Trojan

Bonjour,

Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Bonjour

voici :

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: C:\WINDOWS\system32\dxonool32.sys
Unable to kill process: C:\WINDOWS\System32\reader_s.exe
Unable to kill process: C:\WINDOWS\system32\afisicx.exe
Unable to kill process: C:\WINDOWS\system32\sopidkc.exe
========== SERVICES/DRIVERS ==========

Service\Driver ehdrv deleted successfully.
Service\Driver afisicx stopped successfully.
Service\Driver afisicx deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpyHunter Security Suite deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\reader_s deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\services deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\services deleted successfully.
========== FILES ==========
File/Folder c:\temp1\*.txt not found.
C:\WINDOWS\services.exe moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Rollback moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Download moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter moved successfully.
C:\Program Files\Enigma Software Group moved successfully.
C:\WINDOWS\System32\reader_s.exe moved successfully.
C:\Documents and Settings\Laurent\reader_s.exe moved successfully.
C:\WINDOWS\system32\afisicx.exe moved successfully.
C:\WINDOWS\system32\sopidkc.exe moved successfully.
C:\WINDOWS\services.exe.vir moved successfully.
C:\WINDOWS\system32\A.tmp moved successfully.
C:\WINDOWS\system32\4.tmp moved successfully.
C:\WINDOWS\system32\5.tmp moved successfully.
C:\WINDOWS\system32\2.tmp moved successfully.
C:\WINDOWS\system32\tmpxccacj0.exe moved successfully.
C:\WINDOWS\system32\adx.exe moved successfully.
C:\WINDOWS\system32\DRIVERS\ehdrv.sys moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Laurent\LOCALS~1\Temp\etilqs_JLZttha8m59zVaVq1Acl scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mta111263.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mta25525.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_92c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03192009_160833

Files moved on Reboot...
File C:\DOCUME~1\Laurent\LOCALS~1\Temp\etilqs_JLZttha8m59zVaVq1Acl not found!
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\mta111263.dll not found!
C:\WINDOWS\temp\mta25525.dll unregistered successfully.
C:\WINDOWS\temp\mta25525.dll moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_5e0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_92c.dat not found!
C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\Mozilla\Firefox\Profiles\7dwslm2o.default\XUL.mfl moved successfully.


merci

Refais un scan RSTI.

info.txt logfile of random's system information tool 1.05 2009-03-19 06:53:40

======Uninstall list======

-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->F:\AD-AWA~1\AD-AWA~1\UNWISE.EXE F:\AD-AWA~1\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Alive Video Converter (version 3.2.0.8)-->"f:\Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
ASUS nVIDIA Driver-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1036
avast! Antivirus-->C:\Program Files\Avast\aswRunDll.exe "C:\Program Files\Avast\Setup\setiface.dll",RunSetup
Avex DVD to iPod Converter (remove only)-->"f:\Avex DVD to iPod Converter\bt-uninst.exe"
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly
Battlefield Vietnam(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x40c
BFVCC Server Manager-->C:\WINDOWS\iun6002.exe "h:\BFVCC Server Manager\irunin.ini"
Canon i550-->C:\WINDOWS\system32\CNMCP49.exe "-PRINTERNAMECanon i550" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis.dll" "-RCDLLcnmi040c.dll"
CCleaner (remove only)-->"f:\CCleaner\uninst.exe"
CDBurnerXP-->"f:\CDBurnerXP\unins000.exe"
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"H:\coh\\Uninstall_French.exe"
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Crazy Machine 2-->"h:\Crazy Machine 2\unins000.exe"
Droppix Recorder 2-->"f:\Droppix Recorder 2\unins000.exe"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
EVEREST Home Edition v2.20-->"f:\EVEREST Home Edition\unins000.exe"
FLV Player 2.0, build 24-->F:\FLV Player\uninst.exe
Fritivi 2.0b2-->"F:\Fritivi\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Laurent\Bureau\HijackThis.exe" /uninstall
Hotel Giant 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6328CF1B-FA83-485C-94F5-B3D1B4B934E2}\setup.exe" -l0x40c -uninst -removeonly
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Left 4 Dead-->"H:\Steam\steam.exe" steam://uninstall/500
Malwarebytes' Anti-Malware-->"f:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Speech SDK 5.1-->MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{A14C24F6-615B-415E-84B0-610FDAD19B68}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.7)-->F:\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->F:\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
oggcodecs-->MsiExec.exe /I{D65F0073-A820-4085-B997-A061171595A7}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
OpenTTD 0.4.5.0-->C:\Program Files\OpenTTD\uninstall.exe
Pharaon-->C:\WINDOWS\IsUn040c.exe -fh:\Pharaon\SIERRA\Pharaon\Uninst.isu
PunkBuster pour Battlefield Vietnam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x40c
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x40c -removeonly
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x040c -removeonly
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Steam-->H:\Steam\UNWISE.EXE H:\Steam\INSTALL.LOG
Team Fortress 2-->"H:\Steam\steam.exe" steam://uninstall/440
THE SETTLERS - Bâtisseurs d'Empire-->"C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x040c -removeonly
TouchCopy-->MsiExec.exe /I{BA34D0C7-A0A5-4FF4-A780-BA3A22259F57}
Transport Tycoon Deluxe-->C:\WINDOWS\UniFISH.exe Transport Tycoon Deluxe
Trojan Remover 6.7.6-->"h:\Trojan Remover\unins000.exe"
TV Giant-->"g:\TV Giant\unins000.exe"
Videora iPod Converter 4.03-->f:\Video Converter App\uninstaller.exe
VLC media player 0.9.2-->F:\VLC\uninstall.exe
VNC Free Edition 4.1.2-->"F:\VNC4\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 jl.chura.pl
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

======Security center information======

AV: avast! antivirus 4.8.1169 [VPS 080418-0] (outdated)
AV: ESET NOD32 Antivirus 4.0 (disabled)

System event log

Computer Name: PUNCHCOCO
Event Code: 7036
Message: Le service Service Messenger Sharing Folders USN Journal Reader est entré dans l'état : en cours d'exécution.

Record Number: 3974
Source Name: Service Control Manager
Time Written: 20081208174133.000000+060
Event Type: Informations
User:

Computer Name: PUNCHCOCO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service Messenger Sharing Folders USN Journal Reader.

Record Number: 3973
Source Name: Service Control Manager
Time Written: 20081208174133.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: PUNCHCOCO
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service VNC Server Version 4.

Record Number: 3972
Source Name: Service Control Manager
Time Written: 20081208174117.000000+060
Event Type: Informations
User: PUNCHCOCO\Laurent

Computer Name: PUNCHCOCO
Event Code: 7036
Message: Le service VNC Server Version 4 est entré dans l'état : arrêté.

Record Number: 3971
Source Name: Service Control Manager
Time Written: 20081208174117.000000+060
Event Type: Informations
User:

Computer Name: PUNCHCOCO
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 3970
Source Name: Service Control Manager
Time Written: 20081208174109.000000+060
Event Type: Informations
User:

Application event log

Computer Name: PUNCHCOCO
Event Code: 700
Message: msnmsgr (2200) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Messenger\lolopx87@hotmail.com\SharingMetadata\Working\database_DA00_8B9A_8B_7C6F\dfsr.db'.

Record Number: 8313
Source Name: ESENT
Time Written: 20090210050016.000000+060
Event Type: Informations
User:

Computer Name: PUNCHCOCO
Event Code: 701
Message: msnmsgr (2200) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Messenger\lolopx87@hotmail.com\SharingMetadata\Working\database_DA00_8B9A_8B_7C6F\dfsr.db'.

Record Number: 8312
Source Name: ESENT
Time Written: 20090210040016.000000+060
Event Type: Informations
User:

Computer Name: PUNCHCOCO
Event Code: 700
Message: msnmsgr (2200) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Messenger\lolopx87@hotmail.com\SharingMetadata\Working\database_DA00_8B9A_8B_7C6F\dfsr.db'.

Record Number: 8311
Source Name: ESENT
Time Written: 20090210040016.000000+060
Event Type: Informations
User:

Computer Name: PUNCHCOCO
Event Code: 701
Message: msnmsgr (2200) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Messenger\lolopx87@hotmail.com\SharingMetadata\Working\database_DA00_8B9A_8B_7C6F\dfsr.db'.

Record Number: 8310
Source Name: ESENT
Time Written: 20090210030016.000000+060
Event Type: Informations
User:

Computer Name: PUNCHCOCO
Event Code: 700
Message: msnmsgr (2200) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Messenger\lolopx87@hotmail.com\SharingMetadata\Working\database_DA00_8B9A_8B_7C6F\dfsr.db'.

Record Number: 8309
Source Name: ESENT
Time Written: 20090210030016.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\Samsung PC Studio 3;H:\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by Laurent at 2009-03-19 17:54:44
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 594 MB (3%) free of 19 GB
Total RAM: 1535 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:45, on 19/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
F:\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
f:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tdctxte.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\Laurent\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Laurent\LOCALS~1\Temp\vkn10.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Laurent\LOCALS~1\Temp\tnc81.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Laurent\Bureau\RSIT.exe
C:\Documents and Settings\Laurent\Bureau\Laurent.exe
C:\PROGRA~1\FICHIE~1\MICROS~1\DW\DW20.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vmware-ufad.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Laurent\reader_s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Laurent\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: hwirjt - C:\WINDOWS\SYSTEM32\hwirjt32.dll
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - F:\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - F:\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - f:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - F:\VNC4\WinVNC4.exe

--
End of file - 7972 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-12 320920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-12 136600]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-13 7557120]
"rs32net"=C:\WINDOWS\System32\rs32net.exe [2009-03-19 23552]
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-03-19 37376]
"DWQueuedReporting"=C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe [2005-04-25 36040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=C:\Documents and Settings\Laurent\reader_s.exe [2009-03-19 37376]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 32768]
"rs32net"=C:\WINDOWS\System32\rs32net.exe [2009-03-19 23552]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"services"=C:\WINDOWS\services.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\Avast\ashDisp.exe [2008-03-29 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
h:\Trojan Remover\Trjscan.exe [2009-03-07 1303432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hwirjt]
C:\WINDOWS\system32\hwirjt32.dll [2009-03-19 16896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7ubxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati7ubxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:* isabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:* isabled:@xpsp3res.dll,-20000"
"F:\eMule\emule.exe"="F:\eMule\emule.exe:*:Enabled:eMule"
"F:\Fritivi\fritivi.exe"="F:\Fritivi\fritivi.exe:*:Enabled:fritivi"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\coh\RelicCOH.exe"="H:\coh\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"F:\Fritivi\Fritivi_Recorder.exe"="F:\Fritivi\Fritivi_Recorder.exe:*:Enabled:Fritivi_Recorder"
"F:\FileZilla FTP Client\filezilla.exe"="F:\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"F:\fritivi 2\fritivi.exe"="F:\fritivi 2\fritivi.exe:*:Enabled:fritivi"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled nkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled nkBstrB"
"H:\settlers\base\bin\Settlers6.exe"="H:\settlers\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Bâtisseurs d'Empire"
"H:\Steam\SteamApps\nono85\team fortress 2\hl2.exe"="H:\Steam\SteamApps\nono85\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"H:\Steam\steam.exe"="H:\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"H:\Battlefield 2\BF2.exe"="H:\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"H:\BFVCC Server Manager\BFVCC.exe"="H:\BFVCC Server Manager\BFVCC.exe:*:Enabled:BFVCC"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"H:\Steam\SteamApps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe"="H:\Steam\SteamApps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled OW2"
"H:\Tower Simulator v1\Tower.exe"="H:\Tower Simulator v1\Tower.exe:*:Enabled:Tower"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"H:\Steam\SteamApps\common\left 4 dead\left4dead.exe"="H:\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
"F:\GigaTribe\gigatribe.exe"="F:\GigaTribe\gigatribe.exe:*:Enabled:gigatribe"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24ede236-5346-11dd-84d2-001731c1d0e6}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{743cd0c3-dd7f-11dc-9b98-806d6172696f}]
shell\AutoRun\command - E:\MyLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac4b5d22-e91b-11dc-84bc-001731c1d0e6}]
shell\AutoRun\command - J:\TowerSim_v12.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e210b12b-a046-11dd-84e0-001731c1d0e6}]
shell\AutoRun\command - K:\wdsync.exe


======List of files/folders created in the last 1 months======

2009-03-19 17:51:02 ----A---- C:\WINDOWS\system32\hwirjt32.dll
2009-03-19 17:50:33 ----A---- C:\WINDOWS\system32\hwirjt.dll
2009-03-19 17:50:17 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-03-19 17:50:16 ----A---- C:\WINDOWS\system32\vmware-ufad.exe
2009-03-19 17:50:15 ----A---- C:\WINDOWS\system32\rs32net.exe
2009-03-19 17:50:15 ----A---- C:\WINDOWS\system32\7.tmp
2009-03-19 16:08:33 ----D---- C:\_OTMoveIt
2009-03-19 07:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-19 07:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-19 07:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-19 07:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-19 07:14:12 ----D---- C:\Program Files\MSXML 6.0
2009-03-19 07:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-03-19 07:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-03-19 07:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-19 07:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-19 07:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-19 07:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-19 07:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-03-19 07:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-19 07:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-19 07:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-19 07:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-19 07:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-19 07:12:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-19 07:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-03-19 07:11:18 ----A---- C:\WINDOWS\imsins.BAK
2009-03-19 07:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-03-19 06:53:02 ----D---- C:\rsit
2009-03-18 22:21:19 ----D---- C:\Documents and Settings\Laurent\Application Data\Malwarebytes
2009-03-18 22:21:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-18 21:42:21 ----A---- C:\WINDOWS\TmProxy.ini
2009-03-18 21:42:21 ----A---- C:\WINDOWS\TmPfw.ini
2009-03-18 21:42:21 ----A---- C:\WINDOWS\HomeNet.ini
2009-03-18 21:42:21 ----A---- C:\WINDOWS\aucfg.ini
2009-03-18 21:42:11 ----D---- C:\Archive
2009-03-18 20:44:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-18 20:38:49 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-03-18 20:38:48 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-03-18 20:38:48 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-03-18 20:38:48 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-03-18 20:38:48 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-03-18 20:38:47 ----D---- C:\Documents and Settings\Laurent\Application Data\Simply Super Software
2009-03-18 20:38:47 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-03-18 19:40:12 ----D---- C:\WINDOWS\ERUNT
2009-03-18 19:36:38 ----D---- C:\WINDOWS\pss
2009-03-18 19:34:55 ----D---- C:\SDFix
2009-03-18 16:58:21 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-03-18 16:58:21 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-03-18 16:58:21 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-18 16:58:21 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-03-18 16:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-18 07:21:00 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-03-16 22:11:16 ----D---- C:\Program Files\msn gaming zone
2009-03-15 16:25:24 ----A---- C:\WINDOWS\system32\u161536821.dll
2009-03-15 16:25:21 ----A---- C:\WINDOWS\system32\BD8.tmp
2009-03-15 16:25:06 ----A---- C:\WINDOWS\system32\xcchit32.ini
2009-03-15 16:24:44 ----A---- C:\WINDOWS\adobe.bat
2009-03-15 16:24:25 ----A---- C:\WINDOWS\xccdf32_090313a.dll
2009-03-15 16:24:25 ----A---- C:\WINDOWS\xccdf16_090313a.dll
2009-03-15 16:24:20 ----D---- C:\WINDOWS\system32\inf
2009-03-15 16:24:20 ----A---- C:\WINDOWS\xccwinsys.ini
2009-03-15 16:24:18 ----A---- C:\WINDOWS\system32\BD6.tmp
2009-03-15 16:24:13 ----A---- C:\WINDOWS\system32\BD2.tmp
2009-03-12 18:39:08 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-12 18:39:08 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-12 18:39:08 ----A---- C:\WINDOWS\system32\java.exe
2009-03-12 18:39:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-07 10:44:49 ----D---- C:\Program Files\BoontyGames
2009-03-06 17:03:28 ----D---- C:\Program Files\Emote

======List of files/folders modified in the last 1 months======

2009-03-19 17:56:00 ----D---- C:\WINDOWS\Temp
2009-03-19 17:51:51 ----D---- C:\WINDOWS\system32\drivers
2009-03-19 17:51:02 ----D---- C:\WINDOWS\system32
2009-03-19 17:51:02 ----A---- C:\WINDOWS\system32\svchost.exe
2009-03-19 17:48:39 ----ASH---- C:\boot.ini
2009-03-19 17:48:39 ----A---- C:\WINDOWS\win.ini
2009-03-19 17:48:39 ----A---- C:\WINDOWS\system.ini
2009-03-19 17:35:26 ----RD---- C:\Program Files
2009-03-19 17:34:37 ----D---- C:\WINDOWS
2009-03-19 17:01:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-19 07:15:00 ----HD---- C:\WINDOWS\inf
2009-03-19 07:14:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-19 07:14:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-19 07:14:17 ----SHD---- C:\WINDOWS\Installer
2009-03-19 07:12:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-19 07:11:31 ----D---- C:\WINDOWS\WinSxS
2009-03-19 07:11:16 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-18 19:39:20 ----D---- C:\Documents and Settings
2009-03-18 17:42:31 ----D---- C:\WINDOWS\Debug
2009-03-18 17:27:42 ----SD---- C:\Documents and Settings\Laurent\Application Data\Microsoft
2009-03-18 17:27:19 ----D---- C:\Program Files\Yahoo!
2009-03-18 17:17:03 ----D---- C:\WINDOWS\Prefetch
2009-03-15 16:24:23 ----D---- C:\WINDOWS\system
2009-03-12 18:37:57 ----D---- C:\Program Files\Java
2009-03-07 09:34:01 ----D---- C:\WINDOWS\system32\DirectX
2009-03-07 09:33:21 ----RSD---- C:\WINDOWS\assembly
2009-03-01 09:48:11 ----D---- C:\Documents and Settings\Laurent\Application Data\Skype
2009-03-01 09:46:52 ----D---- C:\Documents and Settings\Laurent\Application Data\skypePM
2009-03-01 09:45:24 ----D---- C:\Program Files\Google
2009-03-01 09:43:30 ----D---- C:\Program Files\Fichiers communs\LightScribe
2009-03-01 09:42:55 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-03-01 09:42:47 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-03-01 09:41:16 ----D---- C:\Program Files\AviSynth 2.5
2009-02-26 16:55:33 ----D---- C:\Documents and Settings\Laurent\Application Data\teamspeak2
2009-02-20 17:12:17 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-20 14848]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-05-08 278984]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-05-08 25416]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-13 3642784]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 tcpsr;tcpsr; \??\C:\WINDOWS\System32\drivers\tcpsr.sys []
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mwfplfmvjqqq;mwfplfmvjqqq; \??\C:\WINDOWS\system32\drivers\rtvsxpezi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast\aswUpdSv.exe [2008-03-29 17272]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 258560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast\ashServ.exe [2008-03-29 144760]
R2 ekrn;ESET Service; F:\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-12 152984]
R2 NMSAccessU;NMSAccessU; f:\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-13 143426]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-18 66872]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-28 36864]
R2 tdctxte;tdctxte Service; C:\WINDOWS\system32\tdctxte.exe [2001-08-28 187904]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast\ashWebSv.exe [2008-03-29 345464]
S2 ICF;ICF; C:\WINDOWS\system32\svchost.exe [2009-03-19 14336]
S2 WinVNC4;VNC Server Version 4; F:\VNC4\WinVNC4.exe [2006-05-12 439248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Droppix Service;Droppix Service; C:\Program Files\Fichiers communs\Droppix\DxService.exe [2008-02-01 172032]
S3 EhttpSrv;ESET HTTP Server; F:\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 57344]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 90112]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 761856]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 935424]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-19 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 143360]

-----------------EOF-----------------

Bizarre que ça revienne.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

[#FF0000]Aide :

Comment utiliser MBAM.

Comment faire démarrer son ordinateur en mode sans échec.

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1870
Windows 5.1.2600 Service Pack 2

19/03/2009 20:27:16
mbam-log-2009-03-19 (20-27-16).txt

Type de recherche: Examen complet (C:\|F:\|G:\|H:\|)
Eléments examinés: 184821
Temps écoulé: 1 hour(s), 29 minute(s), 34 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati7ubxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati7ubxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati7ubxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\services (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\vmware-ufad.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\vmware-ufad.exe -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Laurent\Local Settings\Temp\BN68.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\BNC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A869FB-84CE-48E9-B624-7C775E35D651}\RP498\A0066308.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70A869FB-84CE-48E9-B624-7C775E35D651}\RP498\A0067371.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati7ubxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\rs32net.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\vmware-ufad.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.


Et je pense qu'il y a un soucis avec Avast svchost : il y à 13 processus de ce nom en cours

On continue.

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)

Double clique sur ComboFix.exe.

Accepte la licence en cliquant sur Oui.

Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !

Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

ComboFix 09-03-18.01 - Laurent 2009-03-19 21:07:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1535.857 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 080418-0] *On-access scanning enabled* (Outdated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\Laurent\reader_s.exe
c:\windows\Install.txt
c:\windows\services.exe
c:\windows\system32\A.tmp
c:\windows\system32\comsa32.sys
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\inf\xccdfb16_090313.dll
c:\windows\system32\Install.txt
c:\windows\system32\reader_s.exe
c:\windows\system32\xcchit32.ini
c:\windows\xccdf16_090313a.dll
c:\windows\xccdf32_090313a.dll
c:\windows\xccwinsys.ini
F:\install.exe

c:\windows\system32\userinit.exe . . . est infecté!!

c:\windows\system32\spoolsv.exe . . . est infecté!!

c:\windows\explorer.exe . . . est infecté!!

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DEFAULTLIB
-------\Legacy_PROTECT
-------\Legacy_SOPIDKC
-------\Legacy_SYNSEND
-------\Legacy_TCPSR


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 ))))))))))))))))))))))))))))))))))))
.

2009-03-19 21:20 . 2009-03-19 21:20 37,376 --a------ c:\documents and settings\Laurent\reader_s.exe
2009-03-19 21:19 . 2009-03-19 21:20 53,054 --a------ c:\windows\system32\5.tmp
2009-03-19 21:19 . 2009-03-19 21:19 124 --a------ c:\windows\system32\2.tmp
2009-03-19 20:45 . 2009-03-19 20:45 244 --ah----- C:\sqmnoopt14.sqm
2009-03-19 20:45 . 2009-03-19 20:45 232 --ah----- C:\sqmdata14.sqm
2009-03-19 20:30 . 2009-03-19 20:30 46,080 --a------ c:\windows\system32\undname.exe
2009-03-19 20:29 . 2009-03-19 20:29 124 --a------ c:\windows\system32\3.tmp
2009-03-19 18:53 . 2009-03-19 18:53 244 --ah----- C:\sqmnoopt13.sqm
2009-03-19 18:53 . 2009-03-19 18:53 232 --ah----- C:\sqmdata13.sqm
2009-03-19 17:30 . 2009-03-19 17:30 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-19 17:27 . 2009-03-19 17:27 244 --ah----- C:\sqmnoopt12.sqm
2009-03-19 17:27 . 2009-03-19 17:27 232 --ah----- C:\sqmdata12.sqm
2009-03-19 17:26 . 2009-03-19 17:26 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-19 17:26 . 2009-03-19 17:26 244 --ah----- C:\sqmnoopt11.sqm
2009-03-19 17:26 . 2009-03-19 17:26 232 --ah----- C:\sqmdata11.sqm
2009-03-19 16:40 . 2009-03-19 16:40 244 --ah----- C:\sqmnoopt10.sqm
2009-03-19 16:40 . 2009-03-19 16:40 232 --ah----- C:\sqmdata10.sqm
2009-03-19 16:17 . 2009-03-19 16:17 244 --ah----- C:\sqmnoopt09.sqm
2009-03-19 16:17 . 2009-03-19 16:17 232 --ah----- C:\sqmdata09.sqm
2009-03-19 16:16 . 2009-03-19 16:16 244 --ah----- C:\sqmnoopt08.sqm
2009-03-19 16:16 . 2009-03-19 16:16 244 --ah----- C:\sqmnoopt07.sqm
2009-03-19 16:16 . 2009-03-19 16:16 232 --ah----- C:\sqmdata08.sqm
2009-03-19 16:16 . 2009-03-19 16:16 232 --ah----- C:\sqmdata07.sqm
2009-03-19 16:08 . 2009-03-19 16:08 <REP> d-------- C:\_OTMoveIt
2009-03-19 07:14 . 2009-03-19 07:14 <REP> d-------- c:\program files\MSXML 6.0
2009-03-19 07:11 . 2009-03-19 07:14 1,374 --a------ c:\windows\imsins.BAK
2009-03-19 06:53 . 2009-03-19 06:53 <REP> d-------- C:\rsit
2009-03-18 22:21 . 2009-03-18 22:21 <REP> d-------- c:\documents and settings\Laurent\Application Data\Malwarebytes
2009-03-18 22:21 . 2009-03-18 22:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 22:21 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 22:21 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 21:42 . 2009-03-18 21:42 <REP> d-------- C:\Archive
2009-03-18 21:42 . 2009-03-18 21:42 82 --a------ c:\windows\TmProxy.ini
2009-03-18 21:42 . 2009-03-18 21:42 82 --a------ c:\windows\TmPfw.ini
2009-03-18 21:42 . 2009-03-18 21:42 82 --a------ c:\windows\HomeNet.ini
2009-03-18 21:42 . 2009-03-18 21:42 18 --a------ c:\windows\aucfg.ini
2009-03-18 21:36 . 2009-03-18 21:31 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-18 21:31 . 2009-03-18 21:37 <REP> d-------- c:\documents and settings\Laurent\.housecall6.6
2009-03-18 20:44 . 2009-03-18 21:07 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-18 19:51 . 2009-03-18 19:51 30,976 --a------ c:\windows\system32\drivers\rtvsxpezi.sys.vir
2009-03-18 19:40 . 2009-03-18 19:40 <REP> d-------- c:\windows\ERUNT
2009-03-18 19:39 . 2008-02-17 18:41 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-18 19:39 . 2008-02-17 18:41 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-18 19:39 . 2008-02-17 18:54 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-18 19:39 . 2008-02-17 18:41 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-03-18 19:39 . 2008-02-17 18:41 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-18 19:39 . 2008-02-17 18:41 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-03-18 19:39 . 2009-03-19 17:46 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-18 19:39 . 2009-03-18 19:39 <REP> d-------- c:\documents and settings\Administrateur
2009-03-18 19:34 . 2009-03-19 17:46 <REP> d-------- C:\SDFix
2009-03-18 16:58 . 2009-03-18 16:58 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-18 16:58 . 2009-03-18 16:58 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-18 16:58 . 2009-03-18 16:58 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-18 16:58 . 2009-03-18 16:58 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-18 16:57 . 2009-03-18 18:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-18 07:21 . 2009-03-18 07:21 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-17 20:51 . 2009-03-17 20:51 244 --ah----- C:\sqmnoopt06.sqm
2009-03-17 20:51 . 2009-03-17 20:51 232 --ah----- C:\sqmdata06.sqm
2009-03-15 16:26 . 2009-03-15 16:26 182,912 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-03-15 16:25 . 2009-03-15 16:25 77,824 --a------ c:\windows\system32\u161536821.dll
2009-03-15 16:25 . 2009-03-15 16:25 0 --a------ c:\windows\system32\BD8.tmp
2009-03-15 16:24 . 2009-03-19 21:08 <REP> d-------- c:\windows\system32\inf
2009-03-15 16:24 . 2009-03-15 16:25 65,536 --a------ c:\windows\system32\BD6.tmp
2009-03-15 16:24 . 2009-03-19 21:19 128 --a------ c:\windows\adobe.bat
2009-03-15 16:24 . 2009-03-15 16:24 124 --a------ c:\windows\system32\BD2.tmp
2009-03-15 16:24 . 2009-03-15 16:25 6 --a------ c:\windows\_id.dat
2009-03-12 18:39 . 2009-03-12 18:38 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-07 10:44 . 2009-03-07 10:45 <REP> d-------- c:\program files\BoontyGames
2009-03-06 17:03 . 2009-03-18 17:24 <REP> d-------- c:\program files\Emote
2009-03-01 11:51 . 2009-03-01 11:51 4,096 --a------ c:\windows\d3dx.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 20:19 50,654 ----a-w c:\windows\services.exe
2009-03-19 17:25 --------- d-----w c:\program files\iTunes
2009-03-18 16:27 --------- d-----w c:\program files\Yahoo!
2009-03-15 15:26 182,912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-12 17:37 --------- d-----w c:\program files\Java
2009-03-01 08:48 --------- d-----w c:\documents and settings\Laurent\Application Data\Skype
2009-03-01 08:46 --------- d-----w c:\documents and settings\Laurent\Application Data\skypePM
2009-03-01 08:45 --------- d-----w c:\program files\Google
2009-03-01 08:43 --------- d-----w c:\program files\Fichiers communs\LightScribe
2009-03-01 08:42 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-03-01 08:41 --------- d-----w c:\program files\AviSynth 2.5
2009-02-26 15:55 --------- d-----w c:\documents and settings\Laurent\Application Data\teamspeak2
2009-02-17 12:57 --------- d-----w c:\program files\Safari
2009-01-31 08:07 --------- d-----w c:\program files\Sierra On-Line
2009-01-28 18:35 --------- d-----w c:\program files\MSBuild
2009-01-28 18:30 --------- d-----w c:\program files\Reference Assemblies
2009-01-28 18:28 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-21 14:22 749,568 ----a-w c:\windows\iun6002.exe
2008-04-18 17:21 22,328 ----a-w c:\documents and settings\Laurent\Application Data\PnkBstrK.sys
2008-03-03 13:14 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2002-08-29 02:09 167552 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 558635d3af1c7546d26067d5d9b6959e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys
2009-03-15 16:26 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2009-03-15 16:26 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2007-06-13 14:22 1054720 550fd6e2284015dc963bc0e53fdb6e7e c:\windows\explorer.exe
2007-06-13 14:10 1054720 5b1b8a0f8ac56c410159cd1204967013 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 11:45 1026048 718cdf6f600289686dcbb0f82d64be30 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-20 00:09 1053696 95044367a8eed2d1df3501cc5c9042ad c:\windows\$NtUninstallKB938828$\explorer.exe
2004-08-20 00:09 1053696 39238e1a7f788509167037c0293cf86c c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 03:34 1055232 a40e35adbaf9bea43051f70472a77756 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
2007-06-13 14:22 1054720 38ba2c1b678ab893798a6a81e587c8bf c:\windows\system32\dllcache\explorer.exe

2002-08-29 11:45 31232 a54bb6f9983fb3bda10da0f27a730f20 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2004-08-20 00:09 32768 b5788105ac6933c5010ea9a5ee6327f5 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 32768 14158061b29c51d091762d283f09d862 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe
2004-08-20 00:09 32768 50a543ccfa1e3082b1fda495a7fcd17b c:\windows\system32\ctfmon.exe

2005-06-11 00:53 75264 40c876b8e20bed6bca125389582d99ec c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-11 01:17 75264 f71863354b168c1b887c61a7486de68a c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 00:55 70656 b8821cc261cf5a3203c4580c454972dd c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-20 00:10 75264 f81075d561c7c8cc62a24616dc9e0281 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2001-08-28 13:00 68608 253eff5b862397516cd64243531248fc c:\windows\$NtUninstallKB896423_0$\spoolsv.exe
2004-08-20 00:10 75264 bc124dc6d6095a19d143e420c762304e c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 03:34 75264 4b95f85c454e7b41bf14f9ae1f12f46c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe
2005-06-11 00:53 75264 32e0d4fce8c4ebd9f7cca1f4408f14b6 c:\windows\system32\spoolsv.exe

2002-08-29 11:45 39936 81f328c171b57b1d5bb7385a8280b823 c:\windows\$NtServicePackUninstall$\userinit.exe
2004-08-20 00:10 42496 7196d8ee7adb7295ab7933f678526f9d c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 44032 0253fbee0ae51bb246ee5d150a3d6fba c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe
2004-08-20 00:10 42496 de55a7b4e8aef76743b4c3217a133600 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 32768]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"QuickTime Task"="h:\quicktime\qttask.exe" [2008-11-04 434176]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-03-19 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 32768]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"reader_s"="c:\documents and settings\Laurent\reader_s.exe" [2009-03-19 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,c:\windows\system32\gcc.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= c:\windows\system32\l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-03-29 18:37 79224 c:\progra~1\Avast\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\eMule\\emule.exe"=
"f:\\Fritivi\\fritivi.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"h:\\coh\\RelicCOH.exe"=
"f:\\Fritivi\\Fritivi_Recorder.exe"=
"f:\\FileZilla FTP Client\\filezilla.exe"=
"f:\\fritivi 2\\fritivi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Steam\\SteamApps\\nono85\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Steam\\steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"h:\\Battlefield 2\\BF2.exe"=
"h:\\BFVCC Server Manager\\BFVCC.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"h:\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-09 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-09 20560]
R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2001-08-28 187904]
S3 ATE_PROCMON;ATE_PROCMON;\??\f:\anti trojan elite\ATEPMon.sys --> f:\anti trojan elite\ATEPMon.sys [?]
S3 Droppix Service;Droppix Service;c:\program files\Fichiers communs\Droppix\DxService.exe [2008-10-13 172032]
S4 mwfplfmvjqqq;mwfplfmvjqqq;\??\c:\windows\system32\drivers\rtvsxpezi.sys --> c:\windows\system32\drivers\rtvsxpezi.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e210b12b-a046-11dd-84e0-001731c1d0e6}]
\Shell\AutoRun\command - K:\wdsync.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Trojan Killer - f:\gridinsoft trojan killer\trojankiller.exe
HKLM-Run-Anti Trojan Elite - f:\anti trojan elite\TJEnder.exe
HKLM-Run-services - c:\windows\services.exe
HKU-Default-Run-services - c:\windows\services.exe
HKU-Default-Run-rs32net - c:\windows\System32\rs32net.exe
HKLM-Explorer_Run-services - c:\windows\services.exe
HKU-Default-Explorer_Run-services - c:\windows\services.exe
SafeBoot-ati7ubxx.sys
MSConfigStartUp-TrojanScanner - h:\trojan remover\Trjscan.exe


.
------- Examen supplémentaire -------
.
uStart Page = www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - f:\office~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 21:19:59
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\reader_s.exe
c:\windows\system32\gcc.exe 64512 bytes executable
c:\windows\system32\tpszxyd.sys 212480 bytes executable

Scan terminé avec succès
Fichiers cachés: 3

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1450960922-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:26,14,55,a0,39,87,09,bc,77,42,97,0e,e3,a2,3b,94,55,9c,4f,f3,96,
cb,30,93,38,7b,b4,18,34,da,62,5a,b5,71,5f,24,a7,ed,60,a5,9c,13,30,73,3e,60,\
"rkeysecu"=hex a,25,5e,14,c3,70,ac,da,9a,ad,f0,67,30,7c,14,87
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avast\aswUpdSv.exe
c:\program files\Avast\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
f:\cdburnerxp\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
f:\vnc4\winvnc4.exe
c:\program files\Avast\ashMaiSv.exe
c:\program files\Avast\ashWebSv.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Heure de fin: 2009-03-19 21:24:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-19 20:24:32

Avant-CF: 297 644 032 octets libres
Après-CF: 459,919,360 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

292 --- E O F --- 2009-03-19 06:15:00

Une idée ?

Analyse les fichiers suivants sur VirusTotal puis donne les rapports :
c:\windows\ServicePackFiles\i386\explorer.exe
c:\windows\ServicePackFiles\i386\spoolsv.exe
c:\windows\ServicePackFiles\i386\userinit.exe

Spoolsv.exe : Résultat: 22/39 (56.42%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.21 -
AhnLab-V3 5.0.0.2 2009.03.21 -
AntiVir 7.9.0.120 2009.03.20 -
Authentium 5.1.2.4 2009.03.21 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.03.20 Win32:Vitro
AVG 8.5.0.283 2009.03.20 Win32/Virut
BitDefender 7.2 2009.03.21 -
CAT-QuickHeal 10.00 2009.03.21 W32.Virut.G
ClamAV 0.94.1 2009.03.21 -
Comodo 1076 2009.03.20 -
DrWeb 4.44.0.09170 2009.03.21 Win32.Virut.56
eSafe 7.0.17.0 2009.03.19 -
eTrust-Vet 31.6.6409 2009.03.20 Win32/Virut.17408
F-Prot 4.4.4.56 2009.03.20 W32/Virut.AI!Generic
F-Secure 8.0.14470.0 2009.03.20 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.03.21 -
GData 19 2009.03.21 Win32:Vitro
Ikarus T3.1.1.48.0 2009.03.21 -
K7AntiVirus 7.10.677 2009.03.20 -
Kaspersky 7.0.0.125 2009.03.21 Virus.Win32.Virut.ce
McAfee 5559 2009.03.20 W32/Virut.n.gen
McAfee+Artemis 5559 2009.03.20 W32/Virut.n.gen
McAfee-GW-Edition 6.7.6 2009.03.20 Win32.Virut.Gen
Microsoft 1.4502 2009.03.21 Virus:Win32/Virut.BM
NOD32 3953 2009.03.21 Win32/Virut.NBM
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.21 -
Panda 10.0.0.10 2009.03.20 -
PCTools 4.4.2.0 2009.03.20 -
Prevx1 V2 2009.03.21 -
Rising 21.21.51.00 2009.03.21 -
Sophos 4.39.0 2009.03.21 W32/Scribble-B
Sunbelt 3.2.1858.2 2009.03.20 Virus.Win32.Virut.ce (v)
Symantec 1.4.4.12 2009.03.21 W32.Virut.CF
TheHacker 6.3.3.1.287 2009.03.21 W32/Virut.gen2
TrendMicro 8.700.0.1004 2009.03.20 PE_VIRUX.E-1
VBA32 3.12.10.1 2009.03.20 Virus.Win32.Virut.9
ViRobot 2009.3.20.1658 2009.03.20 Win32.Virut.AL
VirusBuster 4.6.5.0 2009.03.20 -
Information additionnelle
File size: 75264 bytes
MD5...: bc124dc6d6095a19d143e420c762304e
SHA1..: be4cc2eba10ded60a6bb4dc50dc3719039cb8ec2
SHA256: 2a8deecef1db8b12ac62eba56172d87151d7ae15f2a036400aaa5b5a438244ae
SHA512: ab22f99567b96cef489eb46512aa609ac1771b305806b5bbb35bb2906543c03b
dbdac8aa995eacdf8ba194f4f0592720611447a2575e0e16355926fa6ab88649
ssdeep: 1536:9AFPYFtRtCbQX0rpH6VygrUGGgodoYt8Ph0l:9AyFaYEGfrUGXoQe
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x637a
timedatestamp.....: 0x41107eb4 (Wed Aug 04 06:14:12 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xba30 0xbc00 5.96 b214d378cdfc098e38bf2c9e37c038c9
.data 0xd000 0x138c 0x1400 2.23 c5a21bf1e7d86df2c21db3ef5c7e28ac
.rsrc 0xf000 0x5e00 0x5200 6.84 35fb32035a89edf39b64ef4446d87aab

( 6 imports )
> msvcrt.dll: __initenv, _exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _XcptFilter, wcsrchr, wcslen, _c_exit, _stricmp, _wcsnicmp, _except_handler3
> ADVAPI32.dll: SetServiceStatus, RegQueryValueExW, AllocateAndInitializeSid, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetLengthSid, InitializeAcl, AddAccessAllowedAce, AddAccessDeniedAce, GetAce, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, RegDisablePredefinedCache, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, GetCurrentProcessId, SetUnhandledExceptionFilter, GetModuleHandleA, GetCurrentThreadId, GetTickCount, UnhandledExceptionFilter, QueryPerformanceCounter, FreeLibrary, InterlockedExchange, GetModuleHandleW, GetLastError, ExitThread, CloseHandle, WaitForSingleObject, CreateEventW, CreateThread, ExitProcess, Sleep, OpenEventW, LoadLibraryA, InitializeCriticalSection, LocalFree, LocalAlloc, SetEvent, LeaveCriticalSection, EnterCriticalSection, SetLastError, OpenProcess, InterlockedIncrement, RaiseException, InterlockedDecrement, GetProcAddress, GetSystemDirectoryW
> GDI32.dll: bMakePathNameW, GdiInitSpool, GdiGetSpoolMessage
> RPCRT4.dll: RpcServerRegisterIf2, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, RpcRaiseException, RpcImpersonateClient, RpcRevertToSelf, NdrServerCall2, RpcServerUseProtseqEpA, I_RpcSsDontSerializeContext, RpcMgmtSetServerStackSize, RpcServerListen
> ntdll.dll: RtlValidRelativeSecurityDescriptor

( 12 exports )
YDriverUnloadComplete, YEndDocPrinter, YFlushPrinter, YGetPrinter, YGetPrinterDriver2, YGetPrinterDriverDirectory, YReadPrinter, YSeekPrinter, YSetJob, YSetPort, YSplReadPrinter, YWritePrinter


userinit.exe : Résultat: 23/39 (58.98%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.21 -
AhnLab-V3 5.0.0.2 2009.03.21 -
AntiVir 7.9.0.120 2009.03.20 W32/Virut.Gen
Authentium 5.1.2.4 2009.03.21 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.03.20 Win32:Vitro
AVG 8.5.0.283 2009.03.20 Win32/Virut
BitDefender 7.2 2009.03.21 -
CAT-QuickHeal 10.00 2009.03.21 W32.Virut.G
ClamAV 0.94.1 2009.03.21 -
Comodo 1076 2009.03.20 -
DrWeb 4.44.0.09170 2009.03.21 Win32.Virut.56
eSafe 7.0.17.0 2009.03.19 -
eTrust-Vet 31.6.6409 2009.03.20 Win32/Virut.17408
F-Prot 4.4.4.56 2009.03.20 W32/Virut.AI!Generic
F-Secure 8.0.14470.0 2009.03.20 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.03.21 -
GData 19 2009.03.21 Win32:Vitro
Ikarus T3.1.1.48.0 2009.03.21 -
K7AntiVirus 7.10.677 2009.03.20 -
Kaspersky 7.0.0.125 2009.03.21 Virus.Win32.Virut.ce
McAfee 5559 2009.03.20 W32/Virut.n.gen
McAfee+Artemis 5559 2009.03.20 W32/Virut.n.gen
McAfee-GW-Edition 6.7.6 2009.03.20 Win32.Virut.Gen
Microsoft 1.4502 2009.03.21 Virus:Win32/Virut.BM
NOD32 3953 2009.03.21 Win32/Virut.NBM
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.21 -
Panda 10.0.0.10 2009.03.20 -
PCTools 4.4.2.0 2009.03.20 -
Prevx1 V2 2009.03.21 -
Rising 21.21.51.00 2009.03.21 -
Sophos 4.39.0 2009.03.21 W32/Scribble-B
Sunbelt 3.2.1858.2 2009.03.20 Virus.Win32.Virut.ce (v)
Symantec 1.4.4.12 2009.03.21 W32.Virut.CF
TheHacker 6.3.3.1.287 2009.03.21 W32/Virut.gen2
TrendMicro 8.700.0.1004 2009.03.20 PE_VIRUX.E-1
VBA32 3.12.10.1 2009.03.20 Virus.Win32.Virut.9
ViRobot 2009.3.20.1658 2009.03.20 Win32.Virut.AL
VirusBuster 4.6.5.0 2009.03.20 -
Information additionnelle
File size: 42496 bytes
MD5...: 7196d8ee7adb7295ab7933f678526f9d
SHA1..: 740013d3304838c88c43e0190d4cf4f9843928c1
SHA256: dc429b9f5adf873b8c0072e9eac17b4b4aec7465d3af25a5e8d60f1a8a1d3546
SHA512: 31369a44f05f9cde6a060544971a6d3988cda3e871dbb56ddec0418322df156d
71d5ae73b540a273b5eb35a25bc103145d8e5a1186c2b0895fcc9435eb63ac51
ssdeep: 768:qxJDUaxgu5YEVBxkjuv7wbaLawPU4HPjZKPjHEdZp2wS9:qxJHxIEVBvT2aL
awPU2PlKbkdrS
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50e5
timedatestamp.....: 0x41107b78 (Wed Aug 04 06:00:24 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4db8 0x4e00 6.01 6e3194c26925387f257056cfd9fbbcc9
.data 0x6000 0x14c 0x200 1.86 cbb599f9267bf53209039d14a3574eb1
.rsrc 0x7000 0x5e00 0x5200 6.58 49fb8c2e9db851ea13796693be69cd51

( 7 imports )
> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> CRYPT32.dll: CryptProtectData
> WINSPOOL.DRV: SpoolerInit
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv
> KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW


explorer.exe : Résultat: 23/39 (58.97%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.21 Virus.Win32.Virut.q!IK
AhnLab-V3 5.0.0.2 2009.03.21 -
AntiVir 7.9.0.120 2009.03.20 -
Authentium 5.1.2.4 2009.03.21 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.03.20 Win32:Vitro
AVG 8.5.0.283 2009.03.20 Win32/Virut
BitDefender 7.2 2009.03.21 -
CAT-QuickHeal 10.00 2009.03.21 W32.Virut.G
ClamAV 0.94.1 2009.03.21 -
Comodo 1076 2009.03.20 -
DrWeb 4.44.0.09170 2009.03.21 Win32.Virut.56
eSafe 7.0.17.0 2009.03.19 -
eTrust-Vet 31.6.6409 2009.03.20 Win32/Virut.17408
F-Prot 4.4.4.56 2009.03.20 W32/Virut.AI!Generic
F-Secure 8.0.14470.0 2009.03.20 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.03.21 -
GData 19 2009.03.21 Win32:Vitro
Ikarus T3.1.1.48.0 2009.03.21 Virus.Win32.Virut.q
K7AntiVirus 7.10.677 2009.03.20 -
Kaspersky 7.0.0.125 2009.03.21 Virus.Win32.Virut.ce
McAfee 5559 2009.03.20 W32/Virut.n.gen
McAfee+Artemis 5559 2009.03.20 W32/Virut.n.gen
McAfee-GW-Edition 6.7.6 2009.03.20 Win32.Virut.Gen
Microsoft 1.4502 2009.03.21 Virus:Win32/Virut.BM
NOD32 3953 2009.03.21 Win32/Virut.NBM
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.21 -
Panda 10.0.0.10 2009.03.20 -
PCTools 4.4.2.0 2009.03.20 -
Prevx1 V2 2009.03.21 -
Rising 21.21.51.00 2009.03.21 -
Sophos 4.39.0 2009.03.21 W32/Scribble-B
Sunbelt 3.2.1858.2 2009.03.20 Virus.Win32.Virut.ce (v)
Symantec 1.4.4.12 2009.03.21 W32.Virut.CF
TheHacker 6.3.3.1.287 2009.03.21 W32/Virut.gen2
TrendMicro 8.700.0.1004 2009.03.20 PE_VIRUX.E-1
VBA32 3.12.10.1 2009.03.20 -
ViRobot 2009.3.20.1658 2009.03.20 Win32.Virut.AL
VirusBuster 4.6.5.0 2009.03.20 -
Information additionnelle
File size: 1053696 bytes
MD5...: 39238e1a7f788509167037c0293cf86c
SHA1..: a0fd59421f30a8f4ca6b910c154073d154c023dc
SHA256: ecc6ce7c70d8a04647aea57ddce87641f727a25357df390465f591af3d57fd3a
SHA512: b1feae8e2565a9e1ba0061bafc1411f76eac6e1bca912df01ee4ab728d0af1eb
5165bbafa7601b2cc5aba0cf0d3dbc97f0768abd07f7495eda48f5f608af33c9
ssdeep: 12288:qzEut4RuAwJgc7fNuIEGp/a0BVa/oXqoJpaz/g/J/v+nn:qzEuAwG2fNuI
Pa0BEoXJaz/g/J/Sn
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1e24e
timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44689 0x44800 6.38 00302f0013beb415c4dd1e5c9908ffda
.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf
.rsrc 0x48000 0xb3280 0xb3400 6.63 cca4388b3a05d3aeb335c2a2d22cceb1
.reloc 0xfc000 0x8800 0x7c00 6.99 76dd959cd81aed4a0ec9ece7ad3303f8

( 13 imports )
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> BROWSEUI.dll: -, -, -, -
> SHDOCVW.dll: -, -, -
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

Infection Virut qui infecte tes fichiers exe, il est préférable de formater pour repartir sur de bonnes bases.

Salut

cest malheureusement ce que je pensais :s

j'ai fais des auvegardes, je reformate.

En tout cas merci pour ton aide

Tu as une vraie version de Windows ?