Dossier catch me sur sur bureau insupprimable

cricri -  
 Utilisateur anonyme -
Bonjour à tous !

Voilà j'ai depuis l'arrivée de plusieurs virus sur mon pc un icone "catch me" insupprimable comment dois-je faire pour le balancer ... si qqun peut m'aider :) Merci d'avance !
Configuration: Windows XP
Internet Explorer 7.0

6 réponses

  1. Utilisateur anonyme
     
    Bonjour,
    Alors tu as deux antivirus qui tournent sur ton PC :
    Si tu n'as pas acheté Norton supprime le stp en utilisant ce lien : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
    Sinon supprime Antivir.

    Ensuite,
    > Bon il te faut un pare feu :
    - Je te conseille Kerio : http://www.commentcamarche.net/telecharger/telecharger 206 kerio . Si problème, tuto : https://kerio.probb.fr/
    - Si tu as des difficultés avec les configuration de Kerio, alors installe Zone Alarme : /telecharger/telecharger-157-zonealarm, en cas de problème : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/zonealarm-tutorial-sujet_169658_1.htm
    - Installe le nouveau pare-feu, puis désactive le pare-feu windows.

    Après,
    > Télécharge, puis installe MSNFix (de !aur3n7) : http://sosvirus.changelog.fr/MSNFix.zip , tuto de Malekal : https://www.malekal.com/supprimer-virus-desinfecter-pc/ (si tu as besion).
    - Décompresse donc le dossier zip MSNFix et lance le fichier "MSNFix.bat". Une fenêtre bleue doit apparaitre.
    - Mets l'interface en français en appuyant sur la touche F puis sur Entrée.
    - Lance la recherche de virus en appuyant sur la touche R puis sur Entrée.
    Si un virus est détecté, il te sera alors demandé de nettoyer l'ordinateur.
    Un message d'erreur concernant la suppression impossible d'un fichier sera résolu par un redémarrage.
    Après le nettoyage, la barre "Démarrer" s'efface puis réapparait, cela fait partie de la procédure de nettoyage.
    - Poste le rapport qui s'ouvre en fin de nettoyage sur le forum stp.

    Si ta barre "Démarrer" ne s'affiche toujours pas, il suffit de faire :
    Ctrl + Alt + Suppr (sous Windows XP), ou Ctrl + Maj + Echap (sous Windows Vista) pour ouvrir le Gestionnaire de tâches Windows.
    - Fais ensuite "Fichier", puis "Nouvelle tâche" et entre explorer.exe dans la fenêtre qui apparait et finis par "OK".

    - redémarre ton ordinateur pour achever le nettoyage !

    Bon courage.

    A+
    1
    1. cricri
       
      Alors voici le rapport msnfix:
      MSNFix 1.693

      C:\Documents and Settings\cricri\Bureau\Raccourcis Bureau non utilis‚s\MSNFix\MSNFix
      Fix exécuté le 11.04.2008 - 16:16:46.01 By cricri
      mode normal

      ************************ Recherche les fichiers présents

      Aucun Fichier trouvé

      ************************ Recherche les dossiers présents

      Aucun dossier trouvé


      ************************ Fichiers suspects

      Aucun Fichier trouvé


      ************************ HKLM\...\Winlogon\Userinit

      Userinit = C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\cricri\Bureau\catchme\services.exe


      ------------------------------------------------------------------------
      Auteur : !aur3n7 Contact: https://www.ionos.fr/
      ------------------------------------------------------------------------

      --------------------------------------------- END ---------------------------------------------

      Voilà j'ai bien desinstallé le pare-feu windows et installé le nouveau ZoneAlarm bien évidemment maintenant j'ai une vignette avec une croix rouge ds la barre de lancement rapide ... je suppose que c'est normal. N'ai pas pu installer le premier et le deuxième firewall c'est pkoi j'ai pris le troisième.

      Voilà :) j'espère que j'ai rien loupé et j'attends de tes news. Merci

      @ plus

      cricri
      0
  2. Utilisateur anonyme
     
    Bonjour,
    Alors,
    > Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau : http://www.techsupportforum.com/sectools/Deckard/dss.exe
    - Choisis <enregistrer> et <Bureau> pour l'emplacement.
    - Ferme toutes les applications en cours (même internet). C'est important car sinon le PC peut planter.
    - Double-clique sur dss.exe pour lancer l'outil.
    - S'il ne trouve pas HijackThis, clique sur Oui.
    - Clique sur OK à chaque fois que cela te sera demandé.
    - Une fois l'analyse finie un rapport s'affichera. Poste son contenu dans ta réponse.
    NB : Le rapport se trouve aussi ici : C:\Deckard\System Scanner\main.txt

    Bon courage,

    A+
    0
    1. cricri
       
      Coucou,

      Merci de la réponse alors je me suis executée et voici les 2 rapports :

      Deckard's System Scanner v20071014.68
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Édition familiale (build 2600) SP 2.0
      Architecture: X86; Language: French

      CPU 0: Intel(R) Pentium(R) M processor 1.70GHz
      Percentage of Memory in Use: 52%
      Physical Memory (total/avail): 1014.42 MiB / 485.11 MiB
      Pagefile Memory (total/avail): 2444.68 MiB / 1991.82 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1941.06 MiB

      C: is Fixed (NTFS) - 46.58 GiB total, 21.62 GiB free.
      D: is Fixed (NTFS) - 46.58 GiB total, 46.53 GiB free.
      E: is CDROM (No Media)

      \\.\PHYSICALDRIVE0 - TOSHIBA MK1032GSX - 93.16 GiB - 2 partitions
      \PARTITION0 (bootable) - Système de fichiers installable - 46.58 GiB - C:
      \PARTITION1 - Étendu avec Inter. 13 étendue - 46.58 GiB - D:



      -- Security Center -------------------------------------------------------------

      AUOptions is scheduled to auto-install.
      Windows Internal Firewall is enabled.

      FirstRunDisabled is set.

      FW: Norton Internet Worm Protection v2006 (Symantec) [COLOR=RED]Disabled/COLOR
      AV: Avira AntiVir PersonalEdition v 7.0.3.143
      (Avira GmbH) [COLOR=RED]Disabled/COLOR

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\\DOCUME~1\\cricri\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\cricri\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\Documents and Settings\\cricri\\Bureau\\catchme\\services.exe"="C:\\Documents and Settings\\cricri\\Bureau\\catchme\\services.exe:*:Enabled:Flash Media"
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users
      APPDATA=C:\Documents and Settings\cricri\Application Data
      CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
      CLIENTNAME=Console
      CommonProgramFiles=C:\Program Files\Fichiers communs
      COMPUTERNAME=CHRISTELLE
      ComSpec=C:\WINDOWS\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\cricri
      LOGONSERVER=\\CHRISTELLE
      NUMBER_OF_PROCESSORS=1
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\DESKJET
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
      PROCESSOR_LEVEL=6
      PROCESSOR_REVISION=0d08
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\cricri\LOCALS~1\Temp
      TMP=C:\DOCUME~1\cricri\LOCALS~1\Temp
      USERDOMAIN=CHRISTELLE
      USERNAME=cricri
      USERPROFILE=C:\Documents and Settings\cricri
      windir=C:\WINDOWS


      -- User Profiles ---------------------------------------------------------------

      cricri [I](admin)/I


      -- Add/Remove Programs ---------------------------------------------------------

      --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
      --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
      Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
      Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 7.0.9 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
      Adobe® Photoshop® Album Edition Découverte 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
      ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
      Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
      Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
      Assist TOSHIBA --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x40c
      Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x040c -removeonly
      AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
      Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
      AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Fichiers communs\AVSMedia\AVS DVDMenu Editor\unins000.exe"
      AVS iDevice Explorer 1.4 --> "C:\Program Files\AVS4YOU\AVSiDeviceExplorer\unins000.exe"
      AVS Video Converter 5.6 --> "C:\Program Files\AVS4YOU\AVSVideoConverter\unins000.exe"
      AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
      Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
      Calculatrice (CalcCF) Standart 1.01 --> "C:\Program Files\CalcCF_Standart\unins000.exe"
      CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
      CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
      Commandes TOSHIBA --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x40c UNINSTALL
      Corel Paint Shop Pro Photo XI --> MsiExec.exe /X{93A1B09E-BAFA-4628-A5B6-921CB026955A}
      Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
      Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
      Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
      Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
      Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
      Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
      Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
      Debut --> C:\Program Files\NCH Software\Debut\uninst.exe
      Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
      Extension de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
      Firebird SQL Server - MAGIX Edition (F) --> C:\MAGIX\Common\Database\uninstall.exe
      FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
      FLV Player 2.0, build 23 --> C:\Program Files\FLV Player\uninst.exe
      Formatage de carte mémoire SD TOSHIBA --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\setup.exe"
      Gestion d'énergie TOSHIBA --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
      Google Earth --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
      Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
      Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
      HijackThis 2.0.2 --> "C:\Documents and Settings\cricri\Mes documents\Mes fichiers reçus\HijackThis.exe" /uninstall
      Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
      InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
      InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
      J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
      LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
      Logiciel QuickCam de Logitech --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x40c
      Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x40c UNINSTALL
      Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
      MAGIX Audio Cleanic 2007 deluxe (F) --> C:\MAGIX\Audio_Cleanic_2007_deluxe\instslct.exe
      MAGIX Music Manager 2006 (F) --> C:\MAGIX\Music_Manager_2006\instslct.exe
      MAGIX Photo Manager 2006 (F) --> C:\MAGIX\Photo_Manager_2006\instslct.exe
      Manuels TOSHIBA --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x40c -removeonly
      Menus intelligents (Windows Live Toolbar) --> MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
      Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
      Microsoft Calculatrice Plus --> MsiExec.exe /I{13922F10-BD74-4912-AB11-E34B35062700}
      Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
      Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
      Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
      Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
      Motorola Phone Tools --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x40c -removeonly
      MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
      MSNFix 1.693 --> "C:\Program Files\MSNFix\unins000.exe"
      Navigation par onglets (Windows Live Toolbar) --> MsiExec.exe /X{E916E61F-DE9D-4EAF-91E1-CEB50016326A}
      OpenOffice.org 2.3 --> MsiExec.exe /I{331DFBF7-734D-4545-8A9D-48CB5D73AF07}
      Outil de diagnostic PC TOSHIBA --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
      PC Connectivity Solution --> MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
      Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
      Prism Video Converter --> C:\Program Files\NCH Software\Prism\uninst.exe
      Programme de gestion Camera de Logitech® --> "C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
      Quick Help --> C:\Program Files\Bluewin\Quick Help\unQuickHelp.exe
      QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
      RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
      Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
      REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x40c REMOVE
      Réducteur de bruit lect. CD/DVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c
      S500/S600 USB Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{514DF7BB-D192-417C-BB60-58BF1FD34253}\Setup.exe" anything
      SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
      Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
      Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
      Shareaza 2.3.1.0 --> "C:\CreativesFiles\Uninstall\unins000.exe"
      Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
      Son virtuel TOSHIBA --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\setup.exe" /uninstall
      Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
      Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
      Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
      SRS Audio Sandbox --> MsiExec.exe /I{4877CCD5-6B0B-4B3A-8EF1-911D946B8B94}
      Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E18E644D-4FC1-4E7F-87B7-A0288A14A322} /l1036
      TOSHIBA Accessibility --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1036
      TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x40c UNINSTALL
      TOSHIBA Hardware Setup --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1036
      TOSHIBA Mot de passe responsable --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1036
      TOSHIBA Software Modem --> Tosmreg -U
      Touch and Launch --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\setup.exe"
      Utilitaire de zoom TOSHIBA --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe" -l0x40c
      Utilitaire Hotkey TOSHIBA --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1036
      Utilitaire TouchPad ON/OFF --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1036
      Version 2 --> "C:\Program Files\deo\unins000.exe"
      VideoEgg Publisher --> C:\Documents and Settings\cricri\Application Data\VideoEgg\Uninstall.exe
      VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
      VSTax 2006 --> "C:\Program Files\VSTax 2006\Uninstall_VSTax 2006\Deinstallation_VSTax 2006.exe"
      Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
      Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
      Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
      Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
      Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
      Windows Live Toolbar --> MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
      Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
      XnView 1.93.4 --> "C:\Program Files\XnView\unins000.exe"
      YouTUBE (TM) movie downloader --> MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}
      Zattoo 3.0.5 beta --> C:\Program Files\Zattoo\uninst.exe


      -- Application Event Log -------------------------------------------------------

      Event Record #/Type2750 / Warning
      Event Submitted/Written: 04/10/2008 10:05:28 AM
      Event ID/Source: 4113 / H+BEDV AntiVir
      Event Description:
      AntiVir has detected 'TR/Crypt.XPACK.Gen'
      in the file
      C:\Documents and Settings\cricri\Bureau\catchme\services.exe

      Event Record #/Type2744 / Error
      Event Submitted/Written: 04/10/2008 10:03:16 AM
      Event ID/Source: 1000 / Application Error
      Event Description:
      Application défaillante , version 0.0.0.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.
      Traitement de l'événement propre au support pour [!ws!]

      Event Record #/Type2743 / Warning
      Event Submitted/Written: 04/10/2008 10:03:15 AM
      Event ID/Source: 4113 / H+BEDV AntiVir
      Event Description:
      AntiVir has detected 'TR/Crypt.XPACK.Gen'
      in the file
      C:\Documents and Settings\cricri\Bureau\catchme\services.exe

      Event Record #/Type2729 / Warning
      Event Submitted/Written: 04/10/2008 09:40:53 AM
      Event ID/Source: 4113 / H+BEDV AntiVir
      Event Description:
      AntiVir has detected 'TR/Crypt.XPACK.Gen'
      in the file
      C:\Documents and Settings\cricri\Bureau\catchme\services.exe

      Event Record #/Type2728 / Warning
      Event Submitted/Written: 04/10/2008 09:40:47 AM
      Event ID/Source: 4113 / H+BEDV AntiVir
      Event Description:
      AntiVir has detected 'TR/Crypt.XPACK.Gen'
      in the file
      C:\Documents and Settings\cricri\Bureau\catchme\services.exe



      -- Security Event Log ----------------------------------------------------------

      No Errors/Warnings found.


      -- System Event Log ------------------------------------------------------------

      Event Record #/Type4940 / Error
      Event Submitted/Written: 04/10/2008 05:39:39 PM
      Event ID/Source: 7011 / Service Control Manager
      Event Description:
      Délai (30000 millisecondes) d'attente pour une réponse du service stisvc à une transaction.

      Event Record #/Type4845 / Warning
      Event Submitted/Written: 04/09/2008 09:42:00 PM
      Event ID/Source: 36 / W32Time
      Event Description:
      Le service de temps n'a pas pu synchroniser l'heure système de 49152
      secondes car aucun fournisseur de temps n'a pu fournir de datage
      utilisable. L'horloge système n'est pas synchronisée.

      Event Record #/Type4715 / Warning
      Event Submitted/Written: 04/08/2008 09:07:38 PM
      Event ID/Source: 36 / W32Time
      Event Description:
      Le service de temps n'a pas pu synchroniser l'heure système de 49152
      secondes car aucun fournisseur de temps n'a pu fournir de datage
      utilisable. L'horloge système n'est pas synchronisée.

      Event Record #/Type4714 / Warning
      Event Submitted/Written: 04/08/2008 08:33:46 PM
      Event ID/Source: 4226 / Tcpip
      Event Description:
      TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

      Event Record #/Type4681 / Warning
      Event Submitted/Written: 04/08/2008 07:22:49 AM
      Event ID/Source: 4226 / Tcpip
      Event Description:
      TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.



      -- End of Deckard's System Scanner: finished at 2008-04-10 17:41:14 ------------


      Et voici le deuxième:

      Deckard's System Scanner v20071014.68
      Run by cricri on 2008-04-10 17:38:56
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      65: 2008-04-10 15:39:05 UTC - RP65 - Deckard's System Scanner Restore Point
      64: 2008-04-09 06:00:25 UTC - RP64 - Software Distribution Service 3.0
      63: 2008-04-09 05:00:51 UTC - RP63 - Software Distribution Service 3.0
      62: 2008-04-04 06:00:20 UTC - RP62 - Software Distribution Service 3.0
      61: 2008-04-03 12:25:02 UTC - RP61 - Software Distribution Service 3.0


      -- First Restore Point --
      1: 2008-03-20 10:47:17 UTC - RP1 - Point de vérification système


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as cricri.exe) ----------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:39:55, on 10.04.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\Program Files\Fichiers communs\Motive\McciCMService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\PSIService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      C:\WINDOWS\system32\ZoomingHook.exe
      C:\WINDOWS\system32\TCtrlIOHook.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\WINDOWS\system32\TPSMain.exe
      C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\Documents and Settings\cricri\Bureau\dss.exe
      C:\DOCUME~1\cricri\MESDOC~1\MESFIC~1\cricri.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\cricri\Bureau\catchme\services.exe
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
      O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Flash Media] C:\Documents and Settings\cricri\Bureau\catchme\services.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Quick Help.lnk = C:\Program Files\Bluewin\Quick Help\bin\matcli.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ch\msntabres.dll.mui/229?185c63c6c6294bed8cab32e35a2e96f4
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ch\msntabres.dll.mui/230?185c63c6c6294bed8cab32e35a2e96f4
      O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      0
    2. cricri
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [06.09.2003 19:16]
      "AGRSMMSG"="AGRSMMSG.exe" [22.12.2004 10:10 C:\WINDOWS\agrsmmsg.exe]
      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [24.03.2004 07:40]
      "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [06.09.2005 14:04]
      "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [25.08.2005 19:11]
      "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [01.05.2004 13:45]
      "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [01.05.2004 13:45]
      "Zooming"="ZoomingHook.exe" [06.06.2005 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
      "TCtryIOHook"="TCtrlIOHook.exe" [22.08.2005 16:49 C:\WINDOWS\system32\TCtrlIOHook.exe]
      "TPSMain"="TPSMain.exe" [12.08.2005 11:14 C:\WINDOWS\system32\TPSMain.exe]
      "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [17.05.2005 09:24]
      "TFncKy"="TFncKy.exe" []
      "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [30.08.2005 12:31]
      "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [05.04.2005 16:25]
      "NDSTray.exe"="NDSTray.exe" []
      "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [31.05.2005 05:33]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
      "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [07.12.2005 10:26]
      "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [07.12.2005 11:33]
      "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01.11.2004 17:22]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [15.11.2007 00:43]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [05.08.2004 12:00]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" []
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
      "Motive SmartBridge"="C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe" [13.09.2005 10:57]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [19.07.2005 20:09]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [19.07.2005 20:06]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [19.07.2005 20:10]
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [09.12.2005 15:32]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 11:25]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [31.03.2008 10:24]
      "Flash Media"="C:\Documents and Settings\cricri\Bureau\catchme\services.exe" [27.03.2008 18:53]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [08.04.2008 17:19]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05.08.2004 14:00]
      "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [11.04.2005 16:08]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01.02.2008 18:22]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18.10.2007 12:34]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [30.10.2007 10:14]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

      C:\Documents and Settings\cricri\Menu D‚marrer\Programmes\D‚marrage\
      OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17.08.2007 22:57:56]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 23:05:26]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [30.10.2007 10:14:55]
      Quick Help.lnk - C:\Program Files\Bluewin\Quick Help\bin\matcli.exe [18.03.2008 13:34:01]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"=0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\cricri\Bureau\catchme\services.exe"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      "Notification Packages"= scecli scecli scecli scecli




      -- End of Deckard's System Scanner: finished at 2008-04-10 17:41:14 ------------
      0
  3. Utilisateur anonyme
     
    Re,
    Ok,
    très bien : on continue le nettoyage :
    > Les logiciels suivants (MalwareByte's Anti-Malware et Ccleaner) te seront utiles par la suite - ils sont à conserver...

    > Télécharge MalwareByte's Anti-Malware :
    - Installe le programme puis lance le stp.
    NB : S'il te manque COMCTL32.OCX alors télécharge le ici
    - Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour") puis ferme le programme.
    NB : Si tu as besoin : Tuto

    > Télécharge et installe Ccleaner :
    - Fais les mises à jour puis ferme le programme.
    Si besoin est tu trouveras des Tutoriaux : ici, ici et là.

    > Télécharge Clean (de Malekal Morte) (différent de Ccleaner)

    > Télécharge SDFix (de AndyManchesta) sur ton bureau :
    - Double clique sur l'archive SDFix qui à été créé sur le Bureau et installe le programme (l'installation va créer un dossier (à la racine du disque dur par défaut) nommé SDFix. Ferme ensuite le programme.

    > Commence par faire un copier/coller de ce poste (cette manip.): (conseillé)
    Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
    puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
    Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec.

    > Démarre en mode sans échec : (image). Si problème : tuto ici

    > Lance MalwareByte's Anti-Malware,
    - Clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
    - A la fin clique sur clique "supprimer" (Si des éléments très difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
    - Un rapport va être généré : sauvegarde le et poste le sur forum stp.

    > Lance Ccleaner,
    - Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
    - Dans l'onglet "Nettoyeur" clique sur "Analyse".
    - Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
    - Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
    N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
    Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

    > Pour Clean (encore en mode sans échec) :
    - Double-clic sur clean.cmd
    - Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean (Le rapport clean se trouve ici : C:\rapport_clean.txt)
    NB : Si besoin : Tuto

    > Pour SDFix (toujours en mode sans échec) :
    - Vas dans c:/SDFix et double-clique sur RunThis.bat
    - Appuie sur < Y > puis < Entrée >....Le nettoyage commence....patience...
    - Le programme va te demander de relancer le PC, frappe une touche...
    - Le nettoyage se termine...un rapport apparait...
    -Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

    > Relance ton PC en mode normal

    > Relance Hijackthis :
    Puis sélectionne < do a system scan and save a logfile >,

    Et envoie moi, par collier/coller, ton log Hijackthis stp,

    Bon courage,
    Après on termine.

    :)

    NB : N'oublie pas de poster TOUS les rapports stp ( MalwareByte's Anti-Malware, Clean (différent de Ccleaner), SDFix puis HiJAckT).

    A+
    0
    1. cricri
       
      Re,

      alors voilà ce que tu m'as demandé en espérant que tout y soit:

      Malwarebytes' Anti-Malware 1.11
      Version de la base de données: 614

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 105593
      Temps écoulé: 2 hour(s), 11 minute(s), 31 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 30
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 13
      Fichier(s) infecté(s): 154

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> No action taken.
      HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
      HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> No action taken.
      HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoEgg.ActiveXLoader (Adware.VideoEgg) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoEgg.ActiveXLoader.1 (Adware.VideoEgg) -> No action taken.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Documents and Settings\cricri\Application Data\VideoEgg (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Data (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> No action taken.

      Fichier(s) infecté(s):
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> No action taken.
      C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> No action taken.





      [b]SDFix: Version 1.169 /b
      Run by cricri on 11.04.2008 at 21:02

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\DOCUME~1\cricri\Bureau\SDFix

      [b]Checking Services /b:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      [b]Checking Files /b:

      Trojan Files Found:

      C:\Documents and Settings\cricri\real.txt - Deleted





      Removing Temp Files

      [b]ADS Check /b:



      [b]Final Check /b:

      catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-11 21:11:52
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      C:\Documents and Settings\cricri\Bureau\catchme\services.exe [784] 0x8667CDA0

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
      "TracesProcessed"=dword:000000ae
      "TracesSuccessful"=dword:00000003

      scanning hidden files ...


      scan completed successfully
      hidden processes: 1
      hidden services: 0
      hidden files: 130


      [b]Remaining Services /b:



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\\DOCUME~1\\cricri\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\cricri\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\Documents and Settings\\cricri\\Bureau\\catchme\\services.exe"="C:\\Documents and Settings\\cricri\\Bureau\\catchme\\services.exe:*:Enabled:Flash Media"
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

      [b]Remaining Files /b:


      File Backups: - C:\DOCUME~1\cricri\Bureau\SDFix\backups\backups.zip

      [b]Files with Hidden Attributes /b:

      Thu 11 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
      Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
      Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
      Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
      Tue 8 Apr 2008 168 ..SHR --- "C:\WINDOWS\system32\123DAD79B6.sys"
      Tue 8 Apr 2008 3,036 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
      Thu 3 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
      Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"

      [b]Finished!/b


      Script execute en mode sans echec
      Rapport clean par Malekal_morte - http://www.malekal.com
      Script execute en mode sans echec 11.04.2008 a 21:43:31.28

      Microsoft Windows XP [version 5.1.2600]

      *** Suppression des fichiers dans C:

      *** Suppression des fichiers dans C:\WINDOWS\

      *** Suppression des fichiers dans C:\WINDOWS\system32

      *** Suppression des fichiers dans C:\Program Files

      *** Suppression des clefs du registre effectuee..



      catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-11 22:04:06
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      C:\Documents and Settings\cricri\Bureau\catchme\services.exe [496] 0x868EF4F0

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
      "TracesProcessed"=dword:000000a4
      "TracesSuccessful"=dword:00000006

      scanning hidden files ...


      scan completed successfully
      hidden processes: 1
      hidden services: 0
      hidden files: 130





      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:20:26, on 11.04.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\Motive\McciCMService.exe
      C:\WINDOWS\system32\PSIService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\ltmoh\Ltmoh.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      C:\WINDOWS\system32\ZoomingHook.exe
      C:\WINDOWS\system32\TCtrlIOHook.exe
      C:\WINDOWS\system32\TPSMain.exe
      C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\lvcomsx.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\cricri\Mes documents\Mes fichiers reçus\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\cricri\Bureau\catchme\services.exe
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
      O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\QuickHelpAlert.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Quick Help.lnk = C:\Program Files\Bluewin\Quick Help\bin\matcli.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ch\msntabres.dll.mui/229?185c63c6c6294bed8cab32e35a2e96f4
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ch\msntabres.dll.mui/230?185c63c6c6294bed8cab32e35a2e96f4
      O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  4. Utilisateur anonyme
     
    Bonjour cricri,

    Pour ces fichier ne t'en charge pas :
    - cc_20080411_2050.reg
    - cc_20080411_2053.reg
    - cc_20080411_2053.reg1.reg

    Il s'agit de sauvegarde registres.

    Je ne t'ai pas dit mais le fichier catchme et un rapport de fix que tu avais du utiliser avant notre discussion (MSNFix je présume...).

    Par contre pour MalwareByte's Anti-Malware, tu n'as pas supprimé les éléments infectés :
    Fichier(s) infecté(s):
    C:\Documents and Settings\cricri\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> No action taken.
    C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> No action taken.
    C:\Documents and Settings\cricri\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> No action taken.

    Il faut donc le refaire ! Puis reposte le rapport ensuite stp.

    Après,
    > Lance Hijackthis :
    - Puis sélectionne < Do a system scan only >
    - Coche les cases des lignes suivantes :

    R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\cricri\Bureau\catchme\services.exe

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -

    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    Ensuite,
    - Ferme toutes les autres fenêtres et applications (même internet)
    - Clic sur < fixe checked >

    > Passe un coup de Ccleaner en mode sans échec stp

    > Relance ton PC en mode normal puis Hijackthis :
    Puis sélectionne < do a system scan and save a logfile >,

    Et envoie, par collier/coller, ton log Hijackthis stp,

    > Rends toi ensuite sur ce site virustotal et fais analyser le fichier suivant stp :
    (Si problème : http://pageperso.aol.fr/loraline60/virus_total.htm )

    C:\Program Files\Bluewin\Quick Help\bin\matcli.exe
    C:\Program Files\Fichiers communs\Motive\McciCMService.exe

    et poste le résultat par copier/coller stp (ou le lien http).

    Puis on termine.

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cricri
     
    Re,

    Alors voici:

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 614

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 104152
    Temps écoulé: 2 hour(s), 9 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089391.dll (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089392.exe (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089393.exe (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089394.old (Adware.VideoEgg) -> No action taken.

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 614

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 104152
    Temps écoulé: 2 hour(s), 9 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089391.dll (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089392.exe (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089393.exe (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089394.old (Adware.VideoEgg) -> No action taken.

    Fichier QuickHelp.exe reçu le 2008.04.12 22:40:19 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 0/32 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 2.
    L'heure estimée de démarrage est entre 42 et 60 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.4.12.0 2008.04.11 -
    AntiVir 7.6.0.85 2008.04.11 -
    Authentium 4.93.8 2008.04.11 -
    Avast 4.8.1169.0 2008.04.12 -
    AVG 7.5.0.516 2008.04.12 -
    BitDefender 7.2 2008.04.12 -
    CAT-QuickHeal 9.50 2008.04.12 -
    ClamAV 0.92.1 2008.04.12 -
    DrWeb 4.44.0.09170 2008.04.12 -
    eSafe 7.0.15.0 2008.04.09 -
    eTrust-Vet 31.3.5692 2008.04.11 -
    Ewido 4.0 2008.04.12 -
    F-Prot 4.4.2.54 2008.04.12 -
    F-Secure 6.70.13260.0 2008.04.11 -
    FileAdvisor 1 2008.04.12 -
    Fortinet 3.14.0.0 2008.04.12 -
    Ikarus T3.1.1.26 2008.04.12 -
    Kaspersky 7.0.0.125 2008.04.12 -
    McAfee 5272 2008.04.11 -
    Microsoft 1.3408 2008.04.12 -
    NOD32v2 3021 2008.04.12 -
    Norman 5.80.02 2008.04.12 -
    Panda 9.0.0.4 2008.04.12 -
    Prevx1 V2 2008.04.12 -
    Rising 20.39.52.00 2008.04.12 -
    Sophos 4.28.0 2008.04.12 -
    Sunbelt 3.0.1041.0 2008.04.12 -
    Symantec 10 2008.04.12 -
    TheHacker 6.2.92.276 2008.04.12 -
    VBA32 3.12.6.4 2008.04.06 -
    VirusBuster 4.3.26:9 2008.04.12 -
    Webwasher-Gateway 6.6.2 2008.04.11 -
    Information additionnelle
    File size: 2396160 bytes
    MD5...: be3307a090ed15cd25652a4f6d8f8c51
    SHA1..: 466a6cc045e1217cb6ad49f917bfa7edccf4d439
    SHA256: dc6b44c60fe3c251445562c57ca482ace6702859b6b3a2514cc1ac68d56ab983
    SHA512: e7207dd37891c324c5a4e32c54dc3d2270d4ff61136a4678a533348988ab2e83
    b6c13956a143876224db0afa817899ced5a0e3870392a5a302a2d6bd62628e35
    PEiD..: Armadillo v1.71
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x5713a7
    timedatestamp.....: 0x42a06549 (Fri Jun 03 14:12:25 2005)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1bfa3c 0x1c0000 6.21 e906d650ee1e844b50ed25ad17a71a4f
    .rdata 0x1c1000 0x3c526 0x3d000 4.29 31fea5e32cf0cc146341dc68af1a0f9b
    .data 0x1fe000 0x505c5 0x49000 5.09 32e16a33aaa37b9bc3dc0b5c501ac44c
    .rsrc 0x24f000 0x185c 0x2000 4.79 0d9f04a8c26fe8aa089394d0790a30ff

    ( 15 imports )
    > ADVAPI32.dll: ControlService, InitializeSecurityDescriptor, RegQueryValueExA, RegCloseKey, RegOpenKeyExA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, DeregisterEventSource, ReportEventA, RegisterEventSourceA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, DeleteService, QueryServiceStatus, CreateProcessAsUserA, OpenServiceA, SetSecurityDescriptorDacl, GetUserNameA, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExA, RegSetValueExA, RegCreateKeyExA, RegEnumValueA, RegQueryInfoKeyA, LookupAccountSidA, GetTokenInformation, ImpersonateLoggedOnUser, RevertToSelf
    > ole32.dll: CLSIDFromProgID, CoTaskMemFree, StringFromCLSID, ProgIDFromCLSID, CoCreateInstance, CoInitializeEx, CoUninitialize, CoInitializeSecurity
    > USER32.dll: GetClassNameA, IsIconic, SetActiveWindow, EnumWindows, CreateDialogParamA, DialogBoxParamW, CreateDialogParamW, LoadCursorA, LoadMenuW, DialogBoxParamA, LoadIconA, IntersectRect, LoadMenuA, InflateRect, SubtractRect, ValidateRect, ReleaseCapture, GetCapture, UnionRect, CopyRect, SetCapture, PtInRect, IsRectEmpty, GetDC, RedrawWindow, DestroyCursor, SetRectEmpty, ReleaseDC, InvalidateRect, SetFocus, OffsetRect, GetDlgCtrlID, GetClassInfoExA, GetDlgItem, CallWindowProcW, CallWindowProcA, RegisterClassExA, LoadImageA, SetWindowLongW, SetCursor, GetParent, SetWindowTextW, GetClassLongA, GetUpdateRect, BeginPaint, SetWindowTextA, SetWindowPos, KillTimer, EndPaint, SetTimer, PostMessageA, IsWindowVisible, SetClassLongA, GetClientRect, CreateWindowExW, MessageBeep, EndDialog, ShowWindow, GetSystemMetrics, MoveWindow, GetWindowRect, SetDlgItemTextW, SetDlgItemTextA, IsWindowUnicode, PeekMessageA, OpenWindowStationA, MsgWaitForMultipleObjects, CloseWindowStation, OpenDesktopA, SetProcessWindowStation, GetMessageA, TranslateMessage, GetWindowTextA, IsWindow, GetUserObjectInformationA, DefWindowProcA, CharNextA, CreateWindowExA, MessageBoxA, SendMessageA, FindWindowA, GetDesktopWindow, LoadStringA, GetTopWindow, GetWindow, GetThreadDesktop, GetProcessWindowStation, FindWindowExA, EnumChildWindows, AttachThreadInput, CharUpperBuffA, wsprintfA, GetForegroundWindow, MessageBoxW, GetWindowThreadProcessId, PostQuitMessage, DestroyWindow, RegisterClassA, DispatchMessageA, SetThreadDesktop, CloseDesktop, IsWindowEnabled, WaitForInputIdle, SetForegroundWindow, SetWindowLongA, GetWindowLongA, SendMessageW
    > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
    > httpclient52.dll: _getRemoteAddress@Socket@@QAE_AVInetAddr@@XZ, __0ShutdownException@@QAE@KPBD@Z, __1ShutdownException@@UAE@XZ, _vsnexceptionf@@YAPADPADIPBDHK10@Z, _mThrow@@YAXPBDHK0ZZ, _ExceptionsInit@@YAXXZ, _newThread@ThreadEx@@SA_AVTHREAD_HANDLE@@P6AKPAX@Z0@Z, _mThrowSystem@@YAXPBDHK0ZZ, _exceptionType@ShutdownException@@UBEPBDXZ, _addCustomHeader@HttpRequestMgr@@SAXPBD0_N@Z, _removeCustomHeader@HttpRequestMgr@@SAXPBD@Z, _clearCustomHeaders@HttpRequestMgr@@SAXXZ, _areProxySettingsShared@WinInetHttpRequest@@SA_NXZ, __0InetAddr@@QAE@PBDP6AKPAX@Z@Z, _getRemotePort@Socket@@QAEGXZ, _mThrow@@YAXKPBDZZ, _getHostAddress@InetAddr@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@XZ, _join@ThreadEx@@SAKVTHREAD_HANDLE@@K@Z, _mThrowIO@@YAXKPBDZZ, _exceptionType@SystemException@@UBEPBDXZ, _getLocalAddress@Socket@@QAE_AVInetAddr@@XZ, _getLocalPort@Socket@@QAEGXZ, __1InetAddr@@QAE@XZ, _setHostname@InetAddr@@IAEXPBD@Z, _getHostname@InetAddr@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@XZ, _setResolvedHostname@InetAddr@@IAEXPBD@Z, __0IDownloadProgressDisplay@@QAE@XZ, __1IDownloadProgressDisplay@@UAE@XZ, _showSomeProgress@IDownloadProgressDisplay@@UAEXXZ, _mThrowIO@@YAXPBDHK0ZZ, _getResolvedHostname@InetAddr@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@XZ, __0Socket@@QAE@XZ, _throwNetworkSocketException@@YAXPBDHK0ZZ, _setRcvTimeout@Socket@@QAEXJ@Z, _setSndTimeout@Socket@@QAEXJ@Z, _setConnectTimeout@Socket@@QAEXJ@Z, __1Socket@@UAE@XZ, __1IOException@@UAE@XZ, __0IOException@@QAE@KPBD@Z, _exceptionType@IOException@@UBEPBDXZ, _close@Socket@@QAEXXZ, _httpRequest@HttpRequestMgr@@SAFPBDAAVIReader@@AAVIWriter@@0PAVIDownloadProgressDisplay@@_N@Z, _mThrowNetwork@@YAXPBDHK0ZZ, _httpRequest@HttpRequestMgr@@SAPAVHttpRequest@@XZ, _write@Socket@@QAEXPBDH@Z, _read@Socket@@QAEKPADH@Z, __0NetworkException@@QAE@KPBD@Z, __8InetAddr@@QAE_NABV0@@Z, __1NetworkException@@UAE@XZ, __0NetworkException@@QAE@K@Z, _exceptionType@NetworkException@@UBEPBDXZ, _init@HttpRequestMgr@@SAXXZ, _setCacheResponses@HttpRequestMgr@@SAX_N@Z, __BInetAddr@@QBE_BUin_addr@@XZ, _getNetworkTimeout@@YAJPBD0@Z, _mThrowNetwork@@YAXKPBDZZ, __1SystemException@@UAE@XZ, _GetHostByName@InetAddr@@KAKPAX@Z, __0InetAddr@@QAE@P6AKPAX@Z@Z, __0SystemException@@QAE@KPBDPAUHINSTANCE__@@@Z
    > clientutil52.dll: _basename@File@@QBEPAVUnicodeString@@XZ, _getBytes@UnicodeString@@QBEPADXZ, _getThreadName@Thread@@SAPBDXZ, __0AutoLock@@QAE@AAVSimpleMutex@@@Z, __1AutoLock@@QAE@XZ, __3UnicodeString@@SAXPAX@Z, _newThread@Thread@@SA_AVTHREAD_HANDLE@@P6AKPAX@Z0@Z, _getValue@RegKey@@QAEHPAD0H0_N@Z, _setValue@Prefs@@SA_NPBDPAD@Z, _removeKey@Prefs@@SAXPBD@Z, _getKeys@Prefs@@SAPAVStringEnumeration@@PBD_N@Z, _removeKey@Prefs@@SAXPBD0H@Z, _getVendorValue@Prefs@@SA_NPBD0PA_N_N@Z, __4File@@QAEAAV0@ABV0@@Z, __0File@@QAE@ABV0@@Z, _appendFile@File@@QAEAAV1@PBD@Z, __1MotiveException@@UAE@XZ, __2MotiveException@@SAPAXI@Z, __0MotiveException@@QAE@KPBD@Z, __3MotiveException@@SAXPAX@Z, _exceptionType@MotiveException@@UBEPBDXZ, __1File@@QAE@XZ, _remove@File@@QBE_N_N@Z, __0File@@QAE@XZ, __BFile@@QBEPBDXZ, _getVendorValue@Prefs@@SA_NPBD0PAHH@Z, _getVendorValue@Prefs@@SAHPBD0PADH0@Z, _logError@LogManager@@SAXHPBD0ZZ, _join@Thread@@SAKVTHREAD_HANDLE@@PAKKPAPAVMotiveException@@@Z, __0SimpleMutex@@QAE@XZ, __1SimpleMutex@@QAE@XZ, _setThreadName@Thread@@SAXPBD@Z, __4THREAD_HANDLE@@QAEAAV0@ABV0@@Z, __1THREAD_HANDLE@@QAE@XZ, _INVALID_THREAD_HANDLE@@3VTHREAD_HANDLE@@A, __0THREAD_HANDLE@@QAE@ABV0@@Z, _isWin9x@Machine@@SA_NXZ, _getDesc@MotiveException@@QBEPBDXZ, _getCode@MotiveException@@QBEKXZ, _log@LogManager@@SAXHPBDZZ, _exec@Runtime@@SAPAVProcess@@PAPAD0_NPBD@Z, _getMotiveRoot@Prefs@@SAXPADH@Z, _expandMacros@File@@SAXPBD0PADHZZ, _exec@Runtime@@SAPAVProcess@@PAPAD0PBD_N2@Z, _isRunning@Process@@QAE_NXZ, _init@UnicodeString@@SAXXZ, _init@Thread@@SAXXZ, _init@Runtime@@SAX_N@Z, _init@Prefs@@SAXPAUHINSTANCE__@@PAPAD@Z, _init@File@@SAXXZ, _setValue@Prefs@@SA_NPBD_N@Z, _getValue@Prefs@@SA_NPBDPA_N_N@Z, _getValue@Prefs@@SAHPBDPADH0@Z, _detach@Thread@@SAXVTHREAD_HANDLE@@@Z, __8THREAD_HANDLE@@QBE_NABQAX@Z, __BTHREAD_HANDLE@@QBEPAXXZ, _getPath@File@@QBEPBVUnicodeString@@XZ, __1UnicodeString@@QAE@XZ, _getLogLevel@Logger@@QAEHXZ, _getLogger@LogManager@@SAPAVLogger@@PBD@Z, _length@File@@QBEJXZ, _exists@File@@QBE_NXZ, _copy@File@@QAE_NPBV1@@Z, _move@File@@QAE_NPBV1@@Z, _flush@IniPrefStore@@UAEXXZ, _identity@IniPrefStore@@UAEPBDXZ, _getKeys@IniPrefStore@@UAEPAVStringEnumeration@@PAVPrefKey@@_N@Z, _load@IniPrefStore@@UAEXXZ, _removeSection@IniPrefStore@@UAE_NPAVPrefKey@@@Z, _remove@IniPrefStore@@UAE_NPAVPrefKey@@@Z, _contains@IniPrefStore@@UAEHPAVPrefKey@@@Z, _setValue@IniPrefStore@@UAE_NPAVPrefKey@@PBD@Z, _getValue@IniPrefStore@@UAEHPAVPrefKey@@PADH@Z, __0IniPrefStore@@QAE@PBD@Z, __1IniPrefStore@@UAE@XZ, __1PrefKey@@QAE@XZ, __0PrefKey@@QAE@PBD0_N@Z, _getLogFile@Logger@@QAEPADXZ, _lock@SimpleMutex@@UAEXXZ, _unlock@SimpleMutex@@UAEXXZ, __0File@@QAE@ABV0@PBD@Z, _dirname@File@@QBEPAVUnicodeString@@XZ, __0UnicodeString@@QAE@PBV0@@Z, _getLoggers@LogManager@@SAPAVStringEnumeration@@XZ, freeStrsplit, strsplit, __1ZipFile@@QAE@XZ, _extract@ZipFile@@QAE_NPBDPADPAI@Z, __0ZipFile@@QAE@PAVFile@@@Z, _setVendorValue@Prefs@@SA_NPBD0_N@Z, __0File@@QAE@ABVUnicodeString@@@Z, __0RegKey@@QAE@W4topKey@@PBD@Z, _exists@RegKey@@QAE_NXZ, __1RegKey@@QAE@XZ, _valueExists@RegKey@@QAE_NPAD@Z, __0MotiveException@@QAE@K@Z, _reinit@Prefs@@SAXXZ, _setLogLevel@Logger@@QAEHH@Z, _setValue@Prefs@@SA_NPBDH@Z, _getValue@Prefs@@SA_NPBDPAJJ@Z, _getThreadId@Thread@@SAKXZ, __0THREAD_HANDLE@@QAE@XZ, _sleep@Thread@@SAXK@Z, _getValue@Prefs@@SA_NPBDPAHH@Z, _equals@UnicodeString@@QBE_NPBD@Z, _equalsIgnoreCase@UnicodeString@@QBE_NPBV1@@Z, _list@File@@QAEPAVUnicodeStringEnumeration@@PBVUnicodeString@@@Z, __0ZipFile@@QAE@PBD00_N@Z, _append@File@@QAEAAV1@PBD@Z, _detach@AutoLock@@QAEPAVSimpleMutex@@XZ, _flush@Prefs@@SAXXZ, _log@Logger@@QAAXHPBDZZ, _addValue@RegKey@@QAEXPADW4valType@@0@Z, _getChangeTime@File@@QBEJXZ, _isDirectory@File@@QBE_NXZ, _mkdir@File@@QBE_NXZ, __4File@@QAEAAV0@PBD@Z, _close@IReader@@UAEXXZ, __1IReader@@UAE@XZ, _logv2@Logger@@QAEXHPBD0PAD@Z, _isAbsolute@File@@QBE_NXZ, _getName@File@@QBEPBVUnicodeString@@XZ, _getLogger@LogManager@@SAPAVLogger@@PBD0_N@Z, _logv@Logger@@QAEXHPBDPAD@Z, _init@LogManager@@SAXPBD0@Z, __1ExplicitLoadLib@@UAE@XZ, _isUserProcess@Runtime@@SA_NPA_NPAXPAPAX@Z, __0ExplicitLoadLib@@QAE@PBD@Z, _getLoadError@ExplicitLoadLib@@UBEPBDXZ, __BExplicitLoadLib@@UBE_NXZ, _LoadSymbol@ExplicitLoadLib@@UBEPAXPBD@Z, _setValue@Prefs@@SA_NPBD0@Z, _FormatError@ExplicitLoadLib@@UBEPADHPADI@Z, _ShellExecuteA@Runtime@@SA_NPAD0@Z, _setLogStdout@Logger@@QAEX_N@Z, _addKey@Prefs@@SAXPBD0@Z, _checkKey@Prefs@@SAHPBD0@Z, _reinit@Prefs@@SAXPADPAPAD@Z, _setMaxBackups@Logger@@QAEXH@Z, _setMaxSize@Logger@@QAEXJ@Z, _waitFor@Process@@QAEH_N@Z, __1Process@@QAE@XZ, __3Process@@SAXPAX@Z, _length@File@@SAJABVUnicodeString@@@Z, _close@ZipFile@@QAEXXZ, _logError@LogManager@@SAXHPBD@Z, _getOSMinorVersion@Machine@@SAXPADH@Z, _getMapInterp@Machine@@SAPBDXZ, _getOSMajorVersion@Machine@@SAXPADH@Z, _append@UnicodeString@@QAEXABV1@@Z, _getOSPatchLevel@Machine@@SAXPADH@Z, _getCpuId@Machine@@SAXHPADH@Z, _getVendorValue@Prefs@@SA_NPBD0PAJJ@Z, __0File@@QAE@ABV0@ABVUnicodeString@@@Z, _setVendorValue@Prefs@@SA_NPBD0K@Z, _setVendorValue@Prefs@@SA_NPBD00@Z, _getVendorValue@Prefs@@SA_NPBD0PAKK@Z, _removeSection@Prefs@@SAXPBD@Z, __3ZipEntry@@SAXPAX@Z, __2UnicodeString@@SAPAXI@Z, __1ZipEntry@@QAE@XZ, _remove@File@@SA_NABVUnicodeString@@_N@Z, _exists@File@@SA_NABVUnicodeString@@@Z, __0UnicodeString@@QAE@PBD@Z, __0EmptyWriter@@QAE@XZ, _getEntry@ZipFile@@QAEPAVZipEntry@@PAD@Z, _getOffset@ZipEntry@@QBEKXZ, _getOSName@Machine@@SAXPADH@Z, __1EmptyWriter@@UAE@XZ, _rewind@IWriter@@UAEXXZ, __0ZipFile@@QAE@PBD@Z, _getInterp@Machine@@SAPBDXZ, _setVendorValue@Prefs@@SA_NPBD0PAD@Z, _getName@ZipEntry@@QBEPBDXZ, _entries@ZipFile@@QAEPAVZipEntryEnumeration@@XZ, _isDirectory@ZipEntry@@QBE_NXZ, _mkdirs@File@@QBE_NXZ, _extract@ZipFile@@QAE_NPBD0@Z, _getParentFile@File@@QAE_AV1@XZ, _flush@IWriter@@UAEXXZ, __0EmptyReader@@QAE@XZ, __1EmptyReader@@UAE@XZ, __1IWriter@@UAE@XZ, _close@IWriter@@UAEXXZ, __0IWriter@@QAE@XZ, __0File@@QAE@PBD@Z, __0IReader@@QAE@XZ, _getValue@Prefs@@SA_NPBDPAKK@Z, _getVendorKeys@Prefs@@SAPAVStringEnumeration@@PBD0_N@Z, _isService@Runtime@@SA_NPA_NPAXPAPAX@Z, __0THREAD_HANDLE@@QAE@PAX@Z
    > asst_ui.dll: _stop@ProgressDialog@@QAEHXZ, _start@ProgressDialog@@QAEHXZ, _setTitle@ProgressDialog@@QAEXPBG@Z, _bump@ProgressDialog@@QAEXH@Z, _wasCancelled@ProgressDialog@@QAE_NXZ, _setCancelEnabled@ProgressDialog@@QAEX_N@Z, _setHeader@ProgressDialog@@QAEXPBD@Z, _setStatus2@ProgressDialog@@QAEXPBG@Z, _setStatus2@ProgressDialog@@QAEXPBD@Z, _setStatus@ProgressDialog@@QAEXPBG@Z, _rectHeight@@YAJABUtagRECT@@@Z, _rectWidth@@YAJABUtagRECT@@@Z, _moveWindow@@YA_NPAUHWND__@@PBUtagRECT@@H@Z, _getRectInClientCoords@@YAXPAUHWND__@@0PAUtagRECT@@@Z, _DrawTransparentBitmap@@YAXPAUHDC__@@PAUHBITMAP__@@1KK@Z, _setPoint@@YAXPAUtagPOINT@@JJ@Z, _copyPoint@@YAXPAUtagPOINT@@PBU1@@Z, _bottomRight@@YA_BUtagPOINT@@ABUtagRECT@@@Z, _topLeft@@YA_BUtagPOINT@@ABUtagRECT@@@Z, _subtractPoint@@YA_AUtagSIZE@@UtagPOINT@@0@Z, _screenToClient@@YAXPAUHWND__@@PAUtagRECT@@@Z, _clientToScreen@@YAXPAUHWND__@@PAUtagRECT@@@Z, _getClientRectInClientCoords@@YAXPAUHWND__@@0PAUtagRECT@@@Z, _setStatus@ProgressDialog@@QAEXPBD@Z, _setTitle@ProgressDialog@@QAEXPBD@Z, _setHeader@ProgressDialog@@QAEXPBG@Z, _setStatus@ProgressDialog@@QAEXH@Z, __0ProgressDialog@@QAE@PAUHWND__@@PBD@Z, _Init@ProgressDialog@@SAXPAUHINSTANCE__@@@Z, __1ProgressDialog@@QAE@XZ
    > COMCTL32.dll: _TrackMouseEvent, InitCommonControlsEx
    > comdlg32.dll: GetOpenFileNameA, CommDlgExtendedError, GetOpenFileNameW
    > KERNEL32.dll: WideCharToMultiByte, InterlockedDecrement, DebugBreak, LoadLibraryA, GetModuleHandleA, ExitThread, CreateThread, SystemTimeToFileTime, GetTimeFormatW, GetTimeFormatA, GetDateFormatW, GetDateFormatA, InterlockedExchange, MapViewOfFile, SetEndOfFile, GetLocaleInfoW, CompareStringW, CompareStringA, GetStringTypeW, GetStringTypeA, IsBadCodePtr, SetEnvironmentVariableA, SetEnvironmentVariableW, GetCurrentDirectoryA, GetFullPathNameA, GetOEMCP, GetACP, LCMapStringW, LCMapStringA, SetFilePointer, SetUnhandledExceptionFilter, GetUserDefaultLCID, GetFileAttributesA, FileTimeToSystemTime, lstrlenW, OutputDebugStringA, GetLastError, GetModuleFileNameA, Sleep, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetCPInfo, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, SetHandleCount, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, CreateDirectoryA, GetSystemTimeAsFileTime, HeapSize, GetLocalTime, GetSystemTime, GetTimeZoneInformation, IsBadReadPtr, HeapReAlloc, GetCurrentProcess, RaiseException, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetFileType, SetStdHandle, RtlUnwind, HeapAlloc, HeapFree, WriteFile, ReadFile, CreateFileMappingA, CreateEventA, GlobalAddAtomA, UnmapViewOfFile, GlobalDeleteAtom, CreateFileA, FlushFileBuffers, FormatMessageW, FormatMessageA, LocalFree, FileTimeToLocalFileTime, SetConsoleCtrlHandler, GetExitCodeProcess, SetFileAttributesA, DeleteFileA, RemoveDirectoryA, GetTickCount, LoadLibraryExA, GetTempPathA, GetTempFileNameA, TlsSetValue, TlsAlloc, TlsGetValue, FindFirstFileA, FindNextFileA, FindClose, GetDiskFreeSpaceA, GetVolumeInformationA, GetSystemInfo, GlobalMemoryStatus, GetVersionExA, GetEnvironmentVariableA, GetLogicalDriveStringsA, GetDriveTypeA, TerminateProcess, GetSystemDirectoryA, GetWindowsDirectoryA, GetComputerNameA, MultiByteToWideChar, OpenProcess, CreateProcessA, CreateSemaphoreA, CloseHandle, WaitForSingleObject, ReleaseSemaphore, SetLastError, InterlockedIncrement, EnterCriticalSection, LeaveCriticalSection, GetProcAddress, FreeLibrary, InitializeCriticalSection, lstrcatA, lstrlenA, lstrcpyA, DeleteCriticalSection, HeapDestroy, GetCurrentThreadId, AllocConsole, GetStdHandle, GetConsoleScreenBufferInfo, SetConsoleScreenBufferSize, FreeConsole
    > VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
    > GDI32.dll: BitBlt, SelectObject, CreateCompatibleDC, DeleteDC, DPtoLP, CreateSolidBrush, PatBlt, CreatePatternBrush, CreateBitmap, DeleteObject, GetObjectA
    > SHELL32.dll: SHGetMalloc, SHBrowseForFolderA, SHGetPathFromIDListA
    > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
    > WININET.dll: InternetAutodial, InternetGetConnectedState

    ( 271 exports )
    __0ASN1_ANY@@QAE@ABU0@@Z, __0ASN1_ANY@@QAE@XZ, __0ASN1_BIT_STRING@@QAE@ABU0@@Z, __0ASN1_BIT_STRING@@QAE@VBstream@@@Z, __0ASN1_BIT_STRING@@QAE@XZ, __0ASN1_BOOLEAN@@QAE@ABU0@@Z, __0ASN1_BOOLEAN@@QAE@H@Z, __0ASN1_BOOLEAN@@QAE@PBD@Z, __0ASN1_BOOLEAN@@QAE@XZ, __0ASN1_INTEGER@@QAE@AAVBigint@@@Z, __0ASN1_INTEGER@@QAE@ABU0@@Z, __0ASN1_INTEGER@@QAE@H@Z, __0ASN1_INTEGER@@QAE@XZ, __0ASN1_OCTET_STRING@@QAE@ABU0@@Z, __0ASN1_OCTET_STRING@@QAE@VBstream@@@Z, __0ASN1_OCTET_STRING@@QAE@XZ, __0ASN1_PRINTABLE_STRING@@QAE@ABU0@@Z, __0ASN1_PRINTABLE_STRING@@QAE@PBD@Z, __0ASN1_PRINTABLE_STRING@@QAE@XZ, __0ASN1_UTF8_STRING@@QAE@ABU0@@Z, __0ASN1_UTF8_STRING@@QAE@PBD@Z, __0ASN1_UTF8_STRING@@QAE@XZ, __0AlgId@@QAE@ABU0@@Z, __0AlgId@@QAE@XZ, __0Bigint@@QAE@ABV0@@Z, __0Bigint@@QAE@F@Z, __0Bigint@@QAE@PBD@Z, __0Bigint@@QAE@PBEH@Z, __0Bigint@@QAE@XZ, __0Bstream@@QAE@ABV0@@Z, __0Bstream@@QAE@ABVString@@@Z, __0Bstream@@QAE@HPBE@Z, __0Bstream@@QAE@PBD@Z, __0Bstream@@QAE@XZ, __0EncryptedDigest@@QAE@ABU0@@Z, __0EncryptedDigest@@QAE@XZ, __0IssuerAndSerialNumber@@QAE@ABU0@@Z, __0IssuerAndSerialNumber@@QAE@VName@@UASN1_INTEGER@@@Z, __0IssuerAndSerialNumber@@QAE@XZ, __0Key@@QAE@ABV0@@Z, __0Key@@QAE@HPAE@Z, __0Key@@QAE@XZ, __0Name@@QAA@HZZ, __0Name@@QAE@ABV0@@Z, __0Name@@QAE@PBD@Z, __0Name@@QAE@XZ, __0ObjId@@QAA@HZZ, __0ObjId@@QAE@ABV0@@Z, __0ObjId@@QAE@XZ, __0PCTime@@QAE@ABUGMtime@@@Z, __0PCTime@@QAE@ABV0@H@Z, __0PCTime@@QAE@HHHHHH@Z, __0PCTime@@QAE@XZ, __1ASN1_ANY@@QAE@XZ, __1ASN1_BIT_STRING@@QAE@XZ, __1ASN1_BOOLEAN@@QAE@XZ, __1ASN1_INTEGER@@QAE@XZ, __1ASN1_OCTET_STRING@@QAE@XZ, __1ASN1_PRINTABLE_STRING@@QAE@XZ, __1ASN1_UTF8_STRING@@QAE@XZ, __1AlgId@@QAE@XZ, __1Bigint@@QAE@XZ, __1Bstream@@QAE@XZ, __1EncryptedDigest@@QAE@XZ, __1IssuerAndSerialNumber@@QAE@XZ, __1Key@@QAE@XZ, __1Name@@QAE@XZ, __1ObjId@@QAE@XZ, __4ASN1_ANY@@QAEAAU0@ABU0@@Z, __4ASN1_BIT_STRING@@QAEAAU0@ABU0@@Z, __4ASN1_BOOLEAN@@QAEAAU0@ABU0@@Z, __4ASN1_INTEGER@@QAEAAU0@ABU0@@Z, __4ASN1_OCTET_STRING@@QAEAAU0@ABU0@@Z, __4ASN1_PRINTABLE_STRING@@QAEAAU0@ABU0@@Z, __4ASN1_UTF8_STRING@@QAEAAU0@ABU0@@Z, __4AlgId@@QAEAAU0@ABU0@@Z, __4Bigint@@QAEAAV0@ABV0@@Z, __4Bstream@@QAEAAV0@ABV0@@Z, __4EncryptedDigest@@QAEAAU0@ABU0@@Z, __4IssuerAndSerialNumber@@QAEAAU0@ABU0@@Z, __4Key@@QAEAAV0@ABV0@@Z, __4Name@@QAEAAV0@ABV0@@Z, __4ObjId@@QAEAAV0@ABV0@@Z, __4PCTime@@QAEAAV0@ABV0@@Z, __5@YAAAVBstream@@AAUASN1_SEQUENCE@@AAUASN1_ANY@@@Z, __5@YAAAVBstream@@AAV0@AAU_$SIGNED@UCertificateInfo@@@@@Z, __5@YAAAVBstream@@AAV0@AAU_$SIGNED@UCertificateRevocationListInfo@@@@@Z, __5@YAAAVBstream@@AAV0@AAU_$SIGNED@UCertificationRequestInfo@@@@@Z, __5@YAAAVBstream@@AAV0@AAU_$SIGNED@UExtendedCertificateInfo@@@@@Z, __5@YAAAVBstream@@AAV0@AAU_$SIGNED@UExtendedCertificationRequestInfo@@@@@Z, __5@YAAAVBstream@@AAV0@AAUASN1_BIT_STRING@@@Z, __5@YAAAVBstream@@AAV0@AAUASN1_BOOLEAN@@@Z, __5@YAAAVBstream@@AAV0@AAUASN1_INTEGER@@@Z, __5@YAAAVBstream@@AAV0@AAUASN1_OCTET_STRING@@@Z, __5@YAAAVBstream@@AAV0@AAUASN1_PRINTABLE_STRING@@@Z, __5@YAAAVBstream@@AAV0@AAUASN1_SEQUENCE@@@Z, __5@YAAAVBstream@@AAV0@AAUASN1_UTF8_STRING@@@Z, __5@YAAAVBstream@@AAV0@AAUAlgorithmIdentifier@@@Z, __5@YAAAVBstream@@AAV0@AAUAttribute@@@Z, __5@YAAAVBstream@@AAV0@AAUCertificateInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUCertificateRevocationListInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUCertificationRequestInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUContentInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUDigestInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUExtendedCertificateInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUExtendedCertificateOrCertificate@@@Z, __5@YAAAVBstream@@AAV0@AAUExtendedCertificationRequestInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUExtension@@@Z, __5@YAAAVBstream@@AAV0@AAUIssuerAndSerialNumber@@@Z, __5@YAAAVBstream@@AAV0@AAUPrivateKeyInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUPublicKeyInfo@@@Z, __5@YAAAVBstream@@AAV0@AAURSAPrivateKey@@@Z, __5@YAAAVBstream@@AAV0@AAURSAPublicKey@@@Z, __5@YAAAVBstream@@AAV0@AAUSignedData@@@Z, __5@YAAAVBstream@@AAV0@AAUSignerInfo@@@Z, __5@YAAAVBstream@@AAV0@AAUValidity@@@Z, __5@YAAAVBstream@@AAV0@AAV_$list@U_$SIGNED@UCertificateRevocationListInfo@@@@V_$allocator@U_$SIGNED@UCertificateRevocationListInfo@@@@@std@@@std@@@Z, __5@YAAAVBstream@@AAV0@AAV_$list@UAlgorithmIdentifier@@V_$allocator@UAlgorithmIdentifier@@@std@@@std@@@Z, __5@YAAAVBstream@@AAV0@AAV_$list@UAttribute@@V_$allocator@UAttribute@@@std@@@std@@@Z, __5@YAAAVBstream@@AAV0@AAV_$list@UExtendedCertificateOrCertificate@@V_$allocator@UExtendedCertificateOrCertificate@@@std@@@std@@@Z, __5@YAAAVBstream@@AAV0@AAV_$list@UExtension@@V_$allocator@UExtension@@@std@@@std@@@Z, __5@YAAAVBstream@@AAV0@AAV_$list@USignerInfo@@V_$allocator@USignerInfo@@@std@@@std@@@Z, __5@YAAAVBstream@@AAV0@AAVName@@@Z, __5@YAAAVBstream@@AAV0@AAVObjId@@@Z, __5@YAAAVBstream@@AAV0@AAVPCTime@@@Z, __6@YAAAVBstream@@AAUASN1_SEQUENCE@@ABUASN1_ANY@@@Z, __6@YAAAVBstream@@AAV0@AAU_$SIGNED@UCertificateInfo@@@@@Z, __6@YAAAVBstream@@AAV0@AAU_$SIGNED@UCertificationRequestInfo@@@@@Z, __6@YAAAVBstream@@AAV0@AAUASN1_PRINTABLE_STRING@@@Z, __6@YAAAVBstream@@AAV0@AAUASN1_SEQUENCE@@@Z, __6@YAAAVBstream@@AAV0@AAUASN1_UTF8_STRING@@@Z, __6@YAAAVBstream@@AAV0@AAUCertificateInfo@@@Z, __6@YAAAVBstream@@AAV0@AAUCertificationRequestInfo@@@Z, __6@YAAAVBstream@@AAV0@AAUExtension@@@Z, __6@YAAAVBstream@@AAV0@AAV_$list@UAttribute@@V_$allocator@UAttribute@@@std@@@std@@@Z, __6@YAAAVBstream@@AAV0@AAV_$list@UExtension@@V_$allocator@UExtension@@@std@@@std@@@Z, __6@YAAAVBstream@@AAV0@ABUASN1_BIT_STRING@@@Z, __6@YAAAVBstream@@AAV0@ABUASN1_BOOLEAN@@@Z, __6@YAAAVBstream@@AAV0@ABUASN1_INTEGER@@@Z, __6@YAAAVBstream@@AAV0@ABUASN1_OCTET_STRING@@@Z, __6@YAAAVBstream@@AAV0@ABUAlgorithmIdentifier@@@Z, __6@YAAAVBstream@@AAV0@ABUAttribute@@@Z, __6@YAAAVBstream@@AAV0@ABUIssuerAndSerialNumber@@@Z, __6@YAAAVBstream@@AAV0@ABUPrivateKeyInfo@@@Z, __6@YAAAVBstream@@AAV0@ABUPublicKeyInfo@@@Z, __6@YAAAVBstream@@AAV0@ABURSAPublicKey@@@Z, __6@YAAAVBstream@@AAV0@ABVObjId@@@Z, __6@YAAAVBstream@@AAV0@ABVPCTime@@@Z, __6@YAAAVBstream@@AAV0@VName@@@Z, __8@YAHABVBigint@@0@Z, __8@YAHABVObjId@@0@Z, __8ASN1_BOOLEAN@@QAE_NABU0@@Z, __8ASN1_INTEGER@@QAE_NABU0@@Z, __9@YAHABVObjId@@0@Z, __BASN1_PRINTABLE_STRING@@QAEPBDXZ, __BASN1_UTF8_STRING@@QAEPBDXZ, __BBstream@@QBEPBDXZ, __H@YA_AVBstream@@ABV0@0@Z, __O@YAHABVBigint@@0@Z, __OASN1_INTEGER@@QAE_NABU0@@Z, __YBstream@@QAEAAV0@ABV0@@Z, ___C@_0BD@NCPN@RSA_verify_rc_5_$DN_$DN_50_$AA@, ___C@_0BF@MDA@sig_digest_5_$DN_$DN_5digest_$AA@, ___C@_0DF@GBNA@signatureAlgorithm_4algorithm_5_$DN_$DN_5@, ___C@_0P@IPCC@SignerInfo_4cpp_$AA@, _add_element@Name@@QAEXABUAva@@@Z, _add_element@ObjId@@QAEXABVBigint@@@Z, _asn1_der_decode_T61_string@@YAHAAVBstream@@0@Z, _asn1_der_decode_bit_string@@YAHAAVBstream@@0@Z, _asn1_der_decode_boolean@@YAHAAVBstream@@AAVBigint@@@Z, _asn1_der_decode_integer@@YAHAAVBstream@@AAVBigint@@@Z, _asn1_der_decode_null@@YAHAAVBstream@@@Z, _asn1_der_decode_octet_string@@YAHAAVBstream@@0@Z, _asn1_der_decode_printable_string@@YAHAAVBstream@@0@Z, _asn1_der_decode_sequence@@YAHAAVBstream@@AAH@Z, _asn1_der_decode_sequence_of@@YAHAAVBstream@@AAH@Z, _asn1_der_decode_set@@YAHAAVBstream@@AAH@Z, _asn1_der_decode_set_of@@YAHAAVBstream@@AAH@Z, _asn1_der_decode_utctime@@YAHAAVBstream@@AAVPCTime@@@Z, _asn1_der_decode_utf8_string@@YAHAAVBstream@@0@Z, _asn1_der_encode_T61_string@@YA_AVBstream@@ABV1@@Z, _asn1_der_encode_bit_string@@YA_AVBstream@@ABV1@@Z, _asn1_der_encode_boolean@@YA_AVBstream@@ABVBigint@@@Z, _asn1_der_encode_implicit_tagged@@YA_AVBstream@@ABV1@H@Z, _asn1_der_encode_integer@@YA_AVBstream@@ABVBigint@@@Z, _asn1_der_encode_network_addr@@YA_AVBstream@@K@Z, _asn1_der_encode_null@@YA_AVBstream@@XZ, _asn1_der_encode_octet_string@@YA_AVBstream@@ABV1@@Z, _asn1_der_encode_printable_string@@YA_AVBstream@@ABV1@@Z, _asn1_der_encode_sequence@@YA_AVBstream@@ABV1@@Z, _asn1_der_encode_sequence_of@@YA_AVBstream@@ABV1@@Z, _asn1_der_encode_set@@YA_AVBstream@@ABV1@@Z, _asn1_der_encode_set_of@@YA_AVBstream@@ABV1@@Z, _asn1_der_encode_timeticks@@YA_AVBstream@@ABVBigint@@@Z, _asn1_der_encode_utctime@@YA_AVBstream@@ABVPCTime@@@Z, _asn1_der_encode_utf8_string@@YA_AVBstream@@ABV1@@Z, _asn1_der_get_length@@YAHAAVBstream@@@Z, _asn1_der_set_length@@YA_AVBstream@@H@Z, _asn1_perror@@YAXH@Z, _bits@Bigint@@QBEHXZ, _checkValidityPeriod@@YA_NPBDAAU_$SIGNED@UCertificateInfo@@@@@Z, _consume@Bstream@@QAEHH@Z, _decrypt@@YA_AVBstream@@ABUPublicKeyInfo@@ABV1@@Z, _decrypt@@YAXABUPrivateKeyInfo@@ABVbytestream@@AAV2@@Z, _decrypt@@YAXABUPublicKeyInfo@@ABVbytestream@@AAV2@@Z, _decrypt@@YAXABUSymmetricKey@@ABVbytestream@@AAV2@@Z, _decrypt@@YAXABUSymmetricKey@@ABVbytestream@@AAVBstream@@@Z, _encode@Name@@QAE_AVBstream@@XZ, _encode@ObjId@@QBE_AVBstream@@XZ, _encrypt@@YA_AVBstream@@ABUPrivateKeyInfo@@ABV1@@Z, _encrypt@@YAXABUPrivateKeyInfo@@ABVbytestream@@AAV2@@Z, _encrypt@@YAXABUPublicKeyInfo@@ABVbytestream@@AAV2@@Z, _encrypt@@YAXABUSymmetricKey@@ABVBstream@@AAVbytestream@@@Z, _encrypt@@YAXABUSymmetricKey@@ABVbytestream@@AAV2@@Z, _fetchbyte@Bstream@@QAEHAAE@Z, _get@PCTime@@QBE_AUGMtime@@XZ, _getbstr@Bigint@@QBE_AVBstream@@XZ, _getdatap@Bstream@@QBEPAEXZ, _getdecstr@Bstream@@QBE_AVString@@XZ, _gethexstr@Bstream@@QBE_AVString@@XZ, _getlength@Bstream@@QBEHXZ, _getnumstr@Bigint@@QBE_AVString@@XZ, _getnumstrd@Bigint@@QBE_AVString@@XZ, _getstr@Bstream@@QBE_AVString@@XZ, _getstr@PCTime@@QBE_AVString@@XZ, _last@Bstream@@QBEEXZ, _md5_digest@@YA_AVBstream@@AAV1@@Z, _msl_GeneratePKCS1KeyPair@@YAXAAUPublicKeyInfo@@AAUPrivateKeyInfo@@@Z, _msl_GetCertExtnBool@@YA_NAAU_$SIGNED@UCertificateInfo@@@@ABVObjId@@@Z, _msl_GetCertExtnString@@YAPADAAU_$SIGNED@UCertificateInfo@@@@ABVObjId@@@Z, _ntptime@PCTime@@QAEKXZ, _num_to_mask@@YAEH@Z, _peekbyte@Bstream@@QAEHAAE@Z, _print@PCTime@@QBEXXZ, _replace@Bstream@@QBE_AV1@ABV1@0@Z, _sign@_$SIGNED@UCertificateInfo@@@@QAEXABUPrivateKeyInfo@@@Z, _sign@_$SIGNED@UCertificationRequestInfo@@@@QAEXABUPrivateKeyInfo@@@Z, _timenow@@YA_AVPCTime@@XZ, _truncate@Bstream@@QAEHH@Z, _validate@@YAXAAU_$SIGNED@UCertificateInfo@@@@0@Z, _validate@@YAXAAU_$SIGNED@UCertificateInfo@@@@AAUDigestInfo@@AAUSignerInfo@@@Z, _verify@_$SIGNED@UCertificateInfo@@@@QAEXABUPublicKeyInfo@@@Z, _verify@_$SIGNED@UCertificationRequestInfo@@@@QAEXABUPublicKeyInfo@@@Z, DecodeBase64, EncodeBase64, RSA_sign, RSA_verify, ex_assert_failed, msl_DecryptBytes, msl_DecryptData, msl_EncryptBytes, msl_EncryptData, msl_EncryptDataSize, msl_EndDecryption, msl_EndEncryption, msl_GenerateRSAKeyPair, msl_MakeRSAKeyPairFromSeed, msl_RandomIzer, msl_StartDecryption, msl_StartEncryption, msl_freeData, msl_generateKey, msl_getSessionKeyLen, msl_privateDecrypt, msl_privateEncryptBuf, msl_publicDecrypt, msl_publicEncryptBuf, xMD5Final, xMD5Init, xMD5Transform, xMD5Update

    Ensuite après le redemmarrage j'ai planté 5x maintenant ça a l'air bon...

    Il y avait juste sous hiJackThis un n° que je n'avais pas c le suivant :

    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -

    Voilà j'espère que c'est tout bon :)

    @ plus
    0
  7. Utilisateur anonyme
     
    Bonsoir,
    oui c'est mieux.
    Mais il me manque un nouveau rapport HiJackT stp.
    Peux tu en poster un ?

    Et puis je n'ai pas le rapport virus total de :
    C:\Program Files\Fichiers communs\Motive\McciCMService.exe
    Celui m'inquiéte plus que l'autre fichier.
    Idem : peux aussi en poster un ?

    Et puis idem : pour MalwareByte's Anti-Malware :
    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089391.dll (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089392.exe (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089393.exe (Adware.VideoEgg) -> No action taken.
    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP67\A0089394.old (Adware.VideoEgg) -> No action taken.
    ...

    Ca veux dire que tu fais le scanne mais qu'à la fin tu ne supprime pas les éléments infectés...donc ça ne sert à rien (ou presque)...
    Donc il faut le refaire ! et oui et surtout éliminer les crasse à la fin ! Puis poste moi le rapport stp.

    Aller, on avance pas très vite....:(
    et moi aussi je perds du temps à tout te réexpliquer ..

    :s

    Pas grave.

    Bon courage,
    après on termine.

    A+
    0