Help !!! Rundll32 introuvable aprés infection

NyxPunk Messages postés 23 Statut Membre -  
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour,
j'ai un problème assez épineux.... Dimanche j'ai été infecté par des virus alors que j'utilisait l'antivirus avira antivir (antivirus qui n'a fait que trouver les virus mais ne les a ni mis en quarantaine, ni supprimer) pour stopper l'infection j'ai installer la dernière version d'avast . Chose bizarre, mon ordinateur me montrait que comme quoi j'aurait installer un antivirus nommé Win7 antivirus internet security. Ledit antivirus bloquait l'accès a mon centre de sécurité (je suit sous windows seven),me demandait de l'acheter pour qu'il puisse supprimer les 28 virus que contenait mon pc (selon lui),et m'envoyait une tonne de messages d'alerte que comme quoi mon pc est en phase terminale l'antivirus en question apparaissait avec l'icône de limewire !!!! pensant faiire bien , j'ai supprimer limewire. J'ai cru que tout irait bien... c'est la que les ennuis commencent. depuis lundi après midi, je me trouve devant un écran noir,c'est a dire que je n'est pas accès a mon bureau (sauf si je passe par le gestionnaire des taches), ni au menu démarrer. il ouvre automatiquement le dossier "mes documents" dès l'ouverture d'une session. J'ai donc lancer un Scan minutieux avec Avast qui a repérer 7 ou 8 spyware et virus, j'ai pu en supprimer la majorité (il en reste deux qui ne se sont pas supprimer) F-secure lui, me lance des alerte comme quoi il a trouver des codes dangereux tels que :
-rootkit:/W32/tdss.gen!d
-trojan.fakeav.acy
-c:\windows\system32\config\systemprofile\appdata\local\av.acy

Aujourd'hui je rallume mon ordinateur, et la , plus d'ouverture du dossier mes documents , mais a la place un beau" c:\windows\system31\rundll32.exe fichier introuvable. j'arrive toujours a me connecter et a plus ou moins bosser sur mon compte tant que je lance mes applications en tant qu'administrateur...j'ai essayer d'ouvrir msconfig et consort et eux aussi sont introuvable... :s
Pourriez vous s'il vous plait m'aider car je pense que le cas de mon ordinateur s'aggrave d'heure en heure, et je ne veut surtout pas reformater.
Je vous remercie d'avance pour votre aide.

NyxPunk
Configuration: Windows 7
Safari 532.0

43 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le fil décrit une infection sous Windows 7 après utilisation d Avira Antivirus, suivie par l’apparition d’un faux antivirus nommé Win7 Antivirus Internet Security, des blocages d’accès au bureau et des alertes rootkit. Des outils de sécurité comme Avast et F-Secure détectent des spyware, virus et composants malveillants, avec des mentions d éléments tels que rundll32.exe introuvable et c:\windows\system32\config\systemprofile\av.acy. Plusieurs répondants proposent des outils de nettoyage spécialisés (OTL, RSIT, OTMoveIt, OTM, SystemLook) et des procédures en administrateur pour analyser les fichiers, nettoyer les traces et restaurer l accès au système. En parallèle, la discussion souligne que le cas est complexe et qu’un recours à des scans et conseils externes peut être nécessaire, sans conclure à une résolution ni mentionner le reformatage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut NyxPunk

    Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.
    http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

    - Quitte les applications en cours afin de ne pas interrompre le scan.
    - Faire un clique droit sur OTL.exe pour lancer le programme et choisi "Exécuter en tant qu'administrateur".
    - Une fenêtre apparaît. Sous Custom Scans (en bas), copie/colle ceci :

    netsvcs
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.exe
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    /md5stop
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s


    - Clique sur le bouton Run Scan.
    - Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

    - Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.

    Refais le un scan avec SystemLook et poste le rapport avec ceci dans la zone texte :
    :filefind
    rundll32.exe


    @++ :)
    1
  2. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut NyxPunk

    Cela fais trop longtemps, quel problème rencontres-tu?

    @++ :)
    1
  3. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut NyxPunk

    On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

    Les rapports sont dans le dossier ici C:\rsit

    @++ :)
    0
  4. NyxPunk Messages postés 23 Statut Membre
     
    Salut Dédétraqué,
    Je voudrait biien... mais je n'est plus de bureau... donc j'ai ouvert le logiciel que tu ma dit de down' et au moment d'installer HijackThis bah la il me lance un "choisissez le programme a utiliser pour ouvrir se fichier. Sa me faiit sa pour tout. de la connection internet , jusqu'au régleur de sons. je suit obliger de tout langer en administrateur. pour RSIT sa débute biien puis au moment d'installer HijackThis sa me fait "choisissez le programme a utiliser pour ouvrir se fichier" et le fichier a installer en question est.... mon propre compte soit RoXas.exe...en mode sans echec idem...si je pouvait prendre un screen de mon écran (j'saiit pas comment faire ><)je vous aurait montrer .
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. NyxPunk Messages postés 23 Statut Membre
     
