32\drivers
    [08/27/2008 03:42 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
    [08/27/2008 12:33 AM | 00,013,780 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
    [08/28/2008 05:38 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
    [08/28/2008 08:19 PM | 00,186,910 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
    [08/28/2008 08:21 PM | ---D | M] - C:\WINDOWS\System32\LogFiles
    [08/28/2008 10:44 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
    [3 C:\WINDOWS\*.tmp files]
    [06/07/2008 11:28 PM | 00,000,893 | ---- | M] () - C:\WINDOWS\cdplayer.ini
    [06/08/2008 01:08 PM | ---D | M] - C:\WINDOWS\RegisteredPackages
    [06/08/2008 05:12 PM | ---D | M] - C:\WINDOWS\Downloaded Installations
    [06/08/2008 12:25 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\PowerReg.dat
    [06/08/2008 12:55 PM | 00,000,282 | ---- | M] () - C:\WINDOWS\SIERRA.INI
    [06/18/2008 02:08 PM | R-SD | M] - C:\WINDOWS\Fonts
    [08/05/2008 09:20 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
    [08/05/2008 12:39 AM | 00,000,033 | ---- | M] () - C:\WINDOWS\GunzLauncher.INI
    [08/06/2008 08:36 PM | 00,000,729 | ---- | M] () - C:\WINDOWS\CoD.INI
    [08/14/2008 03:12 PM | ---D | M] - C:\WINDOWS\nview
    [08/14/2008 08:43 PM | ---D | M] - C:\WINDOWS\ie7updates
    [08/14/2008 08:43 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
    [08/14/2008 08:52 PM | R-SD | M] - C:\WINDOWS\assembly
    [08/14/2008 08:54 PM | ---D | M] - C:\WINDOWS\Debug
    [08/14/2008 09:50 PM | --SD | M] - C:\WINDOWS\Tasks
    [08/17/2008 09:12 PM | ---D | M] - C:\WINDOWS\AppPatch
    [08/17/2008 09:16 PM | ---D | M] - C:\WINDOWS\Registration
    [08/19/2008 08:31 PM | 00,000,558 | ---- | M] () - C:\WINDOWS\win.ini
    [08/24/2008 03:38 PM | -HSD | M] - C:\WINDOWS\Installer
    [08/25/2008 05:40 PM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
    [08/26/2008 06:12 PM | 00,000,080 | ---- | M] () - C:\WINDOWS\gmer_uninstall.cmd
    [08/26/2008 06:12 PM | 00,000,250 | ---- | M] () - C:\WINDOWS\gmer.ini
    [08/26/2008 06:12 PM | 00,884,736 | ---- | M] () - C:\WINDOWS\gmer.dll
    [08/27/2008 02:14 PM | ---D | M] - C:\WINDOWS\Help
    [08/28/2008 05:38 PM | ---D | M] - C:\WINDOWS\system32
    [08/28/2008 05:38 PM | -H-D | M] - C:\WINDOWS\inf
    [08/28/2008 07:36 PM | ---D | M] - C:\WINDOWS\Minidump
    [08/28/2008 08:18 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
    [08/28/2008 08:20 PM | ---D | M] - C:\WINDOWS\Temp
    [08/28/2008 10:45 PM | ---D | M] - C:\WINDOWS\Prefetch
    [08/14/2008 09:50 PM | 00,000,390 | ---- | M] () - C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
    [08/15/2008 05:04 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [08/24/2008 09:50 PM | 00,000,268 | ---- | M] () - C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
    [08/28/2008 08:18 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
    [07/02/2008 05:30 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\InstallShield
    [08/01/2008 11:03 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\ma-config.com
    [08/02/2008 12:08 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TrackMania
    [08/14/2008 08:42 PM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
    [08/17/2008 05:36 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Raxco
    [08/20/2008 04:42 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
    [08/24/2008 10:45 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [08/25/2008 11:46 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Avira
    [08/28/2008 10:38 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [06/18/2008 02:09 PM | --SD | M] - C:\Documents and Settings\jean\Application Data\Microsoft
    [06/18/2008 12:49 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Mozilla
    [07/01/2008 04:43 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Ahead
    [07/02/2008 11:44 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Eidos
    [08/03/2008 11:19 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\InstallShield
    [08/06/2008 10:32 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Winamp
    [08/06/2008 11:22 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Gearbox Software
    [08/07/2008 10:34 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\DivX
    [08/17/2008 09:12 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Apple Computer
    [08/17/2008 09:12 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Uniblue
    [08/17/2008 09:12 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Windows Desktop Search
    [08/17/2008 09:12 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Windows Search
    [08/20/2008 04:42 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Adobe
    [08/20/2008 05:52 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\Xfire
    [08/20/2008 11:16 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\dvdcss
    [08/24/2008 10:45 PM | ---D | M] - C:\Documents and Settings\jean\Application Data\NCH Swift Sound
    [08/26/2008 08:18 PM | ---D
    28 Août 2008 22:48:38

    et maintenant le rapport Extras.Txt, merci encore pour ton aide ^^

    OTViewIt Extras logfile created on: 28/08/2008 22:46:03 - Run 2
    OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\jean\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1023,48 Mb Total Physical Memory | 627,95 Mb Available Physical Memory | 61,35% Memory free
    2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,83% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38,34 Gb Total Space | 5,20 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
    Drive D: | 74,52 Gb Total Space | 34,08 Gb Free Space | 45,73% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    ===== File Associations =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] - File not found -
    .cmd [@ = cmdfile] - File not found -
    .com [@ = comfile] - File not found -
    .exe [@ = exefile] - File not found -
    .pif [@ = piffile] - File not found -
    .scr [@ = scrfile] - File not found -

    ===== HKEY_LOCAL_MACHINE Uninstall List =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
    "{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}" = Logitech QuickCam
    "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "{08783603-FFD0-479c-9160-E2FA46E62883}" = Mise à niveau de Works
    "{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}" = MSXML 6.0 Parser (KB933579)
    "{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
    "{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
    "{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Rayman Raving Rabbids
    "{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox
    "{17E57E89-DDB3-4f76-9AF1-A8E01CC633E4}" = Complément Microsoft Word pour Microsoft Works Suite
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2
    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
    "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
    "{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
    "{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
    "{6BF81CE7-3D5A-497F-8912-2A65A0253E1B}" = Beyond Good & Evil
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "{7F9A0582-482D-4F0B-B85C-C1418418077F}" = Adobe Illustrator CS2
    "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8D2AC4F2-0BBA-4A94-A866-8B54263FAE87}" = Reservoir Dogs
    "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
    "{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90120000-0020-040C-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{911B040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
    "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
    "{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works
    "{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
    "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live
    "{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
    "{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
    "{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}" = nullDC 1.0.0 Public Beta 1 Setup
    "{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
    "{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}" = Starship Troopers
    "{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CFF24C43-9C46-4044-9C54-A4D98A3A25FB}" = Ma-Config.com
    "{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
    "{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
    "{F09FB343-2806-4F48-846D-705352D30334}" = Diskeeper Lite
    "{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
    "{F41C11EC-7C13-47A7-A07C-251D96EC3879}" = Les Chevaliers de Baphomet - Les Gardiens du Temple de Salomon
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
    "7-Zip" = 7-Zip 4.56 beta
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player Plugin
    "Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
    "avast!" = avast! Antivirus
    "Call of Duty" = Call of Duty
    "CamStudio" = CamStudio
    "CCleaner" = CCleaner (remove only)
    "Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter 3.0
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "FlashGet" = FlashGet 1.9.6.1073
    "FLVplayer" = FLV Player
    "Free FLV Converter_is1" = Free FLV Converter V 5.4
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3
    "getPlus(R)_ocx" = getPlus(R)_ocx
    "GoldWave v5.25" = GoldWave v5.25
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
    "KB909520" = Package de base Microsoft de service de chiffrement pour cartes à puce
    "KB931906" = Security Update for CAPICOM (KB931906)
    "KB938127-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    "KB939653-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    "KB942615-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    "KB944533-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
    "KB947864-IE7" = Correctif pour Windows Internet Explorer 7 (KB947864)
    "KB950759-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
    "Logitech Print Service" = Logitech Print Service
    "M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    "Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
    "Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroBackItUp!UninstallKey" = Nero BackItUp
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NTREGOPT_is1" = NTREGOPT 1.1j
    "NVIDIA Drivers" = NVIDIA Drivers
    "QcDrv" = Programme de gestion Camera de Logitech®
    "RealPlayer 6.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.71
    "Smart Defrag Beta6.00_is1" = SmartDefrag Beta6.00
    "Smart Defrag Beta6.10_is1" = SmartDefrag Beta6.10
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
    "SystemRequirementsLab" = System Requirements Lab
    "TmNationsForever_is1" = TmNationsForever
    "VLC media player" = VideoLAN VLC media player 0.8.6c
    "WGA" = Windows Genuine Advantage Validation Tool (KB892130)
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Lecteur Windows Media 11
    "Windows XP Service" = Windows XP Service Pack 3
    "WinRAR archiver" = Archiveur WinRAR
    "WiziWYG XP" = WiziWYG XP
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2005Setup" = Sélecteur d'installation de Microsoft Works 2005
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xfire" = Xfire (remove only)
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

    ===== HKEY_CURRENT_USER Uninstall List =====


    ===== Winsock2 Catalogs =====

    ===== HKEY_LOCAL_MACHINE Protocol Defaults =====


    ===== HKEY_CURRENT_USER Protocol Defaults =====


    ===== Protocol Handlers =====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

    bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKLM - BackWeb GA Pluggable Protocol]
    [12/17/2007 06:44 PM | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    ipp: [HKLM - No CLSID value]
    msdaipp: [HKLM - No CLSID value]

    ===== Protocol Filters =====

    < End of report >
    29 Août 2008 12:33:28

    re,

    Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes. ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    *************

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    29 Août 2008 18:06:27

    Bonjour l'ami, voici l'rapport:

    ComboFix 08-08-28.06 - jean 2008-08-29 17:58:25.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.620 [GMT 2:00]
    Endroit: C:\Documents and Settings\jean\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\jean\Local Settings\Application Data\ahxhgazm.dat
    C:\Documents and Settings\jean\Local Settings\Application Data\ahxhgazm_nav.dat
    C:\Documents and Settings\jean\Local Settings\Application Data\ahxhgazm_navps.dat
    C:\Documents and Settings\jean\Local Settings\Application Data\kqgqm.dat
    C:\Documents and Settings\jean\Local Settings\Application Data\kqgqm.exe
    C:\Documents and Settings\jean\Local Settings\Application Data\kqgqm_nav.dat
    C:\Documents and Settings\jean\Local Settings\Application Data\kqgqm_navps.dat
    C:\Documents and Settings\jean\Local Settings\Application Data\umdiuvc.dat
    C:\Documents and Settings\jean\Local Settings\Application Data\umdiuvc_nav.dat
    C:\Documents and Settings\jean\Local Settings\Application Data\umdiuvc_navps.dat
    C:\Recycled\Recycled
    C:\WINDOWS\system32\MSINET.oca

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-28 23:00 . 2008-08-28 23:00 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-08-28 22:58 . 2008-08-28 22:59 <REP> d-------- C:\WINDOWS\Packs
    2008-08-26 22:05 . 2008-08-26 22:05 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-08-26 18:12 . 2008-08-26 18:12 250 --a------ C:\WINDOWS\gmer.ini
    2008-08-26 13:37 . 2008-08-26 13:37 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-25 23:46 . 2008-08-25 23:46 <REP> d-------- C:\Program Files\Avira
    2008-08-25 23:46 . 2008-08-25 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-24 22:46 . 2008-08-24 22:46 <REP> d-------- C:\Program Files\NCH Software
    2008-08-24 22:45 . 2008-08-28 22:30 <REP> d-------- C:\Program Files\NCH Swift Sound
    2008-08-24 22:45 . 2008-08-24 22:45 <REP> d-------- C:\Documents and Settings\jean\Application Data\NCH Swift Sound
    2008-08-24 22:45 . 2008-08-24 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-08-24 22:36 . 2008-08-24 23:07 <REP> d-------- C:\YouTubeGet
    2008-08-24 15:38 . 2008-08-24 15:38 <REP> d-------- C:\Program Files\nullDC
    2008-08-20 23:01 . 2008-08-20 23:01 <REP> d-------- C:\Program Files\GoldWave
    2008-08-17 21:12 . 2008-08-17 21:12 <REP> d-------- C:\Documents and Settings\jean\Application Data\Windows Search
    2008-08-17 21:12 . 2008-08-17 21:12 <REP> d-------- C:\Documents and Settings\jean\Application Data\Windows Desktop Search
    2008-08-17 21:12 . 2008-08-17 21:12 <REP> d-------- C:\Documents and Settings\jean\Application Data\Uniblue
    2008-08-17 17:36 . 2008-08-17 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
    2008-08-17 17:36 . 2008-05-15 09:45 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys
    2008-08-17 17:35 . 2008-08-17 17:36 <REP> d-------- C:\Program Files\Raxco
    2008-08-14 20:42 . 2008-08-14 20:42 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
    2008-08-14 20:42 . 2008-08-17 21:10 <REP> d-------- C:\Program Files\Windows Desktop Search
    2008-08-14 20:41 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
    2008-08-14 20:41 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
    2008-08-14 20:41 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
    2008-08-14 20:40 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-14 20:39 . 2008-07-22 16:59 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-08-14 20:39 . 2008-07-22 16:59 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-08-14 20:39 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-14 20:39 . 2008-07-22 16:59 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
    2008-08-14 15:12 . 2008-08-14 15:12 <REP> d-------- C:\WINDOWS\nview
    2008-08-14 15:12 . 2008-08-29 17:50 186,910 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-08-14 15:12 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-08-13 00:08 . 2008-08-13 00:08 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-08-07 00:17 . 2008-08-07 00:17 40,960 --a------ C:\WINDOWS\_dsDE.tmp
    2008-08-06 22:41 . 2008-08-06 22:42 <REP> d-------- C:\Program Files\DivX
    2008-08-06 20:28 . 2008-08-06 20:36 729 --a------ C:\WINDOWS\CoD.INI
    2008-08-06 20:05 . 2006-07-24 01:38 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
    2008-08-06 19:33 . 2008-08-06 19:33 <REP> d-------- C:\Program Files\NT Registry Optimizer
    2008-08-04 19:24 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
    2008-08-04 19:24 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
    2008-08-03 23:19 . 2008-08-03 23:19 <REP> d-------- C:\Program Files\AMD
    2008-08-03 23:19 . 2008-08-03 23:19 <REP> d-------- C:\Documents and Settings\jean\Application Data\InstallShield
    2008-08-03 23:19 . 2006-07-01 22:42 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
    2008-08-03 00:49 . 2008-08-05 00:39 33 --a------ C:\WINDOWS\GunzLauncher.INI
    2008-08-01 23:44 . 2005-04-04 18:59 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
    2008-08-01 23:44 . 2005-02-08 14:26 3,596 --a------ C:\WINDOWS\system32\nvnrm.nvu
    2008-07-31 21:40 . 2008-08-25 00:34 <REP> d-------- C:\Program Files\Free FLV Converter
    2008-07-31 21:40 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
    2008-07-31 21:40 . 2008-08-14 14:20 258,048 --a------ C:\WINDOWS\system32\TubeFinder.exe
    2008-07-31 21:40 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
    2008-07-31 21:40 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
    2008-07-31 21:40 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
    2008-07-31 21:40 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
    2008-07-29 00:26 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-28 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-28 20:59 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-08-28 18:24 --------- d-----w C:\Program Files\FlashGet
    2008-08-26 20:38 9,900 ----a-w C:\Documents and Settings\jean\Application Data\wklnhst.dat
    2008-08-26 18:18 --------- d-----w C:\Documents and Settings\jean\Application Data\SystemRequirementsLab
    2008-08-24 13:35 --------- d-----w C:\Program Files\Project64 v1.5
    2008-08-23 14:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-20 21:16 --------- d-----w C:\Documents and Settings\jean\Application Data\dvdcss
    2008-08-20 16:43 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-20 15:52 --------- d-----w C:\Documents and Settings\jean\Application Data\Xfire
    2008-08-18 21:02 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-17 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-17 19:12 --------- d-----w C:\Program Files\Xfire
    2008-08-17 19:12 --------- d-----w C:\Documents and Settings\jean\Application Data\Apple Computer
    2008-08-07 20:34 --------- d-----w C:\Documents and Settings\jean\Application Data\DivX
    2008-08-06 21:22 --------- d-----w C:\Program Files\Ubisoft
    2008-08-06 21:22 --------- d-----w C:\Documents and Settings\jean\Application Data\Gearbox Software
    2008-08-06 20:33 --------- d-----w C:\Program Files\Winamp
    2008-08-06 20:32 --------- d-----w C:\Documents and Settings\jean\Application Data\Winamp
    2008-08-04 22:52 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-08-01 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-08-01 21:03 --------- d-----w C:\Program Files\ma-config.com
    2008-08-01 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-07-28 12:55 --------- d-----w C:\Program Files\Ubi Soft
    2008-07-25 10:13 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 215,752 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 13:02 230,664 ----a-w C:\WINDOWS\system32\PDBoot.exe
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-05 22:14 --------- d-----w C:\Program Files\FLV Player
    2008-07-03 09:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-03 09:34 --------- d-----w C:\Program Files\Realtek AC97
    2008-07-02 21:44 --------- d-----w C:\Documents and Settings\jean\Application Data\Eidos
    2008-07-02 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-07-02 15:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-07-01 14:43 --------- d-----w C:\Documents and Settings\jean\Application Data\Ahead
    2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 1,260,544 ----a-w C:\WINDOWS\system32\WININET.DLL
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-04 14:29 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-03-13 17:43 44,728 ----a-w C:\Documents and Settings\jean\Application Data\GDIPFONTCACHEV1.DAT
    2008-05-10 14:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat
    .

    ------- Sigcheck -------

    2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    2007-12-07 03:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    2006-03-02 14:00 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\ie7\wininet.dll
    2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
    2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    2007-10-11 01:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
    2007-12-07 04:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
    2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
    2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
    2008-06-23 18:28 1260544 32a34d222bc1264ee63c05eaf1130734 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2GDR\wininet.dll
    2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2QFE\wininet.dll
    2008-06-23 18:28 1260544 32a34d222bc1264ee63c05eaf1130734 C:\WINDOWS\system32\WININET.DLL
    2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll

    2008-04-13 19:34 2716672 4319d8ce7799233ec864b74f80840bbf C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2008-04-13 19:34 2716672 4319d8ce7799233ec864b74f80840bbf C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2008-07-18 22:10 215752 87aeac8da221f8748e10c45db3de26f7 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
    2008-07-18 22:10 215752 87aeac8da221f8748e10c45db3de26f7 C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51 131072]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
    "nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360]
    "DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    C:\Documents and Settings\jean\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 110592]
    Y'z Toolbar.lnk - C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2008-08-28 23:00:12 90112]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 110592]
    ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2007-11-14 18:12:25 487424]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm
    "VIDC.XFR1"= xfcodec.dll
    "vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
    "vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
    "vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
    "vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
    "vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^jean^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\jean\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --------- 2004-06-01 12:46 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --------- 2004-06-01 12:09 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --------- 2004-06-01 12:03 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-13 19:34 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    --------- 2005-09-16 17:41 1961984 C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --------- 2005-09-16 17:41 1757184 C:\Program Files\Ahead\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-02-19 23:23 98304 C:\WINDOWS\system32\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
    --a------ 2008-08-04 18:26 2231624 C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-11-18 23:05 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashGet\\flashget.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Rollcage\\rollcage_fr__Slasher404\\rollcage\\direct3d\\rollcage.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\JEUX\\CALL OF DUTY\\CoDMP.exe"=
    "C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"=
    "C:\\Program Files\\Empire Interactive\\Strangelite\\Starship Troopers\\STGame.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "D:\\JEUX\\TRACKMANIA NATIONS\\TmNationsForever\\TmForever.exe"=
    "D:\\Logiciels Création, Utilitaires & Emulateurs\\VSDownloader\\vXdownloader.exe"=
    "D:\\JEUX\\XIII\\system\\XIII.exe"=

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 15:46]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-05-04 19:25]
    R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 14:44]
    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 19:44]
    S3 jswmidin;jswmidin;C:\DOCUME~1\jean\LOCALS~1\Temp\jswmidin.sys []
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]
    S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467719d1-a808-11dc-892f-000272644d49}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
    \Shell\Open(0)\command - Recycled\ctfmon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87375be0-c9dc-11dc-895a-000272644d49}]
    \Shell\AutoRun\command - q83iwmgf.bat
    \Shell\explore\Command - q83iwmgf.bat
    \Shell\open\Command - q83iwmgf.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9100af84-a9a0-11dc-8933-000272644d49}]
    \Shell\AutoRun\command - q83iwmgf.bat
    \Shell\explore\Command - q83iwmgf.bat
    \Shell\open\Command - q83iwmgf.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db6caebc-08d3-11dd-89c6-cebf02648353}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
    \Shell\Open(0)\command - Recycled\ctfmon.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

    2008-08-14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe
    MSConfigStartUp-LDM - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\81pdgllm.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    FF -: plugin - C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
    FF -: plugin - C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
    FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-29 18:01:10
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-29 18:03:08
    ComboFix-quarantined-files.txt 2008-08-29 16:02:42

    Pre-Run: 4,912,439,296 octets libres
    Post-Run: 4,904,464,384 octets libres

    316 --- E O F --- 2008-08-18 21:02:53
    29 Août 2008 18:26:21

    Télécharge Navilog (de Il-Mafioso)

  • Enregistre-le sur ton Bureau.
  • Installe-le en double cliquant sur navilog.exe.
  • Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
  • Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2, 3 et 4 sans notre accord !
  • Patiente jusqu'à l'apparition de ce message :
    *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
  • Poste le rapport généré.

    Le rapport se trouve ici : C:\fixnavi.txt
    29 Août 2008 20:26:57

    re, voici le rapport généré:

    Search Navipromo version 3.6.5 commencé le 29/08/2008 à 20:18:54,93

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "jean"

    Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\jean\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\jean\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\jean\menudm~1\progra~1" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\jean\locals~1\applic~1" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\jean\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group trouvé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 29/08/2008 à 20:23:05,71 ***
    29 Août 2008 20:46:58

    Re,

  • Double clique sur le raccourci de Navilog.
  • Choisis l'option 2 puis valide. (Entrée)
  • Laisse toi guider.
  • Ton ordinateur va redémarrer, sinon fais le manuellement.
  • Ton bureau va disparaître.
  • Après un certain temps, le Bloc-notes va s'ouvrir.
  • Sauvegarde le rapport.
  • Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


    Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

    VIP

    Si tu les trouves, fais ceci :
    * Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
    * Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

    Ensuite pour chacun des certificats présents sur ton bureau :
    * Va sur le site Web :
    http://www.bleepingcomputer.com/submit-malware.php?chan...
    * Copie/colle ceci dans la case 'Link to Topic' :
    le nom du certificat (Montorgueil ,......)
    * Copie/colle ceci dans la case 'Browse to the File' :
    Le certificat correspondant que tu avais exportés vers ton bureau

    Si c'est fait, supprime enfin le certificat présent sur ton bureau.

    Les programmes suivants installent cette infection :

    * Go-astro
    * GoRecord
    * HotTVPlayer
    * Live Player
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * sudoplanet
    * Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
    * Sur le site www.games-desktop.com (Ne pas aller dessus!)

    --------

    Puis poste un nouveau rapport ComboFix.
    29 Août 2008 21:07:44

    re,

    lors du redémarrage, mon PC à eu un écran bleu: avec pour message d'information:

    mouhid.sys

    Lors de la réouverture du système d'exploitation, un rapport à été effectué cleanavi.txt

    Dans les éditeurs approuvés, il n'y avait rien de présent.

    Que dois je faire par la suite à partir de maintenant pour reprendre la désinfection?

    Merci
    29 Août 2008 22:27:55

    Poster le rapport :) 
    29 Août 2008 22:41:47

    le v'la ^^

    Clean Navipromo version 3.6.5 commencé le 29/08/2008 à 20:53:56,54

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "jean"

    Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\jean\locals~1\applic~1" *



    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\jean\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\jean\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\jean\menudm~1\progra~1" ***



    *** Suppression fichiers ***


    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\jean\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    * Dans "C:\Documents and Settings\jean\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group supprimé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 29/08/2008 à 20:58:29,10 ***

    30 Août 2008 12:12:00

    Re,

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Coche Afficher les fichiers et dossiers cachés
    - Décoche Masquer les extensions des fichiers dont le type est connu
    - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal

  • Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\WININET.DLL
  • Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.

  • Fais la même chose avec ces fichiers : C:\WINDOWS\system32\wuauclt.exe

    Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
    30 Août 2008 14:47:55

    re, voici le résultat pour:

    Fichier WININET.DLL reçu le 2008.08.30 14:43:27 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.29.0 2008.08.29 -
    AntiVir 7.8.1.23 2008.08.29 -
    Authentium 5.1.0.4 2008.08.30 -
    Avast 4.8.1195.0 2008.08.30 -
    AVG 8.0.0.161 2008.08.29 -
    BitDefender 7.2 2008.08.30 -
    CAT-QuickHeal 9.50 2008.08.29 -
    ClamAV 0.93.1 2008.08.30 -
    DrWeb 4.44.0.09170 2008.08.30 -
    eSafe 7.0.17.0 2008.08.28 -
    eTrust-Vet 31.6.6057 2008.08.29 -
    Ewido 4.0 2008.08.30 -
    F-Prot 4.4.4.56 2008.08.29 -
    F-Secure 7.60.13501.0 2008.08.30 -
    Fortinet 3.14.0.0 2008.08.30 -
    GData 19 2008.08.30 -
    Ikarus T3.1.1.34.0 2008.08.30 -
    K7AntiVirus 7.10.432 2008.08.29 -
    Kaspersky 7.0.0.125 2008.08.30 -
    McAfee 5373 2008.08.29 -
    Microsoft 1.3807 2008.08.25 -
    NOD32v2 3401 2008.08.30 -
    Norman 5.80.02 2008.08.29 -
    Panda 9.0.0.4 2008.08.30 -
    PCTools 4.4.2.0 2008.08.30 -
    Prevx1 V2 2008.08.30 -
    Rising 20.59.51.00 2008.08.30 -
    Sophos 4.33.0 2008.08.30 -
    Sunbelt 3.1.1592.1 2008.08.30 -
    Symantec 10 2008.08.30 -
    TheHacker 6.3.0.6.068 2008.08.30 -
    TrendMicro 8.700.0.1004 2008.08.29 -
    ViRobot 2008.8.30.1357 2008.08.30 -
    VirusBuster 4.5.11.0 2008.08.29 -
    Webwasher-Gateway 6.6.2 2008.08.29 -
    Information additionnelle
    File size: 1260544 bytes
    MD5...: 32a34d222bc1264ee63c05eaf1130734
    SHA1..: d629e46d6050cc7153cf198ef4f7cddf359fe041
    SHA256: f2589078942c2b05b1af4ebb7832a1f05c1f0e9add58571f1ae7628c667c1756
    SHA512: ec561df76a23b3c8b6403a8e3e1f29fd0667018a1e7d4cf7c59cf34e5c372310<br>500663675a6f45cf409519d9ae80f2b2627c8a24c306d1f00c574345966068ea
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x44081784<br>timedatestamp.....: 0x485fcf27 (Mon Jun 23 16:28:23 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9b0b0 0x9b200 6.59 022f6594caec246095efdddfe9830740<br>.data 0x9d000 0x7768 0x4000 1.44 28ac811974eaed5ed8736f4e3b5e4d66<br>.rsrc 0xa5000 0x8edbc 0x8ee00 4.54 8221e5e57b7b3f54eb9e62b9a188dec1<br>.reloc 0x134000 0x5688 0x5800 6.72 0a5a70a6144314cdf406f20a7092cea5<br><br>( 8 imports ) <br>> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, _iob, isleadbyte, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, islower, __isascii, strtol, memmove, strrchr, atoi, realloc, free, malloc, wcstok, _vsnprintf, memcpy, memset, _vsnwprintf, wcsncmp, bsearch, _wcsnicmp, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, strtoul, time, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr<br>> ntdll.dll: RtlConvertSidToUnicodeString, RtlUnwind, RtlMoveMemory<br>> SHLWAPI.dll: SHRegGetValueW, PathAddBackslashW, -, SHRegGetValueA, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, PathCombineW, PathFindFileNameW, StrStrIA<br>> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, TraceEvent, DuplicateTokenEx, ConvertStringSidToSidA, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsA, RegQueryInfoKeyW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus<br>> KERNEL32.dll: DosDateTimeToFileTime, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileA, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, FreeLibraryAndExitThread, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetModuleHandleA, FormatMessageA, SetErrorMode, FlushViewOfFile, SystemTimeToFileTime, GetTickCount, TlsFree, TlsGetValue, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, lstrlenW, DeleteFileA, FormatMessageW, GetSystemTime, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSection, InterlockedDecrement, lstrlenA, lstrcmpiA, InterlockedIncrement, DeleteCriticalSection, ResetEvent, LocalFree, ReleaseMutex, CompareStringA, CreateMutexA, CreateEventA, MultiByteToWideChar, WideCharToMultiByte, WaitForSingleObject, OutputDebugStringA, UnmapViewOfFile, SetEndOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, LoadLibraryW, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetModuleFileNameW, GetComputerNameA, LoadResource, FindResourceExW, LocalAlloc, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, InitializeCriticalSectionAndSpinCount, WritePrivateProfileStringW, GetFileAttributesW, GetModuleHandleW, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDBCSLeadByteEx, GetProcAddress, LoadLibraryA, FreeLibrary, SetEvent, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW<br>> USER32.dll: CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, GetWindowThreadProcessId, EnumChildWindows, IsWindowVisible, GetAncestor, EnumWindows, CharNextExA, PostMessageA, IsWindow, SetWindowPos, SetDlgItemTextW, DestroyIcon, SetForegroundWindow, GetWindow, GetWindowRect, EqualRect, IntersectRect, EndDialog, SetFocus, GetDlgItem, SetWindowTextW, EnableWindow, KillTimer, FindWindowW, RegisterWindowMessageW, PostMessageW, DestroyWindow, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA<br>> Normaliz.dll: IdnToUnicode, IdnToAscii<br>> iertutil.dll: -, -, -, -<br><br>( 229 exports ) <br>CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl<br>
    packers (Kaspersky): PE_Patch

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.29.0 2008.08.29 -
    AntiVir 7.8.1.23 2008.08.29 -
    Authentium 5.1.0.4 2008.08.30 -
    Avast 4.8.1195.0 2008.08.30 -
    AVG 8.0.0.161 2008.08.29 -
    BitDefender 7.2 2008.08.30 -
    CAT-QuickHeal 9.50 2008.08.29 -
    ClamAV 0.93.1 2008.08.30 -
    DrWeb 4.44.0.09170 2008.08.30 -
    eSafe 7.0.17.0 2008.08.28 -
    eTrust-Vet 31.6.6057 2008.08.29 -
    Ewido 4.0 2008.08.30 -
    F-Prot 4.4.4.56 2008.08.29 -
    F-Secure 7.60.13501.0 2008.08.30 -
    Fortinet 3.14.0.0 2008.08.30 -
    GData 19 2008.08.30 -
    Ikarus T3.1.1.34.0 2008.08.30 -
    K7AntiVirus 7.10.432 2008.08.29 -
    Kaspersky 7.0.0.125 2008.08.30 -
    McAfee 5373 2008.08.29 -
    Microsoft 1.3807 2008.08.25 -
    NOD32v2 3401 2008.08.30 -
    Norman 5.80.02 2008.08.29 -
    Panda 9.0.0.4 2008.08.30 -
    PCTools 4.4.2.0 2008.08.30 -
    Prevx1 V2 2008.08.30 -
    Rising 20.59.51.00 2008.08.30 -
    Sophos 4.33.0 2008.08.30 -
    Sunbelt 3.1.1592.1 2008.08.30 -
    Symantec 10 2008.08.30 -
    TheHacker 6.3.0.6.068 2008.08.30 -
    TrendMicro 8.700.0.1004 2008.08.29 -
    ViRobot 2008.8.30.1357 2008.08.30 -
    VirusBuster 4.5.11.0 2008.08.29 -
    Webwasher-Gateway 6.6.2 2008.08.29 -

    Information additionnelle
    File size: 1260544 bytes
    MD5...: 32a34d222bc1264ee63c05eaf1130734
    SHA1..: d629e46d6050cc7153cf198ef4f7cddf359fe041
    SHA256: f2589078942c2b05b1af4ebb7832a1f05c1f0e9add58571f1ae7628c667c1756
    SHA512: ec561df76a23b3c8b6403a8e3e1f29fd0667018a1e7d4cf7c59cf34e5c372310<br>500663675a6f45cf409519d9ae80f2b2627c8a24c306d1f00c574345966068ea
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x44081784<br>timedatestamp.....: 0x485fcf27 (Mon Jun 23 16:28:23 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9b0b0 0x9b200 6.59 022f6594caec246095efdddfe9830740<br>.data 0x9d000 0x7768 0x4000 1.44 28ac811974eaed5ed8736f4e3b5e4d66<br>.rsrc 0xa5000 0x8edbc 0x8ee00 4.54 8221e5e57b7b3f54eb9e62b9a188dec1<br>.reloc 0x134000 0x5688 0x5800 6.72 0a5a70a6144314cdf406f20a7092cea5<br><br>( 8 imports ) <br>> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, _iob, isleadbyte, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, islower, __isascii, strtol, memmove, strrchr, atoi, realloc, free, malloc, wcstok, _vsnprintf, memcpy, memset, _vsnwprintf, wcsncmp, bsearch, _wcsnicmp, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, strtoul, time, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr<br>> ntdll.dll: RtlConvertSidToUnicodeString, RtlUnwind, RtlMoveMemory<br>> SHLWAPI.dll: SHRegGetValueW, PathAddBackslashW, -, SHRegGetValueA, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, PathCombineW, PathFindFileNameW, StrStrIA<br>> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, TraceEvent, DuplicateTokenEx, ConvertStringSidToSidA, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsA, RegQueryInfoKeyW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus<br>> KERNEL32.dll: DosDateTimeToFileTime, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileA, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, FreeLibraryAndExitThread, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetModuleHandleA, FormatMessageA, SetErrorMode, FlushViewOfFile, SystemTimeToFileTime, GetTickCount, TlsFree, TlsGetValue, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, lstrlenW, DeleteFileA, FormatMessageW, GetSystemTime, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSection, InterlockedDecrement, lstrlenA, lstrcmpiA, InterlockedIncrement, DeleteCriticalSection, ResetEvent, LocalFree, ReleaseMutex, CompareStringA, CreateMutexA, CreateEventA, MultiByteToWideChar, WideCharToMultiByte, WaitForSingleObject, OutputDebugStringA, UnmapViewOfFile, SetEndOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, LoadLibraryW, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetModuleFileNameW, GetComputerNameA, LoadResource, FindResourceExW, LocalAlloc, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, InitializeCriticalSectionAndSpinCount, WritePrivateProfileStringW, GetFileAttributesW, GetModuleHandleW, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDBCSLeadByteEx, GetProcAddress, LoadLibraryA, FreeLibrary, SetEvent, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW<br>> USER32.dll: CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, GetWindowThreadProcessId, EnumChildWindows, IsWindowVisible, GetAncestor, EnumWindows, CharNextExA, PostMessageA, IsWindow, SetWindowPos, SetDlgItemTextW, DestroyIcon, SetForegroundWindow, GetWindow, GetWindowRect, EqualRect, IntersectRect, EndDialog, SetFocus, GetDlgItem, SetWindowTextW, EnableWindow, KillTimer, FindWindowW, RegisterWindowMessageW, PostMessageW, DestroyWindow, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA<br>> Normaliz.dll: IdnToUnicode, IdnToAscii<br>> iertutil.dll: -, -, -, -<br><br>( 229 exports ) <br>CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl<br>
    packers (Kaspersky): PE_Patch
    30 Août 2008 14:52:56

    et le second que tu m'a demander:


    Fichier wuauclt.exe reçu le 2008.08.30 14:50:02 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.29.0 2008.08.29 -
    AntiVir 7.8.1.23 2008.08.29 -
    Authentium 5.1.0.4 2008.08.30 -
    Avast 4.8.1195.0 2008.08.30 -
    AVG 8.0.0.161 2008.08.29 -
    BitDefender 7.2 2008.08.30 -
    CAT-QuickHeal 9.50 2008.08.29 -
    ClamAV 0.93.1 2008.08.30 -
    DrWeb 4.44.0.09170 2008.08.30 -
    eSafe 7.0.17.0 2008.08.28 -
    eTrust-Vet 31.6.6057 2008.08.29 -
    Ewido 4.0 2008.08.30 -
    F-Prot 4.4.4.56 2008.08.29 -
    F-Secure 7.60.13501.0 2008.08.30 Suspicious:W32/SCKeyLog!Gemini
    Fortinet 3.14.0.0 2008.08.30 -
    GData 19 2008.08.30 -
    Ikarus T3.1.1.34.0 2008.08.30 -
    K7AntiVirus 7.10.432 2008.08.29 -
    Kaspersky 7.0.0.125 2008.08.30 -
    McAfee 5373 2008.08.29 -
    Microsoft 1.3807 2008.08.25 -
    NOD32v2 3401 2008.08.30 -
    Norman 5.80.02 2008.08.29 -
    Panda 9.0.0.4 2008.08.30 -
    PCTools 4.4.2.0 2008.08.30 -
    Prevx1 V2 2008.08.30 -
    Rising 20.59.51.00 2008.08.30 -
    Sophos 4.33.0 2008.08.30 -
    Sunbelt 3.1.1592.1 2008.08.30 -
    Symantec 10 2008.08.30 -
    TheHacker 6.3.0.6.068 2008.08.30 -
    TrendMicro 8.700.0.1004 2008.08.29 -
    VBA32 3.12.8.4 2008.08.30 -
    ViRobot 2008.8.30.1357 2008.08.30 -
    VirusBuster 4.5.11.0 2008.08.29 -
    Webwasher-Gateway 6.6.2 2008.08.29 -
    Information additionnelle
    File size: 215752 bytes
    MD5...: 87aeac8da221f8748e10c45db3de26f7
    SHA1..: 52b610b25a83bfdd923167df0f979d5010263cc8
    SHA256: f19bf14d17411dea00b0c3e448b2fabed4adb6b9d21c9f1210daa3ac66d918f2
    SHA512: ed061acf02fd1d253bb9012643fa5801040ab4205a11ab5b47f0c5c7ab00344d<br>82a91710ca5558f334f339a38a23ab48b498accc481e00a91ce072a8d11c1cc3
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4042dd<br>timedatestamp.....: 0x48816313 (Sat Jul 19 03:44:19 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8c84 0x8e00 6.00 9079e1cf62cf93298b09b9c3840b6239<br>.data 0xa000 0xd54 0x400 5.81 aea75c550ab527cbfba56bc33d16ea93<br>.rsrc 0xb000 0x281c6 0x28200 5.25 1a99c0ee149aeed58901a81b5fa4ed31<br>.reloc 0x34000 0xc8a 0xe00 3.10 56fa4b399c6d09575836259c52cf6c40<br><br>( 6 imports ) <br>> KERNEL32.dll: CreateFileW, CreateDirectoryW, GetFileAttributesW, ExpandEnvironmentStringsW, lstrlenW, CreateProcessW, VerSetConditionMask, VerifyVersionInfoW, LoadLibraryW, OutputDebugStringW, WriteFile, FlushFileBuffers, GetModuleFileNameW, InterlockedIncrement, InterlockedDecrement, GetSystemTime, GetLastError, SetLastError, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, ReleaseMutex, WaitForSingleObject, CreateMutexW, CloseHandle, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, RtlUnwind, GetStartupInfoW, GetTimeZoneInformation, SystemTimeToTzSpecificLocalTime, GetSystemDirectoryW, LoadLibraryExW, GetDriveTypeW, GetVolumePathNameW, GetFileType, GetSystemInfo, GetModuleHandleW, CompareStringW, GetProcessHeap, HeapFree, HeapAlloc, GetCommandLineW, FreeLibrary, OpenEventW, GetProcAddress, WideCharToMultiByte, InterlockedExchange, Sleep, InterlockedCompareExchange<br>> msvcrt.dll: __dllonexit, _unlock, _controlfp, _terminate@@YAXXZ, free, malloc, memmove, memcpy, memset, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _lock, _cexit, __wgetmainargs, _vsnwprintf, _onexit, _exit<br>> ole32.dll: CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, CoInitializeEx<br>> ADVAPI32.dll: AllocateAndInitializeSid, FreeSid, GetTokenInformation, DuplicateTokenEx, CheckTokenMembership, IsValidSid, CopySid, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetUserNameW, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExW, RegCloseKey<br>> OLEAUT32.dll: -, -<br>> SHLWAPI.dll: StrRChrW, -, PathStripToRootW, PathIsRelativeW, StrChrW, PathIsRootW, PathIsUNCW<br><br>( 0 exports ) <br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.29.0 2008.08.29 -
    AntiVir 7.8.1.23 2008.08.29 -
    Authentium 5.1.0.4 2008.08.30 -
    Avast 4.8.1195.0 2008.08.30 -
    AVG 8.0.0.161 2008.08.29 -
    BitDefender 7.2 2008.08.30 -
    CAT-QuickHeal 9.50 2008.08.29 -
    ClamAV 0.93.1 2008.08.30 -
    DrWeb 4.44.0.09170 2008.08.30 -
    eSafe 7.0.17.0 2008.08.28 -
    eTrust-Vet 31.6.6057 2008.08.29 -
    Ewido 4.0 2008.08.30 -
    F-Prot 4.4.4.56 2008.08.29 -
    F-Secure 7.60.13501.0 2008.08.30 Suspicious:W32/SCKeyLog!Gemini
    Fortinet 3.14.0.0 2008.08.30 -
    GData 19 2008.08.30 -
    Ikarus T3.1.1.34.0 2008.08.30 -
    K7AntiVirus 7.10.432 2008.08.29 -
    Kaspersky 7.0.0.125 2008.08.30 -
    McAfee 5373 2008.08.29 -
    Microsoft 1.3807 2008.08.25 -
    NOD32v2 3401 2008.08.30 -
    Norman 5.80.02 2008.08.29 -
    Panda 9.0.0.4 2008.08.30 -
    PCTools 4.4.2.0 2008.08.30 -
    Prevx1 V2 2008.08.30 -
    Rising 20.59.51.00 2008.08.30 -
    Sophos 4.33.0 2008.08.30 -
    Sunbelt 3.1.1592.1 2008.08.30 -
    Symantec 10 2008.08.30 -
    TheHacker 6.3.0.6.068 2008.08.30 -
    TrendMicro 8.700.0.1004 2008.08.29 -
    VBA32 3.12.8.4 2008.08.30 -
    ViRobot 2008.8.30.1357 2008.08.30 -
    VirusBuster 4.5.11.0 2008.08.29 -
    Webwasher-Gateway 6.6.2 2008.08.29 -

    Information additionnelle
    File size: 215752 bytes
    MD5...: 87aeac8da221f8748e10c45db3de26f7
    SHA1..: 52b610b25a83bfdd923167df0f979d5010263cc8
    SHA256: f19bf14d17411dea00b0c3e448b2fabed4adb6b9d21c9f1210daa3ac66d918f2
    SHA512: ed061acf02fd1d253bb9012643fa5801040ab4205a11ab5b47f0c5c7ab00344d<br>82a91710ca5558f334f339a38a23ab48b498accc481e00a91ce072a8d11c1cc3
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4042dd<br>timedatestamp.....: 0x48816313 (Sat Jul 19 03:44:19 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8c84 0x8e00 6.00 9079e1cf62cf93298b09b9c3840b6239<br>.data 0xa000 0xd54 0x400 5.81 aea75c550ab527cbfba56bc33d16ea93<br>.rsrc 0xb000 0x281c6 0x28200 5.25 1a99c0ee149aeed58901a81b5fa4ed31<br>.reloc 0x34000 0xc8a 0xe00 3.10 56fa4b399c6d09575836259c52cf6c40<br><br>( 6 imports ) <br>> KERNEL32.dll: CreateFileW, CreateDirectoryW, GetFileAttributesW, ExpandEnvironmentStringsW, lstrlenW, CreateProcessW, VerSetConditionMask, VerifyVersionInfoW, LoadLibraryW, OutputDebugStringW, WriteFile, FlushFileBuffers, GetModuleFileNameW, InterlockedIncrement, InterlockedDecrement, GetSystemTime, GetLastError, SetLastError, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, ReleaseMutex, WaitForSingleObject, CreateMutexW, CloseHandle, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, RtlUnwind, GetStartupInfoW, GetTimeZoneInformation, SystemTimeToTzSpecificLocalTime, GetSystemDirectoryW, LoadLibraryExW, GetDriveTypeW, GetVolumePathNameW, GetFileType, GetSystemInfo, GetModuleHandleW, CompareStringW, GetProcessHeap, HeapFree, HeapAlloc, GetCommandLineW, FreeLibrary, OpenEventW, GetProcAddress, WideCharToMultiByte, InterlockedExchange, Sleep, InterlockedCompareExchange<br>> msvcrt.dll: __dllonexit, _unlock, _controlfp, _terminate@@YAXXZ, free, malloc, memmove, memcpy, memset, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _lock, _cexit, __wgetmainargs, _vsnwprintf, _onexit, _exit<br>> ole32.dll: CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, CoInitializeEx<br>> ADVAPI32.dll: AllocateAndInitializeSid, FreeSid, GetTokenInformation, DuplicateTokenEx, CheckTokenMembership, IsValidSid, CopySid, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetUserNameW, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExW, RegCloseKey<br>> OLEAUT32.dll: -, -<br>> SHLWAPI.dll: StrRChrW, -, PathStripToRootW, PathIsRelativeW, StrChrW, PathIsRootW, PathIsUNCW<br><br>( 0 exports ) <br>
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS