Tom's Guide > Forum > Sécurité - Virus > Ordi long a demarrer ou ne demarre pas

Ordi long a demarrer ou ne demarre pas

Forum Sécurité - Virus : Ordi long a demarrer ou ne demarre pas

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
totone31   16-04-2008 à 10:58:47

Bonjour à tous!!!

Alors moi je sollicite votre aide ces derniers temps, mon pc a du mal à démarrer: Soit il est très long a démarrer, soit il ne démarre pas et je dois de ce fait le redémarrer plusieurs fois afin d'arriver a mon bureau et pouvoir (enfin) l'utiliser

Je craint que tout cela soit du a un virus ou autre chose donc je vous demande si vous pourriez m'aider a résoudre ce problème

Merci d'avance à tous.

------------------------------ Astra esterni ono thelduin. Mor'ranr lifa unin hjarta onr. Un du evarinya ono varna.
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
totone31   16-04-2008 à 11:50:15
- 0 +

Svp quelqu'un pourrait m'aider?

------------------------------ Astra esterni ono thelduin. Mor'ranr lifa unin hjarta onr. Un du evarinya ono varna.
 Répondre à totone31
Egwene   16-04-2008 à 11:59:58
- 0 +

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene
totone31   16-04-2008 à 12:22:19
- 0 +

Merci pour ta réponse

TIen la rapport HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:16, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/active [...] 0-3-48.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autob [...] nstall.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8613 bytes

------------------------------ Astra esterni ono thelduin. Mor'ranr lifa unin hjarta onr. Un du evarinya ono varna.
 Répondre à totone31
Egwene   16-04-2008 à 12:33:15
- 0 +

Re,

Rien à signaler sur le log hijackthis.

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue

Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :

main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :

main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.




Ce que fait DSS :

  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.


;)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene
totone31   16-04-2008 à 12:43:21
- 0 +

alors voila

rapport de Main.txt

Deckard's System Scanner v20071014.68
Run by Anthony on 2008-04-16 12:39:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
139: 2008-04-16 10:39:38 UTC - RP207 - Deckard's System Scanner Restore Point
138: 2008-04-15 22:00:22 UTC - RP206 - Supprimé Ultimate Spider-Man (TM)
137: 2008-04-15 20:27:17 UTC - RP205 - Shockwave Player
136: 2008-04-15 20:26:38 UTC - RP204 - Shockwave Player
135: 2008-04-15 20:24:34 UTC - RP203 - Installed OpenOffice.org 2.4


-- First Restore Point --
1: 2008-01-17 16:51:52 UTC - RP69 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Anthony.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:15, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Downloads\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anthony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/active [...] 0-3-48.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autob [...] nstall.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8461 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R3 ovt519 (Eye Toy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>

S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 giveio - c:\windows\system32\giveio.sys
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Souris Microsoft PS/2
Device ID: ACPI\PNP0F03\4&2B0A5BEB&0
Manufacturer: Microsoft
Name: Souris Microsoft PS/2
PNP Device ID: ACPI\PNP0F03\4&2B0A5BEB&0
Service: i8042prt

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_1110&PID_6489\5&28C564E5&0&4
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_1110&PID_6489\5&28C564E5&0&4
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contrôleur multimédia
Device ID: PCI\VEN_1131&DEV_7133&SUBSYS_48451043&REV_F0\4&D9F7D03&0&0830
Manufacturer:
Name: Contrôleur multimédia
PNP Device ID: PCI\VEN_1131&DEV_7133&SUBSYS_48451043&REV_F0\4&D9F7D03&0&0830
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-15 22:34:35 412 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-16 and 2008-04-16 -----------------------------

2008-04-16 11:08:58 0 d--hs---- C:\Documents and Settings\Anthony\Recent
2008-04-16 00:16:38 0 d-------- C:\Program Files\Free Hide Folder
2008-04-15 22:33:28 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-04-15 22:26:56 0 d-------- C:\Program Files\Norton Security Scan
2008-04-15 22:24:38 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-15 20:54:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-15 20:53:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-15 20:44:33 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-15 18:02:23 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-04-15 18:01:38 0 d-------- C:\Program Files\Rippackv3
2008-04-15 17:58:31 0 d-------- C:\Program Files\WinASPI
2008-04-15 17:57:29 0 d-------- C:\Documents and Settings\Anthony\NeoDivX Suite
2008-04-15 17:41:30 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-15 13:55:44 0 d-------- C:\Downloads
2008-04-15 12:15:42 0 d-------- C:\Documents and Settings\Anthony\Application Data\Free Download Manager
2008-04-15 12:15:37 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-04-15 12:15:36 0 d-------- C:\Program Files\Free Download Manager
2008-04-14 00:54:15 0 d-------- C:\Program Files\Morgan
2008-04-14 00:54:07 209636 --a------ C:\WINDOWS\IPUI_DivXG400.exe <Not Verified; ; wingpack Application>
2008-04-14 00:31:37 0 d-------- C:\Documents and Settings\Anthony\Application Data\dvdcss
2008-04-14 00:30:42 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-11 20:12:48 0 d--hs---- C:\Documents and Settings\Valérie\Recent
2008-03-30 17:46:01 0 d-------- C:\Program Files\BDGest Evolution
2008-03-30 16:56:13 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-30 16:55:35 0 d-------- C:\Program Files\BatchDPG
2008-03-22 11:43:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-20 20:25:21 0 d-------- C:\Documents and Settings\Océane\Application Data\OpenOffice.org2
2008-03-20 16:37:50 0 d-------- C:\Documents and Settings\Valérie\Application Data\ABBYY
2008-03-20 16:37:23 0 d--h----- C:\C_DILLA
2008-03-20 16:37:22 8864 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS


-- Find3M Report ---------------------------------------------------------------

2008-04-16 12:29:26 0 d-------- C:\Program Files\eMule
2008-04-16 11:07:29 0 d-------- C:\Documents and Settings\Anthony\Application Data\uTorrent
2008-04-15 22:33:28 0 d-------- C:\Program Files\Fichiers communs
2008-04-15 22:29:39 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-15 22:24:05 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-04-15 20:54:54 0 d-------- C:\Program Files\Google
2008-04-15 20:53:53 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-15 20:44:35 0 d-------- C:\Program Files\Movie Maker
2008-04-15 18:02:23 0 d-------- C:\Program Files\DivX
2008-04-15 17:59:32 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-15 15:35:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-15 11:50:39 0 d-------- C:\Program Files\TrackMania Nations ESWC
2008-04-03 22:32:05 0 d-------- C:\Program Files\TuxPaint
2008-03-30 11:13:12 0 d-------- C:\Documents and Settings\Anthony\Application Data\OpenOffice.org2
2008-03-30 10:44:59 473864 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-03-30 10:44:59 77468 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-03-29 16:39:54 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-15 17:00:41 0 d-------- C:\Program Files\MP3Gain
2008-03-05 13:48:04 0 d-------- C:\Program Files\World of Warcraft
2008-03-03 19:23:58 0 d-------- C:\Program Files\eBay
2008-03-02 13:58:01 0 d-------- C:\Program Files\Trend Micro
2008-03-01 16:42:46 0 d-------- C:\Program Files\ABBYY PDF Transformer 2.0
2008-02-27 21:23:15 0 d-------- C:\Program Files\Windows Live
2008-02-23 20:06:02 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-02-23 20:02:51 0 d-------- C:\Program Files\EPSON
2008-02-23 20:02:03 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-23 19:58:55 0 d-------- C:\Documents and Settings\Anthony\Application Data\InstallShield
2008-02-21 17:29:30 0 d-------- C:\Program Files\SSC Service Utility
2008-02-21 17:19:44 5248 --a------ C:\WINDOWS\system32\giveio.sys
2008-02-21 16:31:40 0 d-------- C:\Documents and Settings\Anthony\Application Data\Help
2008-02-20 22:27:57 0 d-------- C:\Documents and Settings\Anthony\Application Data\Media Player Classic
2008-02-20 21:04:41 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-02-20 20:57:41 0 d-------- C:\Program Files\Real Alternative
2008-02-20 20:57:37 0 d-------- C:\Documents and Settings\Anthony\Application Data\Real
2008-02-20 13:31:18 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9.2>
2008-02-20 13:31:18 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-02-18 15:52:57 0 d-------- C:\Program Files\Bethesda Softworks
2008-02-17 23:46:32 0 d-------- C:\Program Files\PhotoFiltre
2008-02-01 12:17:40 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 02:41]
"RTHDCPL"="RTHDCPL.EXE" [27/09/2007 15:20 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 19:43 C:\WINDOWS\Alcmtr.exe]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 02:41]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [24/12/2007 14:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 23:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/03/2006 14:00]

C:\Documents and Settings\Anthony\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [01/06/2005 21:41:18]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [21/05/2006 09:43:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Anthony^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Anthony\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogProtect]
"C:\Documents and Settings\Valérie\Mes documents\LogProtect\LogProtect.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
C:\WINDOWS\system32\sw20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
C:\WINDOWS\system32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transcode360]
C:\Program Files\Transcode360\Transcode360Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"c:\program files\divx\divx pro codec\gain_trickler_3202.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
C:\WINDOWS\system32\winsys2.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8142 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-16 12:40:55 ------------


rapport de extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.36 MiB / 659.27 MiB
Pagefile Memory (total/avail): 2461.21 MiB / 2142.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.87 MiB