    voila finalement j'ai télécharger HijackThis séparément: voici le résultat du Scan d'Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 05:16:38, on 03/02/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\F-Secure\FSGUI\fscuif.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Users\RoXas\AppData\Local\WinDS PRO\windspro.exe
    C:\Program Files\OpenOffice.org 3\program\swriter.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Users\ANTOINE\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\Documents\Downloads\hijackthis-2.0.2.75917.exe
    C:\Users\RoXas\AppData\Local\Temp\hijackthis-2.0.2.75917.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: Shell=explorer.exe rundll32.exe
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [imPlayok] C:\Windows\system32\imPlayok.exe
    O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Google Update] "C:\Users\RoXas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [quaex] C:\Users\RoXas\quaex.exe
    O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
    O4 - HKCU\..\Run: [BMIMZMHMFM] C:\Users\RoXas\AppData\Local\Temp\Qsr.exe
    O4 - HKCU\..\Run: [imPlayok] C:\Users\RoXas\imPlayok.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-1968089887-1377100096-1002104433-1001\..\Run: [Google Update] "C:\Users\ANTOINE\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'ANTOINE')
    O4 - HKUS\S-1-5-18\..\Run: [imPlayok] C:\Windows\system32\config\systemprofile\imPlayok.exe (User 'Système')
    O4 - HKUS\.DEFAULT\..\Run: [imPlayok] C:\Windows\system32\config\systemprofile\imPlayok.exe (User 'Default user')
    O4 - S-1-5-21-1968089887-1377100096-1002104433-1001 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'ANTOINE')
    O4 - S-1-5-21-1968089887-1377100096-1002104433-1001 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'ANTOINE')
    O4 - S-1-5-21-1968089887-1377100096-1002104433-1001 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'ANTOINE')
    O4 - S-1-5-21-1968089887-1377100096-1002104433-1001 User Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'ANTOINE')
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{030784EC-2F7C-4AF4-8320-1C3EC13FD180}: NameServer = 217.175.160.72 217.175.160.77
    O17 - HKLM\System\CS2\Services\Tcpip\..\{030784EC-2F7C-4AF4-8320-1C3EC13FD180}: NameServer = 217.175.160.72 217.175.160.77
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    0
  7. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut NyxPunk

    Faire un clique droit sur le raccourci d'HijackThis sur ton Bureau et choisir exécuter en tant qu'administrateur, clique sur Do a scan system only coche la case devant la(les) ligne(s) suivante(s) si présente(s)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [imPlayok] C:\Windows\system32\imPlayok.exe
    O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
    O4 - HKCU\..\Run: [quaex] C:\Users\RoXas\quaex.exe
    O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
    O4 - HKCU\..\Run: [BMIMZMHMFM] C:\Users\RoXas\AppData\Local\Temp\Qsr.exe
    O4 - HKCU\..\Run: [imPlayok] C:\Users\RoXas\imPlayok.exe
    O4 - HKUS\S-1-5-18\..\Run: [imPlayok] C:\Windows\system32\config\systemprofile\imPlayok.exe (User 'Système')
    O4 - HKUS\.DEFAULT\..\Run: [imPlayok] C:\Windows\system32\config\systemprofile\imPlayok.exe (User 'Default user')


    - Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked

    - Quitte HijackThis

    Redémarre le PC faire un nouveau scan HJT

    -----

    Télécharge SystemLook sur ton Bureau :
    http://jpshortstuff.247fixes.com/SystemLook.exe

    - Faire un clic droit sur SystemLook.exe pour le lancer et choisi "Exécuter en tant qu'administrateur".

    - Copie le contenu en gras ci-dessous et colle-le dans la zone texte de SystemLook :

    :filefind
    explorer.exe


    - Clique sur le bouton Look pour démarrer l'examen.
    - A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.

    @++ :)
    0
  8. NyxPunk Messages postés 23 Statut Membre
     
    Salut Dédétraqué,
    J'ai procédé comme tu m'a dit et je t'envoie le scan de Systemlook:

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 06:10 on 03/02/2010 by RoXas (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "explorer.exe"
    C:\Windows\explorer.exe --a--- 2614272 bytes [03:34 28/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
    C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe --a--- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
    C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe --a--- 2613248 bytes [20:16 09/11/2009] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
    C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe --a--- 2614272 bytes [03:34 28/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
    C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe --a--- 2613248 bytes [20:16 09/11/2009] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
    C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe --a--- 2614272 bytes [03:34 28/01/2010] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917

    -=End Of File=-

    Voila le Rapport de Scan de Systemlook, je te passe aussi le Scan de Hjt, après redémarrage:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:15:19, on 03/02/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\ANTOINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ANTOINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\explorer.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\RoXas\Documents\Downloads\SystemLook.exe
    C:\Users\RoXas\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\notepad.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\trend micro\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: Shell=explorer.exe rundll32.exe
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Google Update] "C:\Users\RoXas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-1968089887-1377100096-1002104433-1001\..\Run: [Google Update] "C:\Users\ANTOINE\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'ANTOINE')
    O4 - S-1-5-21-1968089887-1377100096-1002104433-1001 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'ANTOINE')
    O4 - S-1-5-21-1968089887-1377100096-1002104433-1001 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'ANTOINE')
    O4 - S-1-5-21-1968089887-1377100096-1002104433-1001 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'ANTOINE')
    O4 - S-1-5-21-1968089887-1377100096-1002104433-1001 User Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'ANTOINE')
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{030784EC-2F7C-4AF4-8320-1C3EC13FD180}: NameServer = 217.175.160.72 217.175.160.77
    O17 - HKLM\System\CS2\Services\Tcpip\..\{030784EC-2F7C-4AF4-8320-1C3EC13FD180}: NameServer = 217.175.160.72 217.175.160.77
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    0
  9. NyxPunk Messages postés 23 Statut Membre
     
    salut dédétraqué
    dsl voici la 1ere partie du scan que tu ma demander de faire
    j'arrive pas a tout copier d'un coup je t'envoie sa en plusieurs partie :

    OTL logfile created on: 04/02/2010 00:10:44 - Run 1
    OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\RoXas\Documents\Downloads
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 698,54 Gb Total Space | 540,28 Gb Free Space | 77,34% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ANTOINE-PC
    Current User Name: RoXas
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    [color=#E56717]========== Processes (SafeList) ==========/color

    PRC - [2010/02/04 00:07:07 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\RoXas\Documents\Downloads\OTL.exe
    PRC - [2010/02/01 00:26:46 | 000,056,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
    PRC - [2010/01/31 23:45:31 | 000,356,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    PRC - [2010/01/31 23:43:46 | 000,619,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    PRC - [2010/01/31 23:43:46 | 000,480,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    PRC - [2010/01/28 23:12:23 | 001,818,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\setup\avast.setup
    PRC - [2010/01/28 23:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/12/10 00:22:33 | 000,921,072 | ---- | M] (Google Inc.) -- C:\Users\ANTOINE\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2009/11/13 23:59:59 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2009/08/10 10:48:14 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSMA32.EXE
    PRC - [2009/08/10 10:48:12 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSHDLL32.EXE
    PRC - [2009/08/10 10:47:10 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    PRC - [2009/08/10 10:46:10 | 000,219,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    PRC - [2009/07/14 13:29:06 | 000,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
    PRC - [2009/07/14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
    PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    [color=#E56717]========== Modules (SafeList) ==========/color

    MOD - [2010/02/04 00:07:07 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\RoXas\Documents\Downloads\OTL.exe
    MOD - [2009/08/10 10:48:00 | 000,330,336 | ---- | M] () -- \\?\c:\program files\f-secure\hips\fshook32.dll
    MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

    [color=#E56717]========== Win32 Services (SafeList) ==========/color

    SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
    SRV - [2010/02/01 00:26:46 | 000,056,000 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
    SRV - [2010/01/28 23:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/01/28 23:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/01/28 23:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/12/16 18:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2009/11/06 09:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2009/09/23 14:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
    SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/08/10 10:48:14 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
    SRV - [2009/08/10 10:47:10 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
    SRV - [2009/08/10 10:46:10 | 000,219,744 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
    SRV - [2009/07/14 13:29:06 | 000,215,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
    SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
    SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Programme d’installation ActiveX (AxInstSV)
    SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

    [color=#E56717]========== Driver Services (SafeList) ==========/color

    DRV - [2010/01/31 23:47:33 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
    DRV - [2010/01/31 23:44:47 | 000,107,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
    DRV - [2010/01/28 22:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/01/28 22:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/01/28 22:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/01/28 22:54:27 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/01/28 22:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/10/09 02:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/09/23 14:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
    DRV - [2009/08/10 10:48:02 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
    DRV - [2009/08/10 10:47:10 | 000,071,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
    DRV - [2009/08/10 10:47:00 | 000,035,680 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
    DRV - [2009/08/10 10:46:12 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
    DRV - [2009/08/10 10:46:12 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
    DRV - [2009/08/10 10:46:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
    DRV - [2009/07/15 01:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/14 00:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
    DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 23:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Pilote de connexions réseau Intel(R)
    DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/07/13 21:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
    DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2007/08/03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2004/12/30 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
    0
  10. NyxPunk Messages postés 23 Statut Membre
     
    voici la deuxième partie :

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 C2 5F 50 DF 64 CA 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    [color=#E56717]========== FireFox ==========[/color]

    FF - prefs.js..browser.startup.homepage: "http://www.plusnetwork.com"
    FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:1.5
    FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/17 15:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/31 16:46:52 | 000,000,000 | ---D | M]

    [2009/11/21 02:46:55 | 000,000,000 | ---D | M] -- C:\Users\RoXas\AppData\Roaming\mozilla\Extensions
    [2009/11/21 02:46:55 | 000,000,000 | ---D | M] -- C:\Users\RoXas\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2010/02/03 03:49:51 | 000,000,000 | ---D | M] -- C:\Users\RoXas\AppData\Roaming\mozilla\Firefox\Profiles\j4ec3jmp.default\extensions
    [2009/12/20 04:53:17 | 000,000,000 | ---D | M] -- C:\Users\RoXas\AppData\Roaming\mozilla\Firefox\Profiles\j4ec3jmp.default\extensions\anttoolbar@ant.com
    [2009/11/21 18:39:57 | 000,000,000 | ---D | M] -- C:\Users\RoXas\AppData\Roaming\mozilla\Firefox\Profiles\j4ec3jmp.default\extensions\illimitux@illimitux.net
    [2010/01/19 04:14:48 | 000,001,681 | ---- | M] () -- C:\Users\RoXas\AppData\Roaming\Mozilla\FireFox\Profiles\j4ec3jmp.default\searchplugins\ask.uk.xml
    [2010/02/03 03:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/11/03 02:56:19 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2009/11/03 02:56:19 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2009/11/03 02:56:19 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2009/11/03 02:56:19 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2009/11/03 02:56:19 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
    O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [Google Update] C:\Users\RoXas\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\RoXas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O8 - Extra context menu item: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll (Shareaza Development Team)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000079 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 03:37:08 | 000,000,000 | ---D | M]
    NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2010/02/03 03:39:27 | 000,000,000 | ---D | C] -- C:\Users\RoXas\AppData\Local\ElevatedDiagnostics
    [2010/02/02 02:29:06 | 000,000,000 | ---D | C] -- C:\ToolBar SD
    [2010/02/02 01:23:04 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/02/02 01:23:03 | 000,163,280 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/02/02 01:23:02 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/02/02 01:23:00 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/02/02 01:22:58 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/02/02 01:22:14 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
    [2010/02/02 01:22:14 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
    [2010/02/02 00:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
    [2010/02/02 00:48:19 | 000,000,000 | ---D | C] -- C:\rsit
    [2010/02/02 00:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/02/01 01:45:18 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\Saved
    [2010/02/01 01:45:07 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\Incomplete
    [2010/01/31 23:36:55 | 000,035,680 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys
    [2010/01/31 23:36:49 | 000,071,040 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys
    [2010/01/31 23:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
    [2010/01/31 23:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
    [2010/01/31 23:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure
    [2010/01/31 16:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/01/31 08:02:37 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\Images
    [2010/01/31 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\Album app. photo
    [2010/01/31 06:53:09 | 000,000,000 | R--D | C] -- C:\Users\RoXas\Desktop\Music
    [2010/01/31 06:47:38 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\Final Fantasy XIII Original Soundtrack
    [2010/01/28 04:34:19 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2010/01/24 22:06:11 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\Game
    [2010/01/24 22:05:39 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\pollution
    [2010/01/24 20:12:15 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
    [2010/01/24 20:12:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
    [2010/01/24 20:12:14 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
    [2010/01/24 20:12:14 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
    [2010/01/24 20:12:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
    [2010/01/24 20:12:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
    [2010/01/24 20:12:14 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
    [2010/01/24 20:12:14 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
    [2010/01/24 20:12:14 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
    [2010/01/24 20:12:14 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
    [2010/01/24 20:12:14 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
    [2010/01/24 20:12:14 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
    [2010/01/24 20:12:13 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
    [2010/01/24 20:12:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
    [2010/01/24 20:12:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
    [2010/01/24 20:12:13 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
    [2010/01/24 20:12:13 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
    [2010/01/24 20:12:13 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
    [2010/01/24 20:12:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
    [2010/01/24 20:12:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
    [2010/01/24 20:12:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
    [2010/01/24 20:12:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
    [2010/01/24 20:12:13 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
    [2010/01/24 20:12:13 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
    [2010/01/24 20:12:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
    [2010/01/24 20:12:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
    [2010/01/24 20:12:13 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
    [2010/01/24 20:12:12 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
    [2010/01/24 20:12:12 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
    [2010/01/24 20:12:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
    [2010/01/24 20:12:12 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
    [2010/01/24 20:12:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
    [2010/01/24 20:12:12 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
    [2010/01/24 20:12:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
    [2010/01/24 20:12:12 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
    [2010/01/24 20:12:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
    [2010/01/24 20:12:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
    [2010/01/24 20:12:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
    [2010/01/24 20:12:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
    [2010/01/24 20:12:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
    [2010/01/24 20:12:11 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
    [2010/01/24 20:12:11 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
    [2010/01/24 20:12:11 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
    [2010/01/24 20:12:11 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
    [2010/01/24 20:12:11 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
    [2010/01/24 20:12:11 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
    [2010/01/24 20:12:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
    [2010/01/24 20:12:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
    [2010/01/24 20:12:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
    [2010/01/24 20:12:11 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
    [2010/01/24 20:12:11 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
    [2010/01/24 20:12:11 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
    [2010/01/24 20:12:11 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
    [2010/01/24 20:12:10 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
    [2010/01/24 20:12:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
    [2010/01/24 20:12:10 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
    [2010/01/24 20:12:10 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
    [2010/01/24 20:12:10 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
    [2010/01/24 20:12:10 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
    [2010/01/24 20:12:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
    [2010/01/24 20:12:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
    [2010/01/24 20:12:10 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
    [2010/01/24 20:12:09 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
    [2010/01/24 20:12:09 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
    [2010/01/24 20:12:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
    [2010/01/24 20:12:09 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
    [2010/01/24 20:12:09 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
    [2010/01/24 20:12:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
    [2010/01/24 20:12:09 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
    [2010/01/24 20:12:09 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
    [2010/01/24 20:12:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
    [2010/01/24 20:12:08 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
    [2010/01/24 20:12:08 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
    [2010/01/24 20:12:08 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
    [2010/01/24 20:12:08 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
    [2010/01/24 20:12:08 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
    [2010/01/24 20:12:08 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
    [2010/01/24 20:12:08 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
    [2010/01/24 20:12:07 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
    [2010/01/24 19:54:59 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
    [2010/01/24 19:54:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2010/01/24 19:54:45 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Documents\WinDS PRO ROMs
    [2010/01/24 19:54:36 | 000,000,000 | ---D | C] -- C:\Users\RoXas\AppData\Local\WinDS PRO
    [2010/01/24 19:54:36 | 000,000,000 | ---D | C] -- C:\Users\RoXas\AppData\Roaming\VBA-M
    [2010/01/24 19:54:36 | 000,000,000 | ---D | C] -- C:\Users\RoXas\AppData\Roaming\iDeaS
    [2010/01/24 19:54:36 | 000,000,000 | ---D | C] -- C:\Users\RoXas\AppData\Roaming\DeSmuME
    [2010/01/23 05:10:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/01/23 05:10:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/01/22 23:59:35 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\ds
    [2010/01/22 23:58:38 | 000,000,000 | --SD | C] -- C:\Users\RoXas\Desktop\[www.pokebase.net]No$gba 2.6a
    [2010/01/22 00:55:59 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\comiik
    [2010/01/18 00:55:12 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\Musique
    [2010/01/17 22:44:41 | 000,000,000 | ---D | C] -- C:\Users\RoXas\Desktop\Nouveau dossier (4)
    [2010/01/17 20:03:11 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2010/01/17 18:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/01/14 12:30:44 | 003,453,712 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
    [2010/01/14 12:20:00 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
    [2010/01/14 12:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
    [2010/01/13 22:17:51 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
    [2010/01/13 22:17:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2010/01/05 04:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
    [2010/01/05 04:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2010/01/05 04:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    0
  11. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut NyxPunk

    Ton rapport n'est pas complet, utilise cjoint.com pour poster en lien ton rapport :
    https://www.cjoint.com/

    - Clique sur Parcourir pour aller chercher le rapport
    - Clique sur Ouvrir ensuite sur Créer le lien Cjoint

    - Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

    Sinon voir a le mettre en plusieurs partie

    @++ :)
    0
  12. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut NyxPunk

    Télécharge OTM (de Old_Timer) sur le bureau :

    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    Double-clique sur OTM.exe sur le bureau

    - Copie le texte qui se trouve en gras ci-dessous et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

    :files
    C:\Windows\System32\perfh00C.dat
    C:\Windows\System32\perfh009.dat
    C:\Windows\System32\perfc00C.dat
    C:\Windows\System32\perfc009.dat
    C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    C:\Windows\System32\imPlayok.exe
    C:\Windows\System32\Video .lnk
    C:\Windows\System32\Pictures .lnk
    C:\Windows\System32\Passwords .lnk
    C:\Windows\System32\New Folder .lnk
    C:\Windows\System32\Music .lnk
    C:\Windows\System32\Documents .lnk
    C:\Windows\System32\autorun.inf
    C:\Windows\Temp\mkmh.tmp
    C:\Windows\Temp\qtos.tmp

    :commands
    [purity]
    [emptytemp]
    [reboot]


    - Clique sur MoveIt! pour lancer la suppression.
    - Ferme OTM

    Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

    Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.

    @++ :)
    0
  13. NyxPunk Messages postés 23 Statut Membre
     
    Salut Dédétraqué,
    je t'envoie le Scan d'otm , je pense que tout a été supprimer dans la liste que tu ma donner...mais sans vouloir être trop pressé, j'ai toujours écran noir avec rundll32 introuvable... enfin bref je pense que sa va venir avec la suite de la solution que tu me donne ;) :) voici le lien ci joint du rapport : https://www.cjoint.com/?ceeCkcYOzG
    mercii pour ta précieuse aide ^^.
    0
  14. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut

    Double clic sur OTL.exe pour le lancer.

    ▶ Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Customs Scans/Fixes "

    :Processes
    explorer.exe

    :OTL
    O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    :Files
    C:\Windows\Temp\xprc.tmp

    :Commands
    [Emptytemp]
    [Start explorer]
    [Reboot]


    ▶ Clique sur " RunFix " pour lancer la suppression.

    ▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

    ▶ Au redémarrage , autorise OTL a s'éxecuter.

    ▶ Poste le rapport généré par OTL.

    -----

    Télécharge combofix.exe (de sUBs) sur le bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
    https://forum.pcastuces.com/default.asp
    https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

    ==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

    Double clique sur combofix.exe, clique sur OUI et valide par Entrée

    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

    @++ :)
    0
  15. NyxPunk Messages postés 23 Statut Membre
     
    Salut dédétraqué,
    Problème résolu tout fonctionne normalement, mais je te passe les rapports au cas ou si il y a des choses a supprimer.je te remercie 10000 fois :)j'en avait vraiment besoin pour bosser. Je voudrait t'exposer un dernier problème. Voila je suit amateur de jeux online. Actuellement je joue a rappelz et ether saga. il y a quelques mois, j'était sur vista, et ses jeux fonctionnait normalement. depuis que je suit sous seven , les jeux ne se connectent plus du tout, pire, quand ils daignent se connecter, je me rend comte que je suit le seul en ligne et je reste a peine une minute connectée, avant de voir you are disconnected" si tu pouvait me donner une solution j'en serait ravi, surtout que j'ai l'intention d'acheter Aion Online, et je voudrait vraiment y jouer sans probléme

    Merci infiniment
    NyxPunk

    ps: voici le rapport de combofix : https://www.cjoint.com/?cfdyIBmBsf
    0
  16. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut NyxPunk

    Faire un scan de ce fichier av.exe ici :

    https://www.virustotal.com/gui/

    Clique sur Parcourir et copie/colle ceci :
    c:\users\ANTOINE\AppData\Local\av.exe
    Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.

    Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
    Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.

    Poste le résultat au complet

    Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm

    Faire également un scan de ce fichier :
    c:\windows\Aion_03.scr

    @++ :)
    0
  17. NyxPunk Messages postés 23 Statut Membre
     
    voici le 1er rapport :

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.02.05 -
    AhnLab-V3 5.0.0.2 2010.02.04 Win-Trojan/Fakeav.345088
    AntiVir 7.9.1.158 2010.02.04 -
    Antiy-AVL 2.0.3.7 2010.02.05 -
    Authentium 5.2.0.5 2010.02.05 -
    Avast 4.8.1351.0 2010.02.04 -
    AVG 9.0.0.730 2010.02.05 -
    BitDefender 7.2 2010.02.05 -
    CAT-QuickHeal 10.00 2010.02.04 Trojan.FakeAV.gen
    ClamAV 0.96.0.0-git 2010.02.04 -
    Comodo 3823 2010.02.05 -
    DrWeb 5.0.1.12222 2010.02.05 -
    eSafe 7.0.17.0 2010.02.04 -
    eTrust-Vet 35.2.7283 2010.02.04 -
    F-Prot 4.5.1.85 2010.02.05 -
    F-Secure 9.0.15370.0 2010.02.04 Suspicious:W32/Riskware!Online
    Fortinet 4.0.14.0 2010.02.05 -
    GData 19 2010.02.05 -
    Ikarus T3.1.1.80.0 2010.02.05 -
    Jiangmin 13.0.900 2010.02.04 -
    K7AntiVirus 7.10.966 2010.02.03 -
    Kaspersky 7.0.0.125 2010.02.05 -
    McAfee 5882 2010.02.04 -
    McAfee+Artemis 5882 2010.02.04 -
    McAfee-GW-Edition 6.8.5 2010.02.04 -
    Microsoft 1.5406 2010.02.05 VirTool:Win32/Obfuscator.HG
    NOD32 4836 2010.02.04 -
    Norman 6.04.03 2010.02.04 -
    nProtect 2009.1.8.0 2010.02.04 -
    Panda 10.0.2.2 2010.02.04 -
    PCTools 7.0.3.5 2010.02.05 -
    Prevx 3.0 2010.02.05 High Risk Cloaked Malware
    Rising 22.33.04.01 2010.02.05 Packer.Win32.Agent.bk
    Sophos 4.50.0 2010.02.05 Mal/FakeAV-BT
    Sunbelt 3.2.1858.2 2010.02.05 -
    TheHacker 6.5.1.0.180 2010.02.05 -
    TrendMicro 9.120.0.1004 2010.02.04 TROJ_FAKEAL.SMDO
    VBA32 3.12.12.1 2010.02.04 -
    ViRobot 2010.2.4.2172 2010.02.04 Adware.XP2010.R.345088
    VirusBuster 5.0.21.0 2010.02.04 -
    Information additionnelle
    File size: 345088 bytes
    MD5...: ef243bd70d235c08c21a010c7f13a656
    SHA1..: 4c4932a1e3e85a603ecca3ef1120121282a92a0c
    SHA256: 75297b3124c0104e4ebcab29db5584977eea871a98ed4bc608a74366c04e8deb
    ssdeep: 6144:4hCTI7Xfu/cwGnGXVHxEYGTngILmr6GRTevZNAADraHeW3YJ1a7:4lPX1nG
    XNQTngwGxq7AADWH7yM
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0xcff7
    timedatestamp.....: 0x490d2dc2 (Sun Nov 02 04:34:10 2008)
    machinetype.......: 0x14c (I386)

    ( 6 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xc169 0xc200 7.98 726c435220c365a4be9ece66f748eaee
    .rdata 0xe000 0x49ab9 0x47600 6.04 e0f68b3ae88118b0cba2dc563ef18eb4
    .idata 0x58000 0xdd 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
    .idata 0x59000 0x345 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .data 0x5a000 0xda01d 0x200 1.37 89744e08321519bc0e16e84c51b86e8d
    .rsrc 0x135000 0x275 0x400 3.70 2225f9c009a07c14559a0e44b5ab5309

    ( 7 imports )
    > USER32.DLL: GetActiveWindow, RegisterClassExW, SetPropW, CharUpperA, CharNextW, FillRect, RedrawWindow, SetCursor, GetFocus, SetWindowTextA, GetWindowRect, GetMenuItemCount, GetWindowTextLengthW, CreateWindowExW, SetWindowLongA, GetClassInfoExW, SetCapture, EnableWindow, GetTopWindow, PeekMessageA, LoadIconA, GetDC, MoveWindow, SetScrollInfo, DispatchMessageA, SystemParametersInfoA, UnregisterClassA, LoadMenuW, GetDlgItem, ScreenToClient, LoadStringA, GetParent, GetClientRect, GetCapture, SetActiveWindow, EndPaint
    > KERNEL32.DLL: GetStringTypeA, UnhandledExceptionFilter, GetCurrentThread, GetSystemTimeAsFileTime, FindClose, FindResourceW, LoadLibraryA, InterlockedExchange, LockResource, CompareStringA, FreeEnvironmentStringsW, lstrcmpW, GetModuleHandleA, CloseHandle, GetACP, VirtualAlloc, CreateFileMappingW, GetVolumeInformationW, GetVersion, GetFullPathNameA, Sleep, GetLastError, InitializeCriticalSection, TerminateProcess, InterlockedDecrement, SetHandleCount, GetVersionExA, MulDiv, CreateThread, GetFileSize, GetStartupInfoA, GetProcessHeap, GetTickCount, QueryPerformanceCounter, IsValidLocale, WriteConsoleW, GetSystemInfo, EnterCriticalSection, LoadResource, MultiByteToWideChar, HeapFree, RemoveDirectoryA, GetConsoleOutputCP, DeleteCriticalSection, CreateFileA, InterlockedCompareExchange, lstrcmpA, GetSystemDefaultLangID, SetErrorMode, TlsAlloc, GetEnvironmentStrings, lstrlenW, GetModuleFileNameA, IsBadCodePtr, HeapAlloc, LeaveCriticalSection, FormatMessageW, LCMapStringW, GlobalLock, GetFileType, GetFileInformationByHandle, FileTimeToSystemTime, HeapDestroy, LocalAlloc, CreateEventW, DuplicateHandle, WriteFile, GetProcAddress, SetConsoleCP, SetLastError, GetCurrentProcess, CopyFileA, GetDiskFreeSpaceA, IsBadReadPtr, GetCommandLineA, SetStdHandle, GetCurrentThreadId, GetOEMCP, GetEnvironmentStringsW, GetStringTypeW, lstrlenA, CreateProcessW, ExitProcess, FreeLibrary, GetComputerNameW
    > MSVCRT.DLL: __2@YAPAXI@Z, __0exception@@QAE@XZ, __set_app_type, _vsnwprintf, wcschr, iswdigit, ___V@YAXPAX@Z, wcstol, __setusermatherr, wcsstr, wcsncmp, _onexit, _adjust_fdiv, atoi, _CxxThrowException, _unlock
    > GDI32.DLL: GetObjectA, SetTextAlign, StretchBlt, SelectObject, StretchDIBits, SetTextColor, DeleteObject
    > LZ32.DLL: LZOpenFileA, LZSeek, LZOpenFileW
    > ADVAPI32.DLL: RegDeleteValueA, RegCloseKey, RegSetValueExW, RegQueryInfoKeyA, RegDeleteValueW, RegCreateKeyExW, CryptReleaseContext, GetTokenInformation, RegDeleteKeyA, RevertToSelf
    > OLE32.DLL: CoTaskMemRealloc, CoRegisterPSClsid, CoTaskMemAlloc

    ( 0 exports )
    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Win32 Executable Generic (68.0%)
    Generic Win/DOS Executable (15.9%)
    DOS Executable Generic (15.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: n/a
    copyright....: n/a
    product......: n/a
    description..: n/a
    original name: n/a
    internal name: n/a
    file version.: n/a
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4E77ACB900EDC86E44D40573CCBC1C00F555FD9C' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4E77ACB900EDC86E44D40573CCBC1C00F555FD9C</a>
    0
  18. NyxPunk Messages postés 23 Statut Membre
     
    voila le second rapport :

    Antivirus Version Dernière mise à jour Résultat
    AVG 9.0.0.730 2010.02.05 -
    BitDefender 7.2 2010.02.05 -
    ClamAV 0.96.0.0-git 2010.02.04 -
    DrWeb 5.0.1.12222 2010.02.05 -
    eSafe 7.0.17.0 2010.02.04 -
    F-Secure 9.0.15370.0 2010.02.04 -
    GData 19 2010.02.05 -
    Jiangmin 13.0.900 2010.02.04 -
    K7AntiVirus 7.10.966 2010.02.03 -
    Kaspersky 7.0.0.125 2010.02.05 -
    McAfee-GW-Edition 6.8.5 2010.02.04 -
    Microsoft 1.5406 2010.02.05 -
    NOD32 4836 2010.02.04 -
    Norman 6.04.03 2010.02.04 -
    Prevx 3.0 2010.02.05 -
    TheHacker 6.5.1.0.180 2010.02.05 -
    VBA32 3.12.12.1 2010.02.04 -
    Information additionnelle
    File size: 903680 bytes
    MD5...: 7234fea58fe972e8d1b3d96dec67fbc5
    SHA1..: 356a8ac6c80fe2fa4876f24ca849e547110d3bec
    SHA256: 09ab5940a90c1ddc672b14b8be79a39c1f0dde3d5ad28b83c71fca9ff322dcad
    ssdeep: 12288:NY6y8Byt0qyhrD7e2Dg0n750f8fzTKolPtDjrkuc1KPf9:q6yt0qSTDTlV
    LZlPdIuc18
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x84864
    timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
    machinetype.......: 0x14c (I386)

    ( 8 sections )
    name viradd virsiz rawdsiz ntrpy md5
    CODE 0x1000 0x84604 0x84800 6.55 fb76bf9088a7912a12bd1ebc25508fae
    DATA 0x86000 0x1c50 0x1e00 4.57 dd51fdd3ba30788a289aa38840fbc677
    BSS 0x88000 0x1509 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .idata 0x8a000 0x2626 0x2800 4.91 715e977686b2db47082679bbc8da46b8
    .tls 0x8d000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .rdata 0x8e000 0x2c 0x200 0.56 94e2599914d5f3720635f72d6d1fdfef
    .reloc 0x8f000 0x8b54 0x8c00 6.66 d9b0c5cb9a03ded8987796a7c2df9f74
    .rsrc 0x98000 0x4aa00 0x4aa00 4.39 240d7fe88791165cf2a8b9b46dc9abc5

    ( 15 imports )
    > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
    > user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
    > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
    > oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
    > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
    > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
    > kernel32.dll: lstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetComputerNameA, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileA, CreateEventA, CompareStringA, CloseHandle
    > gdi32.dll: UnrealizeObject, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
    > user32.dll: WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumDisplaySettingsA, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, ChangeDisplaySettingsA, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
    > kernel32.dll: Sleep
    > oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit
    > ole32.dll: CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
    > oleaut32.dll: GetErrorInfo, GetActiveObject, SysFreeString
    > comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
    > winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter

    ( 0 exports )
    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Win32 Executable Borland Delphi 7 (66.6%)
    Win32 Executable Borland Delphi 6 (26.1%)
    InstallShield setup (4.2%)
    Win32 Executable Delphi generic (1.4%)
    Win32 Executable Generic (0.8%)
    0
  19. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut NyxPunk

    Cela change tout, on va vérifier le contenu de ce dossier alors :

    Faire un clic droit sur SystemLook.exe pour le lancer et choisi "Exécuter en tant qu'administrateur".

    - Copie le contenu en gras ci-dessous et colle-le dans la zone texte de SystemLook :

    :dir
    c:\users\ANTOINE\AppData\Local\mtg /s


    - Clique sur le bouton Look pour démarrer l'examen.
    - A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.

    @++ :)
    0
  20. NyxPunk Messages postés 23 Statut Membre
     
    Salut dédétraqué,
    voici le rapportde systemlook :

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 03:09 on 06/02/2010 by RoXas (Administrator - Elevation successful)

    ========== dir ==========

    c:\users\ANTOINE\AppData\Local\mtg - Parameters: "/s "

    ---Files---
    None found.

    No folders found.

    -=End Of File=
    0
  • 1
  • 2
  • 3