C: is Fixed (NTFS) - 186.3 GiB total, 71.97 GiB free.
D: is CDROM (UDF)
E: is CDROM (Unformatted)
F: is CDROM (No Media)
G: is Fixed (FAT32) - 372.52 GiB total, 330.86 GiB free.
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200822AS - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 186.3 GiB - C:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE1 - SAMSUNG HD402LJ USB Device - 372.61 GiB - 1 partition
\PARTITION0 - Unknown - 372.61 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.) [COLOR=RED]Disabled[/COLOR]
AV: Avira AntiVir PersonalEdition v 7.0.3.158
(Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Disabled:Kaspersky AV Scanner"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Documents and Settings\\Anthony\\Bureau\\utorrent.exe"="C:\\Documents and Settings\\Anthony\\Bureau\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Anthony\Application Data
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=VALERIE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Anthony
LOGONSERVER=\\VALERIE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Anthony\LOCALS~1\Temp
TMP=C:\DOCUME~1\Anthony\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=VALERIE
USERNAME=Anthony
USERPROFILE=C:\Documents and Settings\Anthony
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Valérie [I](admin)[/I]
Anthony [I](admin)[/I]
Océane [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ABBYY FineReader 6.0 --> MsiExec.exe /I{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ABBYY PDF Transformer 2.0 --> MsiExec.exe /I{FA200000-0001-0000-0000-074957833700}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x40c -uninst
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compel Adaptec WinASPI --> "C:\Program Files\WinASPI\unins000.exe"
Cryptext (Remove Only) --> rundll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\ShellExt\Cryptext.inf
D-Link VGA Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
DivX 5.0.2 Pro Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivXG400 --> "C:\WINDOWS\IPUI_DivXG400.exe" /U /D
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EPSON Attach To Email --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel --> C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IsoBuster 2.3 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JkDefrag 3.26 Fr --> "C:\Program Files\JkDefrag\unins000.exe"
K-Lite Codec Pack 2.81 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
Les Sims 2 --> C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims 2 : Nuits de Folie --> C:\Program Files\EA GAMES\Les Sims 2 Nuits de Folie\EAUninstall.exe
Les Sims 2 Académie --> C:\Program Files\EA GAMES\Les Sims 2 Académie\EAUninstall.exe
Les Sims 2 : La bonne affaire --> C:\Program Files\EA GAMES\Les Sims 2 La bonne affaire\EAUninstall.exe
Les Sims™ 2 Animaux & Cie --> C:\Program Files\EA GAMES\Les Sims 2 Animaux & Cie\EAUninstall.exe
Les Sims™ 2 Au fil des saisons --> C:\Program Files\EA GAMES\Les Sims 2 Au fil des saisons\EAUninstall.exe
Les Sims™ 2 Bon Voyage --> C:\Program Files\EA GAMES\Les Sims 2 Bon Voyage\EAUninstall.exe
LogProtect version 1.1.3 --> "C:\Documents and Settings\Valérie\Mes documents\LogProtect\unins000.exe"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911164) -->
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe
Norton Security Scan --> MsiExec.exe /I{1A8A214F-6BAC-4E01-A27D-25C19A484908}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x40c -removeonly
OpenOffice.org 2.4 --> MsiExec.exe /I{2BB8FBB4-CFF9-434E-AA0A-40F5379C1602}
Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
Real Alternative 1.60 Lite --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
ScanToWeb --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TH Calculator --> C:\Program Files\TH Calculator\Uninstal.exe
TrackMania Nations ESWC 1.7.9 --> "C:\Program Files\TrackMania Nations ESWC\unins000.exe"
Tux Paint 0.9.19 --> "C:\Program Files\TuxPaint\unins000.exe"
Ultimate Spider-Man (TM) --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CC35B08B-4EC1-4759-B159-0EC4E69C3E7C}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista --> "C:\WINDOWS\uninstall Vista.exe"
Waver Version 2.95 --> "C:\Program Files\Flop\Waver\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
World of Warcraft --> C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5027 / Success
Event Submitted/Written: 04/16/2008 10:29:42 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5003 / Error
Event Submitted/Written: 04/15/2008 05:58:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante neodivxsuite.exe, version 0.0.0.0, module défaillant ghctmvds.ols, version 4.0.0.0, adresse de défaillance 0x00193149.
Traitement de l'événement propre au support pour [neodivxsuite.exe!ws!]

Event Record #/Type4946 / Success
Event Submitted/Written: 04/15/2008 10:07:11 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4918 / Success
Event Submitted/Written: 04/14/2008 10:02:43 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4870 / Success
Event Submitted/Written: 04/13/2008 09:33:58 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10983 / Warning
Event Submitted/Written: 04/16/2008 11:37:02 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Votre ordinateur a automatiquement configuré l'adresse IP pour la
carte avec l'adresse réseau 0016178F0DF8. L'adresse IP utilisée est 169.254.231.235.

Event Record #/Type10982 / Warning
Event Submitted/Written: 04/16/2008 11:36:57 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0016178F0DF8. Il s'est
produit l'erreur suivante :
%%121.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type10981 / Warning
Event Submitted/Written: 04/16/2008 11:36:29 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0016178F0DF8. Il s'est
produit l'erreur suivante :
%%1223.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type10913 / Error
Event Submitted/Written: 04/16/2008 11:09:16 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type10912 / Error
Event Submitted/Written: 04/16/2008 11:04:31 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
AFD
AmdK8
avgio
avipbb
Fips
IPSec
KLIF
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
ssmdrv
Tcpip
Tcpip6
vsdatant



-- End of Deckard's System Scanner: finished at 2008-04-16 12:40:55 ------------

------------------------------ Astra esterni ono thelduin. Mor'ranr lifa unin hjarta onr. Un du evarinya ono varna.
 Répondre à totone31
Egwene   16-04-2008 à 14:07:00
- 0 +

Re,

J'ai trouvé quelque chose :) Mais je vais vérifier quelques trucs avant :)

1) Télécharge SystemScan de la team SuspectFile

  • double-clique dessus (Ignore les alertes de ton antivirus s'il y en a.)
  • Clique sur Unselect all
  • Coche uniquement cette case

-Recent Files, days old 60 days

  • Puis clique sur scan now, soit patient.
  • Une fois qu'il aura terminé, un rapport va s'ouvrir. Poste-le en entier.


2) Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

;)


Message édité par Egwene le 16-04-2008 à 14:08:20
------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene
totone31   16-04-2008 à 14:25:08
- 0 +

re
rapport systemscan

SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Downloads\Software\sys92171.exe
Running in: User mode
Date: 16/04/2008
Time: 14:15:42

Output limited to:
-Recent files

===================== RECENT FILES =====================

Showing files newer than 60 days

----- recent files in C:\
18/02/2008 20:52:20 (DIR) 0 byte 58 days old -- EPSON
20/02/2008 21:04:32 6476 byte 56 days old -- MP4debug.log
24/02/2008 03:11:36 244 byte 52 days old -- sqmnoopt10.sqm
24/02/2008 03:11:36 268 byte 52 days old -- sqmdata10.sqm
02/03/2008 18:11:14 (DIR) 0 byte 45 days old -- .mtvconvertertmp
02/03/2008 19:04:59 244 byte 45 days old -- sqmnoopt11.sqm
02/03/2008 19:04:59 268 byte 45 days old -- sqmdata11.sqm
02/03/2008 19:05:00 172 byte 45 days old -- sqmnoopt12.sqm
02/03/2008 19:05:00 172 byte 45 days old -- sqmdata12.sqm
03/03/2008 19:24:20 418 byte 44 days old -- InstallHelper.log
20/03/2008 16:37:23 (DIR) 0 byte 27 days old -- C_DILLA
04/04/2008 11:59:51 268 byte 12 days old -- sqmdata13.sqm
04/04/2008 11:59:51 244 byte 12 days old -- sqmnoopt13.sqm
04/04/2008 12:00:07 172 byte 12 days old -- sqmnoopt14.sqm
04/04/2008 12:00:07 172 byte 12 days old -- sqmdata14.sqm
04/04/2008 12:00:09 172 byte 12 days old -- sqmnoopt15.sqm
04/04/2008 12:00:09 172 byte 12 days old -- sqmdata15.sqm
04/04/2008 12:00:11 172 byte 12 days old -- sqmdata16.sqm
04/04/2008 12:00:11 172 byte 12 days old -- sqmnoopt16.sqm
04/04/2008 12:00:12 172 byte 12 days old -- sqmdata17.sqm
04/04/2008 12:00:12 172 byte 12 days old -- sqmnoopt17.sqm
04/04/2008 12:00:14 172 byte 12 days old -- sqmnoopt18.sqm
04/04/2008 12:00:14 172 byte 12 days old -- sqmdata18.sqm
04/04/2008 12:00:16 172 byte 12 days old -- sqmdata19.sqm
04/04/2008 12:00:16 172 byte 12 days old -- sqmnoopt19.sqm
04/04/2008 12:00:22 172 byte 12 days old -- sqmnoopt00.sqm
04/04/2008 12:00:22 172 byte 12 days old -- sqmdata00.sqm
04/04/2008 12:00:23 172 byte 12 days old -- sqmnoopt02.sqm
04/04/2008 12:00:23 172 byte 12 days old -- sqmnoopt01.sqm
04/04/2008 12:00:23 172 byte 12 days old -- sqmdata02.sqm
04/04/2008 12:00:23 172 byte 12 days old -- sqmdata01.sqm
04/04/2008 12:00:26 172 byte 12 days old -- sqmdata03.sqm
04/04/2008 12:00:26 172 byte 12 days old -- sqmnoopt03.sqm
04/04/2008 12:00:27 172 byte 12 days old -- sqmdata04.sqm
04/04/2008 12:00:27 172 byte 12 days old -- sqmnoopt04.sqm
14/04/2008 00:08:41 244 byte 2 days old -- sqmnoopt05.sqm
14/04/2008 00:08:42 232 byte 2 days old -- sqmdata05.sqm
15/04/2008 15:35:24 26 byte 1 days old -- usm.txt
16/04/2008 00:17:17 (DIR) 0 byte 0 days old -- Downloads
16/04/2008 02:12:09 (DIR) 0 byte 0 days old -- Program Files
16/04/2008 02:17:10 (DIR) 0 byte 0 days old -- Config.Msi
16/04/2008 11:03:46 239 byte 0 days old -- boot.ini
16/04/2008 11:42:19 (DIR)1610612736 byte 0 days old -- pagefile.sys
16/04/2008 12:38:51 (DIR) 0 byte 0 days old -- Deckard
16/04/2008 12:39:38 (DIR) 0 byte 0 days old -- WINDOWS

----- recent files in C:\WINDOWS\
21/02/2008 11:01:21 (DIR) 0 byte 55 days old -- Registration
23/02/2008 19:55:46 25 byte 53 days old -- CDE DX8400DEFGIPS.ini
23/02/2008 19:55:57 (DIR) 0 byte 53 days old -- twain_32
02/03/2008 14:03:02 (DIR) 0 byte 45 days old -- eHome
03/03/2008 19:23:10 (DIR) 0 byte 44 days old -- Downloaded Installations
13/03/2008 23:11:10 75248 byte 34 days old -- zllsputility.exe
09/04/2008 09:07:58 (DIR) 0 byte 7 days old -- ie7updates
09/04/2008 09:08:19 (DIR) 0 byte 7 days old -- $hf_mig$
11/04/2008 20:12:48 (DIR) 0 byte 5 days old -- Debug
14/04/2008 15:43:58 23 byte 2 days old -- BlendSettings.ini
15/04/2008 15:35:09 259 byte 1 days old -- game.ini
15/04/2008 17:58:31 (DIR) 0 byte 1 days old -- system
15/04/2008 18:02:35 209636 byte 1 days old -- IPUI_DivXG400.exe
15/04/2008 20:44:33 (DIR) 0 byte 1 days old -- RegisteredPackages
15/04/2008 22:24:43 (DIR) 0 byte 1 days old -- Fonts
15/04/2008 22:25:51 (DIR) 0 byte 1 days old -- assembly
15/04/2008 22:34:32 (DIR) 0 byte 1 days old -- Tasks
15/04/2008 22:34:38 (DIR) 0 byte 1 days old -- Installer
15/04/2008 23:08:59 (DIR) 0 byte 1 days old -- inf
16/04/2008 11:03:46 227 byte 0 days old -- system.ini
16/04/2008 11:03:46 746 byte 0 days old -- win.ini
16/04/2008 11:03:46 (DIR) 0 byte 0 days old -- pss
16/04/2008 11:07:09 (DIR) 0 byte 0 days old -- system32
16/04/2008 11:09:19 (DIR) 0 byte 0 days old -- security
16/04/2008 11:10:32 0 byte 0 days old -- Sti_Trace.log
16/04/2008 11:38:46 1130 byte 0 days old -- SchedLgU.Txt
16/04/2008 11:42:23 2048 byte 0 days old -- bootstat.dat
16/04/2008 11:42:31 0 byte 0 days old -- 0.log
16/04/2008 11:42:42 50 byte 0 days old -- wiaservc.log
16/04/2008 11:42:42 26213 byte 0 days old -- WindowsUpdate.log
16/04/2008 11:42:42 159 byte 0 days old -- wiadebug.log
16/04/2008 11:44:38 20361 byte 0 days old -- setupapi.log
16/04/2008 12:39:38 (DIR) 0 byte 0 days old -- ERDNT
16/04/2008 12:40:09 (DIR) 0 byte 0 days old -- Downloaded Program Files
16/04/2008 13:43:06 (DIR) 0 byte 0 days old -- Temp
16/04/2008 14:07:24 (DIR) 0 byte 0 days old -- Internet Logs
16/04/2008 14:15:20 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
19/02/2008 13:46:39 (DIR) 0 byte 57 days old -- ReinstallBackups
20/02/2008 07:35:05 45568 byte 56 days old -- dnsrslvr.dll
20/02/2008 07:35:05 148992 byte 56 days old -- dnsapi.dll
20/02/2008 08:51:00 282624 byte 56 days old -- gdi32.dll
20/02/2008 13:31:18 49152 byte 56 days old -- inetwh32.dll
20/02/2008 13:31:18 1044480 byte 56 days old -- roboex32.dll
20/02/2008 21:24:31 (DIR) 0 byte 56 days old -- URTTEMP
21/02/2008 17:19:44 5248 byte 55 days old -- giveio.sys
22/02/2008 12:00:51 13824 byte 54 days old -- ieudinit.exe
27/02/2008 21:23:22 (DIR) 0 byte 49 days old -- DirectX
29/02/2008 10:56:41 70656 byte 47 days old -- ie4uinit.exe
01/03/2008 14:58:06 153088 byte 46 days old -- ieakeng.dll
01/03/2008 14:58:06 230400 byte 46 days old -- ieaksie.dll
01/03/2008 14:58:06 124928 byte 46 days old -- advpack.dll
01/03/2008 14:58:06 63488 byte 46 days old -- icardie.dll
01/03/2008 14:58:06 133120 byte 46 days old -- extmgr.dll
01/03/2008 14:58:06 347136 byte 46 days old -- dxtmsft.dll
01/03/2008 14:58:06 214528 byte 46 days old -- dxtrans.dll
01/03/2008 14:58:07 384512 byte 46 days old -- iedkcs32.dll
01/03/2008 14:58:07 383488 byte 46 days old -- ieapfltr.dll
01/03/2008 14:58:08 44544 byte 46 days old -- iernonce.dll
01/03/2008 14:58:08 27648 byte 46 days old -- jsproxy.dll
01/03/2008 14:58:08 1831424 byte 46 days old -- inetcpl.cpl
01/03/2008 14:58:08 459264 byte 46 days old -- msfeeds.dll
01/03/2008 14:58:08 52224 byte 46 days old -- msfeedsbs.dll
01/03/2008 14:58:08 267776 byte 46 days old -- iertutil.dll
01/03/2008 14:58:08 6066176 byte 46 days old -- ieframe.dll
01/03/2008 14:58:09 478208 byte 46 days old -- mshtmled.dll
01/03/2008 14:58:10 102912 byte 46 days old -- occache.dll
01/03/2008 14:58:10 671232 byte 46 days old -- mstime.dll
01/03/2008 14:58:10 193024 byte 46 days old -- msrating.dll
01/03/2008 14:58:10 105984 byte 46 days old -- url.dll
01/03/2008 14:58:10 1159680 byte 46 days old -- urlmon.dll
01/03/2008 14:58:10 44544 byte 46 days old -- pngfilt.dll
01/03/2008 14:58:11 826368 byte 46 days old -- wininet.dll
01/03/2008 14:58:11 233472 byte 46 days old -- webcheck.dll
01/03/2008 18:28:10 3591680 byte 46 days old -- mshtml.dll
13/03/2008 23:10:52 103912 byte 34 days old -- vsmonapi.dll
13/03/2008 23:10:52 161256 byte 34 days old -- vsinit.dll
13/03/2008 23:10:52 83432 byte 34 days old -- vsdata.dll
13/03/2008 23:10:54 275944 byte 34 days old -- vspubapi.dll
13/03/2008 23:10:54 71144 byte 34 days old -- vsregexp.dll
13/03/2008 23:10:54 472552 byte 34 days old -- vsutil.dll
13/03/2008 23:10:56 83432 byte 34 days old -- zlcomm.dll
13/03/2008 23:10:56 99816 byte 34 days old -- vsxml.dll
13/03/2008 23:10:56 46568 byte 34 days old -- vswmi.dll
13/03/2008 23:10:56 71144 byte 34 days old -- zlcommdb.dll
13/03/2008 23:11:02 1086952 byte 34 days old -- zpeng24.dll
13/03/2008 23:11:18 394952 byte 34 days old -- vsdatant.sys
15/03/2008 19:35:46 (DIR) 0 byte 32 days old -- Kaspersky Lab
20/03/2008 10:09:22 1845376 byte 27 days old -- win32k.sys
22/03/2008 11:43:29 664 byte 25 days old -- d3d9caps.dat
30/03/2008 10:44:59 405888 byte 17 days old -- perfh009.dat
30/03/2008 10:44:59 473864 byte 17 days old -- perfh00C.dat
30/03/2008 10:44:59 63470 byte 17 days old -- perfc009.dat
30/03/2008 10:44:59 77468 byte 17 days old -- perfc00C.dat
30/03/2008 10:44:59 1033152 byte 17 days old -- PerfStringBackup.INI
06/04/2008 07:56:20 19836024 byte 10 days old -- MRT.exe
14/04/2008 09:57:44 2422 byte 2 days old -- wpa.dbl
14/04/2008 19:32:17 (DIR) 0 byte 2 days old -- ShellExt
15/04/2008 18:02:32 53248 byte 1 days old -- DivXAF.ax
15/04/2008 18:02:35 21810 byte 1 days old -- divxg400.htm
15/04/2008 18:02:35 184320 byte 1 days old -- DivXG400.ax
15/04/2008 20:44:40 (DIR) 0 byte 1 days old -- dllcache
15/04/2008 22:27:03 (DIR) 0 byte 1 days old -- Adobe
15/04/2008 22:29:39 4212 byte 1 days old -- zllictbl.dat
15/04/2008 22:30:42 (DIR) 0 byte 1 days old -- CatRoot
16/04/2008 02:17:10 (DIR) 0 byte 0 days old -- ZoneLabs
16/04/2008 02:17:14 125320 byte 0 days old -- FNTCACHE.DAT
16/04/2008 02:17:16 (DIR) 0 byte 0 days old -- drivers
16/04/2008 11:10:31 (DIR) 0 byte 0 days old -- LogFiles
16/04/2008 11:44:35 (DIR) 0 byte 0 days old -- CatRoot2
16/04/2008 12:41:15 352921 byte 0 days old -- vsconfig.xml

----- recent files in C:\WINDOWS\system32\drivers\
21/02/2008 01:52:53 (DIR) 0 byte 55 days old -- UMDF
20/03/2008 16:37:22 8864 byte 27 days old -- CDAC15BA.SYS
13/04/2008 09:05:39 717296 byte 3 days old -- sptd.sys
15/04/2008 00:58:14 (DIR) 0 byte 1 days old -- etc
16/04/2008 11:38:48 2252 byte 0 days old -- fidbox.idx
16/04/2008 14:15:18 223264 byte 0 days old -- fidbox.dat

----- recent files in C:\WINDOWS\temp\
16/04/2008 12:40:27 108 byte 0 days old -- teredo.txt
16/04/2008 12:41:10 256 byte 0 days old -- ZLT03cb7.TMP
16/04/2008 12:41:11 256 byte 0 days old -- ZLT03cba.TMP

----- recent files in C:\Program Files\
17/02/2008 23:46:32 (DIR) 0 byte 59 days old -- PhotoFiltre
18/02/2008 15:52:57 (DIR) 0 byte 58 days old -- Bethesda Softworks
20/02/2008 20:57:41 (DIR) 0 byte 56 days old -- Real Alternative
20/02/2008 21:04:41 (DIR) 0 byte 56 days old -- WinAVI MP4 Converter
21/02/2008 17:29:30 (DIR) 0 byte 55 days old -- SSC Service Utility
23/02/2008 20:02:03 (DIR) 0 byte 53 days old -- ABBYY FineReader 6.0 Sprint
23/02/2008 20:02:51 (DIR) 0 byte 53 days old -- EPSON
27/02/2008 21:23:15 (DIR) 0 byte 49 days old -- Windows Live
01/03/2008 16:42:46 (DIR) 0 byte 46 days old -- ABBYY PDF Transformer 2.0
02/03/2008 13:58:01 (DIR) 0 byte 45 days old -- Trend Micro
03/03/2008 19:23:58 (DIR) 0 byte 44 days old -- eBay
05/03/2008 13:48:04 (DIR) 0 byte 42 days old -- World of Warcraft
15/03/2008 17:00:41 (DIR) 0 byte 32 days old -- MP3Gain
29/03/2008 16:39:54 (DIR) 0 byte 18 days old -- Messenger Plus! Live
30/03/2008 16:55:56 (DIR) 0 byte 17 days old -- BatchDPG
30/03/2008 17:48:02 (DIR) 0 byte 17 days old -- BDGest Evolution
03/04/2008 22:32:05 (DIR) 0 byte 13 days old -- TuxPaint
09/04/2008 09:08:05 (DIR) 0 byte 7 days old -- Internet Explorer
14/04/2008 00:30:45 (DIR) 0 byte 2 days old -- DAEMON Tools Lite
15/04/2008 12:15:41 (DIR) 0 byte 1 days old -- Free Download Manager
15/04/2008 15:35:22 (DIR) 0 byte 1 days old -- InstallShield Installation Information
15/04/2008 17:58:31 (DIR) 0 byte 1 days old -- WinASPI
15/04/2008 17:59:22 (DIR) 0 byte 1 days old -- AviSynth 2.5
15/04/2008 17:59:32 (DIR) 0 byte 1 days old -- K-Lite Codec Pack
15/04/2008 18:02:23 (DIR) 0 byte 1 days old -- DivX
15/04/2008 18:16:10 (DIR) 0 byte 1 days old -- Morgan
15/04/2008 18:16:27 (DIR) 0 byte 1 days old -- Rippackv3
15/04/2008 20:44:35 (DIR) 0 byte 1 days old -- Movie Maker
15/04/2008 20:53:28 (DIR) 0 byte 1 days old -- Adobe
15/04/2008 20:54:54 (DIR) 0 byte 1 days old -- Google
15/04/2008 22:24:05 (DIR) 0 byte 1 days old -- OpenOffice.org 2.3
15/04/2008 22:24:45 (DIR) 0 byte 1 days old -- OpenOffice.org 2.4
15/04/2008 22:33:28 (DIR) 0 byte 1 days old -- Fichiers communs
15/04/2008 22:34:35 (DIR) 0 byte 1 days old -- Norton Security Scan
16/04/2008 00:17:31 (DIR) 0 byte 0 days old -- Free Hide Folder
16/04/2008 12:29:26 (DIR) 0 byte 0 days old -- eMule
16/04/2008 13:33:13 (DIR) 0 byte 0 days old -- Mozilla Firefox
16/04/2008 14:06:14 (DIR) 0 byte 0 days old -- TrackMania Nations ESWC

----- recent files in C:\Program Files\Fichiers communs\
23/02/2008 20:06:02 (DIR) 0 byte 53 days old -- InstallShield
02/03/2008 14:02:42 (DIR) 0 byte 45 days old -- Microsoft Shared
15/04/2008 20:53:53 (DIR) 0 byte 1 days old -- Adobe
16/04/2008 10:18:26 (DIR) 0 byte 0 days old -- Symantec Shared

----- recent files in C:\Documents and Settings\Anthony\Application Data\
20/02/2008 20:57:37 (DIR) 0 byte 56 days old -- Real
20/02/2008 22:27:57 (DIR) 0 byte 56 days old -- Media Player Classic
21/02/2008 16:31:40 (DIR) 0 byte 55 days old -- Help
23/02/2008 19:58:55 (DIR) 0 byte 53 days old -- InstallShield
01/03/2008 16:16:35 (DIR) 0 byte 46 days old -- Microsoft
30/03/2008 11:13:12 (DIR) 0 byte 17 days old -- OpenOffice.org2
14/04/2008 00:31:37 (DIR) 0 byte 2 days old -- dvdcss
16/04/2008 14:01:52 (DIR) 0 byte 0 days old -- uTorrent
16/04/2008 14:14:58 (DIR) 0 byte 0 days old -- Free Download Manager

----- recent files in C:\DOCUME~1\Anthony\LOCALS~1\Temp\
16/04/2008 14:07:23 (DIR) 0 byte 0 days old -- plugtmp
16/04/2008 14:11:24 14937710 byte 0 days old -- flaBC.tmp
16/04/2008 14:15:10 34 byte 0 days old -- systemscan.ini
16/04/2008 14:15:11 16384 byte 0 days old -- ~DFB0C7.tmp
16/04/2008 14:15:11 (DIR) 0 byte 0 days old -- nsgC0.tmp

==========================================
Scan completed in 0,1 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work



rapport gmer:

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-16 14:24:33
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Anthony\Local Settings\Temp\flaC8.tmp 14799664 bytes

---- EOF - GMER 1.0.14 ----

------------------------------ Astra esterni ono thelduin. Mor'ranr lifa unin hjarta onr. Un du evarinya ono varna.
 Répondre à totone31
Egwene   16-04-2008 à 14:32:11
- 0 +

Re,

1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

2) Rends toi sur ce lien : Virus Total

  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :


C:\WINDOWS\system32\winsys2.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : http://perso.orange.fr/-Gof/screen/txtvt.jpg
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.

Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

;)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene
totone31   16-04-2008 à 15:02:43
- 0 +

voila le rapport
Fichier winsys2.exe reçu le 2008.04.15 16:47:01 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.15.1 2008.04.15 -
AntiVir 7.6.0.85 2008.04.15 -
Authentium 4.93.8 2008.04.14 -
Avast 4.8.1169.0 2008.04.15 -
AVG 7.5.0.516 2008.04.15 -
BitDefender 7.2 2008.04.15 -
CAT-QuickHeal 9.50 2008.04.14 -
ClamAV 0.92.1 2008.04.15 -
DrWeb 4.44.0.09170 2008.04.15 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5700 2008.04.15 -
Ewido 4.0 2008.04.15 -
F-Prot 4.4.2.54 2008.04.14 -
F-Secure 6.70.13260.0 2008.04.15 -
FileAdvisor 1 2008.04.15 -
Fortinet 3.14.0.0 2008.04.15 -
Ikarus T3.1.1.26 2008.04.15 -
Kaspersky 7.0.0.125 2008.04.15 -
McAfee 5273 2008.04.14 -
Microsoft 1.3408 2008.04.14 -
NOD32v2 3027 2008.04.15 -
Norman 5.80.02 2008.04.15 -
Panda 9.0.0.4 2008.04.14 -
Prevx1 V2 2008.04.15 -
Rising 20.40.11.00 2008.04.15 -
Sophos 4.28.0 2008.04.15 MadCodeHook
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.15 -
TheHacker 6.2.92.277 2008.04.14 -
VBA32 3.12.6.4 2008.04.14 -
VirusBuster 4.3.26:9 2008.04.15 -
Webwasher-Gateway 6.6.2 2008.04.15 -
Information additionnelle
File size: 217088 bytes
MD5...: 246ed5328f940e4fdaab0b2fc987da01
SHA1..: d5e2592cf25b48efb1225e37c45bce99a13466c8
SHA256: a12b18fcdd5e76711c8cfd6010ecdb1f6a4bf27cc48f0ecf70291591770cb457
SHA512: eda78432518373137d1170fc98c58bea33485c9db1115899f7eea9d20f03a8d3<br>64fd4e936bac44bd2dd6e6f690c7b0e1cdf0b7af6c6acf7b44fe1d7aed0daea9
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40eee7<br>timedatestamp.....: 0x45220536 (Tue Oct 03 06:37:42 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1f6d6 0x20000 6.61 d2f22979f1ff4b51abdd7563aeb45bda<br>.rdata 0x21000 0x7676 0x8000 4.79 2568b87b9e716158c4b0ee05d59ef976<br>.data 0x29000 0x5a74 0x2000 3.85 6d7f74470b50f6760435bdc1865de721<br>.rsrc 0x2f000 0x9290 0xa000 5.56 b596ffd3a165cb398764578107bedac4<br><br>( 8 imports ) <br>&gt; MADCHOOK.DLL: InjectLibraryA, UninjectLibraryA<br>&gt; KERNEL32.dll: SetErrorMode, HeapFree, HeapAlloc, VirtualAlloc, HeapReAlloc, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, RtlUnwind, ExitProcess, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, VirtualFree, GetStdHandle, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetOEMCP, GetCPInfo, CreateFileA, GetCurrentProcess, GetThreadLocale, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalFlags, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GetVersionExA, InterlockedDecrement, GetModuleFileNameW, FreeResource, CloseHandle, WritePrivateProfileStringA, GlobalAddAtomA, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, LoadLibraryA, lstrcmpA, FreeLibrary, GlobalDeleteAtom, GetModuleHandleA, GetProcAddress, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, SetLastError, GetVersion, CompareStringA, GetLastError, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, lstrlenA<br>&gt; USER32.dll: LoadCursorA, GetSysColorBrush, ShowWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, UnhookWindowsHookEx, GetSysColor, EndPaint, BeginPaint, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, EnableWindow, GetSystemMetrics, GetDlgItem, GetNextDlgTabItem, EndDialog, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, DestroyMenu, UnregisterClassA, PostMessageA, SendMessageA, GetClientRect, DrawIcon, LoadIconA, IsIconic, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, CheckMenuItem, EnableMenuItem, ModifyMenuA, GetParent, ValidateRect, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, PostQuitMessage, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, GetClassInfoExA<br>&gt; GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetStockObject, RectVisible, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, GetDeviceCaps, PtVisible, GetObjectA, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, CreateBitmap, TextOutA<br>&gt; WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA<br>&gt; ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA, RegSetValueExA<br>&gt; SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA<br>&gt; OLEAUT32.dll: -, -, -<br><br>( 0 exports ) <br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.15.1 2008.04.15 -
AntiVir 7.6.0.85 2008.04.15 -
Authentium 4.93.8 2008.04.14 -
Avast 4.8.1169.0 2008.04.15 -
AVG 7.5.0.516 2008.04.15 -
BitDefender 7.2 2008.04.15 -
CAT-QuickHeal 9.50 2008.04.14 -
ClamAV 0.92.1 2008.04.15 -
DrWeb 4.44.0.09170 2008.04.15 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5700 2008.04.15 -
Ewido 4.0 2008.04.15 -
F-Prot 4.4.2.54 2008.04.14 -
F-Secure 6.70.13260.0 2008.04.15 -
FileAdvisor 1 2008.04.15 -
Fortinet 3.14.0.0 2008.04.15 -
Ikarus T3.1.1.26 2008.04.15 -
Kaspersky 7.0.0.125 2008.04.15 -
McAfee 5273 2008.04.14 -
Microsoft 1.3408 2008.04.14 -
NOD32v2 3027 2008.04.15 -
Norman 5.80.02 2008.04.15 -
Panda 9.0.0.4 2008.04.14 -
Prevx1 V2 2008.04.15 -
Rising 20.40.11.00 2008.04.15 -
Sophos 4.28.0 2008.04.15 MadCodeHook
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.15 -
TheHacker 6.2.92.277 2008.04.14 -
VBA32 3.12.6.4 2008.04.14 -
VirusBuster 4.3.26:9 2008.04.15 -
Webwasher-Gateway 6.6.2 2008.04.15 -

Information additionnelle
File size: 217088 bytes
MD5...: 246ed5328f940e4fdaab0b2fc987da01
SHA1..: d5e2592cf25b48efb1225e37c45bce99a13466c8
SHA256: a12b18fcdd5e76711c8cfd6010ecdb1f6a4bf27cc48f0ecf70291591770cb457
SHA512: eda78432518373137d1170fc98c58bea33485c9db1115899f7eea9d20f03a8d3<br>64fd4e936bac44bd2dd6e6f690c7b0e1cdf0b7af6c6acf7b44fe1d7aed0daea9
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40eee7<br>timedatestamp.....: 0x45220536 (Tue Oct 03 06:37:42 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1f6d6 0x20000 6.61 d2f22979f1ff4b51abdd7563aeb45bda<br>.rdata 0x21000 0x7676 0x8000 4.79 2568b87b9e716158c4b0ee05d59ef976<br>.data 0x29000 0x5a74 0x2000 3.85 6d7f74470b50f6760435bdc1865de721<br>.rsrc 0x2f000 0x9290 0xa000 5.56 b596ffd3a165cb398764578107bedac4<br><br>( 8 imports ) <br>&gt; MADCHOOK.DLL: InjectLibraryA, UninjectLibraryA<br>&gt; KERNEL32.dll: SetErrorMode, HeapFree, HeapAlloc, VirtualAlloc, HeapReAlloc, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, RtlUnwind, ExitProcess, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, VirtualFree, GetStdHandle, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetOEMCP, GetCPInfo, CreateFileA, GetCurrentProcess, GetThreadLocale, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalFlags, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GetVersionExA, InterlockedDecrement, GetModuleFileNameW, FreeResource, CloseHandle, WritePrivateProfileStringA, GlobalAddAtomA, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, LoadLibraryA, lstrcmpA, FreeLibrary, GlobalDeleteAtom, GetModuleHandleA, GetProcAddress, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, SetLastError, GetVersion, CompareStringA, GetLastError, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, lstrlenA<br>&gt; USER32.dll: LoadCursorA, GetSysColorBrush, ShowWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, UnhookWindowsHookEx, GetSysColor, EndPaint, BeginPaint, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, EnableWindow, GetSystemMetrics, GetDlgItem, GetNextDlgTabItem, EndDialog, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, DestroyMenu, UnregisterClassA, PostMessageA, SendMessageA, GetClientRect, DrawIcon, LoadIconA, IsIconic, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, CheckMenuItem, EnableMenuItem, ModifyMenuA, GetParent, ValidateRect, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, PostQuitMessage, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, GetClassInfoExA<br>&gt; GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetStockObject, RectVisible, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, GetDeviceCaps, PtVisible, GetObjectA, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, CreateBitmap, TextOutA<br>&gt; WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA<br>&gt; ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA, RegSetValueExA<br>&gt; SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA<br>&gt; OLEAUT32.dll: -, -, -<br><br>( 0 exports ) <br>

------------------------------ Astra esterni ono thelduin. Mor'ranr lifa unin hjarta onr. Un du evarinya ono varna.
 Répondre à totone31
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Ordi long a demarrer ou ne demarre pas
Aller à :

Il y a 3147 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,412 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens