Freeze et avertissements à chaque ouverture d'application

Bonjour et merci de vous pencher sur mon cas !

Voilà, mon PC sous Windows XP a recemment été infectés par plusieurs vers et autres saloperies, je m'en suis débarrassé mais depuis l'ordi a tendance à freezer au bout de quelque temps, tout se fige et je ne peux plus rien faire (par contre si j'ai un lecteur qui joue de la musique, ça continue à être fluide, comme si tout allait bien sauf qu'à l'écran je n'ai plus aucun contrôle, bizarre...). Sinon dès le démarrage de Windows j'ai des boîtes de dialogue qui s'ouvre à chaque ouverture d'application (environ 10 les unes après les autre) qui indique "[nom du programme] Image incorrecte. L'application ou la DLL C:\windows\system32\sorujome.dll n'est pas une image de windows valide". Un peu agaçant !!
J'ai essayé de réparer Windows, mais dès que je lance un Chksdk on me le refuse en indiquant que le système de fichier est "raw" (pourtant il apparaît bien en "ntfs"). De même impossible d'utiliser les outils d'Ultimate Boot CD par exemple car aucun disque dur n'est reconnu.
Merci de m'aider car là je suis paumé !!

bonjour

je déplace dans la catégorie Sécurité afin d'effectuer un diagnostic (C:\windows\system32\sorujome.dll)

Salut Strato


On va vérifier tout cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt à la fin de l’analyse


@++


totoftotof

dédétraqué

Merci Dédé et Totof, mais il m'est impossible d'installer Hijack This (il ne se passe rien après avoir double cliqué sur l'installeur). Quand j'avais chopé les vers même chose, mes programmes anti-spy (Spybot et Malware Malbytes) ne marchaient plus. Difficile d'effectuer un diagnostic avec ça !!

Salut Strato


Télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt à la fin de l’analyse


@++

Impossible également de télécharger RSIT (j'ai essayé avec différents navigateurs ou outils de téléchargement)...

Apparemment dès que j'essaye un lien en rapport avec un site anti-virus/spyware/etc la page indique une erreur. De même la plupart des softs de ce genre n'arrivent pas à s'installer correctement. Assez bizarre, je ne savais pas que ça existait ce genre de truc !!

Salut Strato


Télécharge combofix.exe (de sUBs) sur le bureau et avant téléchargement suivre cette procédure : pcastuces.com:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


==> Sauvegarde et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++

Merci Dédé, mais je ne peux pas télécharger ou installer des programmes liés à la sécurité, c'est justement ça le soucis !! Tes liens ne marchent pas pour ma machine (je vais peut être utilser ces outils à partir d'un CD que m'aura fait quelqu'un).
Le seul truc que j'ai réussi à faire, c'est avoir un rapport à l'aide de Findykill, je le poste, même si je ne suis pas sûr que ça puisse faire avancer les choses !



----------------- FindyKill V4.710 ------------------

* User : STIRWEN - STIRWEN-2D5F50D
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 23:27:04 le 27/12/2008
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\srksrv.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IE New Window Maximizer\iemaximizer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Common\COMPON~1\MMCOMP~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Mozilla Firefox\firefox.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\STIRWEN\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\STIRWEN\LOCALS~1\Temp

Salut Strato


Essaie ce lien pour Combofix:
http://www.sendspace.com/file/l5ux5k

-----

Pour RSIT :
http://www.sendspace.com/file/yk5d30

-----

On va vérifier si ton DD est intègre :

- Clique sur le menu démarrer/Exécuter et tape cmd et OK pour valider
- A l'invite de commande tape fsutil dirty query C: (C: est la partition où Windows est installé)

Donne le résultat qui apparaît

-----

Télécharge DiagHelp sur le bureau ici :

http://www.malekal.com/download/DiagHelp.zip
Autre lien : http://www.sendspace.com/file/ozcgwi

Lire et suivre attentivement le tutoriel ici :

http://www.malekal.com/DiagHelp/DiagHelp.php


- Choisi l'option 1 (Lister Fichiers), enregistre-le sur le bureau.

---

Utilise ensuite cjoint.com http://cjoint.com/ pour poster en lien ton rapport

- Clique sur Parcourir pour aller chercher le rapport
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint

- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.


En espérant que les liens marches bien sur sendspace


@++

Salut Dédétraqué,

Hier avant de voir ton message j'ai mis mon disque dur en usb et j'ai démarré Windows via un autre disque. J'ai pu exécuté Malbyte's Anti Walware qui m'a trouvé 10 trojans que j'ai supprimés.
J'ai remis mon disque dur habituel dans mon PC, là c'est bon je peux à nouveau télécharger et lancer des logiciels qui étaient bloqués par les virus. Le seul problème qui réside c'est à chaque fois ces satanées boîtes de dialogue qui s'ouvrent au lancement d'un programme (surtout au démarrage, j'en ai une quinzaine). Maintenant que je peux utiliser Hijack This, voici le rapport :


Logfile of random's system information tool 1.05 (written by random/random)
Run by STIRWEN at 2008-12-29 14:06:07
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 782 MB (0%) free of 286 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:16, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\a-squared\a2service.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\srksrv.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avast\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Musicmatch Jukebox\MMJB.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Musicmatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~2\MM_TDM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\STIRWEN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5ce9dc47-a024-4bae-ba4b-9bf169be6b25} - C:\WINDOWS\system32\voveguji.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kimosihofu] Rundll32.exe "C:\WINDOWS\system32\ruzomivu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.ca(...)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: ousspw.dll,C:\WINDOWS\system32\sorujome.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11982 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-09-04 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}]
StumbleUpon Launcher - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2006-12-04 907760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ce9dc47-a024-4bae-ba4b-9bf169be6b25}]
C:\WINDOWS\system32\voveguji.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2006-12-04 907760]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-28 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
"avast!"=C:\PROGRA~1\Avast\ashDisp.exe [2008-11-26 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"MimBoot"=C:\Program Files\Musicmatch Jukebox\mimboot.exe [2004-12-10 11776]
"MMTray"=C:\Program Files\Musicmatch Jukebox\mm_tray.exe [2004-12-10 110592]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"kimosihofu"=C:\WINDOWS\system32\ruzomivu.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\STIRWEN\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe /lang en []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
C:\Program Files\Internet Explorer\IE New Window Maximizer\iemaximizer.exe [2005-02-08 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InterNeo]
C:\Program Files\InterNeo\interneo.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
C:\Program Files\Pinnacle Studio\LaunchList.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2006-09-15 2048000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-08-17 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Savvy DTV Service]
C:\Program Files\Savvy TV\DTV Service.exe [2006-05-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-09-06 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead\uvPL.exe [2006-03-07 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBTUCopy]
C:\Program Files\VBTUCopy\VBTUCopy.exe [2004-09-22 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
~C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe [2007-10-03 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^STIRWEN^Menu Démarrer^Programmes^Démarrage^YouTube Uploader.lnk]
C:\DOCUME~1\STIRWEN\LOCALS~1\APPLIC~1\YouTube\Uploader\YOUTUB~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ousspw.dll,C:\WINDOWS\system32\sorujome.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\sorujome.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\ancien dd c\Program Files\MSN Messenger\msnmsgr.exe"="C:\ancien dd c\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TribalWeb\tribalweb.exe"="C:\Program Files\TribalWeb\tribalweb.exe:*:Enabled:TribalWeb.net : Réseau privé sur Internet"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:127.0.0.1/255.255.255.255:Enabled:eMule"
"C:\Program Files\TVU\TVUPlayer.exe"="C:\Program Files\TVU\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\TV\TVUPlayer.exe"="C:\Program Files\TV\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\tvants\Tvants.exe"="C:\Program Files\tvants\Tvants.exe:*:Enabled:TVAnts"
"C:\Documents and Settings\STIRWEN\Bureau\SopCast_062\SopCast_062\SopCast\SopCast.exe"="C:\Documents and Settings\STIRWEN\Bureau\SopCast_062\SopCast_062\SopCast\SopCast.exe:*:Enabled:SoP Client"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\ppStream\ppStream.exe"="C:\Program Files\ppStream\ppStream.exe:*:Enabled:PPStream P2P Streaming Player"
"C:\Program Files\TVU Player\TVUPlayer.exe"="C:\Program Files\TVU Player\TVUPlayer.exe:*:Enabled:TVU Player Component"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\eMule2\emule.exe"="C:\Program Files\eMule2\emule.exe:*:Enabled:eMule"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\STIRWEN\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\STIRWEN\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Jeux\Top Spin 2\Data\Top Spin 2.exe"="C:\Jeux\Top Spin 2\Data\Top Spin 2.exe:*:Enabled:Top Spin 2"
"C:\ancien dd c\MSN Messenger\msnmsgr.exe"="C:\ancien dd c\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:pando"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUSEE"
"G:\Divers\Portable Foxit PDF Editor v1.4.exe"="G:\Divers\Portable Foxit PDF Editor v1.4.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!"
"C:\Jeux\Halo\halo.exe"="C:\Jeux\Halo\halo.exe:*:Enabled:Halo"
"C:\Jeux\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Jeux\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Downloads\WoW-BurningCrusade-frFR-Installer-downloader.exe"="C:\Downloads\WoW-BurningCrusade-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Jeux\World of Warcraft\WoW-BurningCrusade-frFR-Installer-downloader.exe"="C:\Jeux\World of Warcraft\WoW-BurningCrusade-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Jeux\World of Warcraft\WoW-1.12.0-frFR-downloader.exe"="C:\Jeux\World of Warcraft\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\GetRight\getright.exe"="C:\Program Files\GetRight\getright.exe:*:Enabled:GetRight® Download Manager. www.GetRight.com"
"C:\Jeux\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="C:\Jeux\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WoW-Language-Pack-frFR-downloader.exe"="C:\WoW-Language-Pack-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Jeux\World of Warcraft\Repair.exe"="C:\Jeux\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Documents and Settings\STIRWEN\Application Data\Facebook\facebook.exe"="C:\Documents and Settings\STIRWEN\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Jeux\Speedball 2 Tournament\Speedball 2\speedball2.exe"="C:\Jeux\Speedball 2 Tournament\Speedball 2\speedball2.exe:*:Enabled:speedball2"
"C:\Program Files\Real Player\realplay.exe"="C:\Program Files\Real Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Veoh\VeohClient.exe"="C:\Program Files\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Program Files\eMule0.49\emule.exe"="C:\Program Files\eMule0.49\emule.exe:*:Enabled:eMule"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-29 14:06:07 ----D---- C:\rsit
2008-12-29 14:06:07 ----D---- C:\Program Files\trend micro
2008-12-29 11:24:06 ----D---- C:\Program Files\Malwarebytes 2
2008-12-29 10:57:56 ----D---- C:\donnees dd sata
2008-12-28 22:41:02 ----A---- C:\mbam-log-2008-12-28 (22-40-53).txt
2008-12-28 18:34:06 ----D---- C:\Program Files\UsbFix
2008-12-28 11:07:17 ----A---- C:\InfoSat.txt
2008-12-28 11:00:40 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2008-12-27 23:20:17 ----D---- C:\Program Files\FindyKill
2008-12-25 23:19:23 ----D---- C:\Documents and Settings\STIRWEN\Application Data\Spyware Terminator
2008-12-25 23:19:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-12-25 23:19:05 ----D---- C:\Program Files\Spyware Terminator
2008-12-25 17:17:39 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-12-25 16:31:18 ----A---- C:\WINDOWS\system32\V6Ge0N5C.exe.a_a
2008-12-25 16:20:09 ----A---- C:\WINDOWS\system32\Iw5VJ3Fj.exe.a_a
2008-12-25 16:05:44 ----D---- C:\Program Files\Trojan Killer
2008-12-25 15:30:41 ----D---- C:\Program Files\Avira
2008-12-25 15:30:41 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-25 15:05:54 ----A---- C:\WINDOWS\system32\XceedCry.dll
2008-12-25 15:05:54 ----A---- C:\WINDOWS\system32\XceedBkp.dll
2008-12-25 14:49:23 ----D---- C:\Program Files\Mamaloes
2008-12-25 14:42:08 ----D---- C:\Program Files\Malware Destroyer
2008-12-25 11:47:20 ----D---- C:\Program Files\a-squared
2008-12-23 15:11:40 ----A---- C:\WINDOWS\system32\TDSSdxgp.dll
2008-12-21 23:10:58 ----D---- C:\Program Files\Winamp
2008-12-21 23:10:58 ----D---- C:\Documents and Settings\STIRWEN\Application Data\Winamp
2008-12-21 23:04:31 ----D---- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-12-21 23:03:07 ----D---- C:\Program Files\Last.fm
2008-12-11 18:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 18:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 18:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 18:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 11:36:43 ----D---- C:\Program Files\Voice Changer
2008-12-09 13:33:41 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-09 13:33:41 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-09 13:33:41 ----A---- C:\WINDOWS\system32\java.exe
2008-12-05 20:32:51 ----D---- C:\Reflets d'acide

======List of files/folders modified in the last 1 months======

2008-12-29 14:06:07 ----D---- C:\Program Files
2008-12-29 14:05:59 ----D---- C:\Program Files\FlashGet
2008-12-29 14:05:55 ----D---- C:\Downloads
2008-12-29 14:03:55 ----D---- C:\WINDOWS\Temp
2008-12-29 14:03:42 ----D---- C:\Program Files\Avast
2008-12-29 14:03:15 ----D---- C:\Program Files\Musicmatch Jukebox
2008-12-29 14:02:16 ----D---- C:\Mp3
2008-12-29 14:02:11 ----D---- C:\Program Files\Wanadoo
2008-12-29 14:01:34 ----D---- C:\WINDOWS\system32\Lang
2008-12-29 11:33:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-29 11:27:11 ----D---- C:\WINDOWS
2008-12-29 11:24:11 ----D---- C:\WINDOWS\system32\drivers
2008-12-29 11:22:39 ----D---- C:\WINDOWS\Prefetch
2008-12-29 10:47:56 ----SHD---- C:\RECYCLER
2008-12-28 22:40:53 ----SHD---- C:\System Volume Information
2008-12-28 19:11:07 ----A---- C:\WINDOWS\system.ini
2008-12-28 18:44:12 ----D---- C:\WINDOWS\Debug
2008-12-28 18:40:35 ----D---- C:\WINDOWS\Minidump
2008-12-28 18:20:23 ----D---- C:\Program Files\Mozilla Firefox
2008-12-28 17:32:30 ----D---- C:\Tennis Greg
2008-12-28 11:22:01 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-28 11:00:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-28 11:00:40 ----D---- C:\WINDOWS\system32
2008-12-28 11:00:39 ----HD---- C:\WINDOWS\inf
2008-12-28 11:00:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-27 23:38:23 ----D---- C:\Documents and Settings
2008-12-27 23:29:57 ----ASH---- C:\boot.ini
2008-12-27 23:29:57 ----A---- C:\WINDOWS\win.ini
2008-12-27 22:44:42 ----D---- C:\Program Files\eMule0.49
2008-12-27 22:40:02 ----D---- C:\Program Files\Ad-aware
2008-12-27 21:24:51 ----D---- C:\Documents and Settings\STIRWEN\Application Data\uTorrent
2008-12-27 13:40:44 ----D---- C:\Program Files\Paint Shop Pro 6
2008-12-26 13:18:36 ----D---- C:\Program Files\CCleaner
2008-12-26 00:06:04 ----D---- C:\Documents and Settings\STIRWEN\Application Data\Orbit
2008-12-25 23:40:21 ----D---- C:\Program Files\Daemon Tools
2008-12-25 19:00:02 ----SD---- C:\WINDOWS\Tasks
2008-12-25 17:05:05 ----D---- C:\Program Files\StumbleUpon
2008-12-25 16:04:00 ----D---- C:\Mails
2008-12-25 14:49:39 ----D---- C:\Documents and Settings\STIRWEN\Application Data\GetRightToGo
2008-12-25 14:49:23 ----SHD---- C:\WINDOWS\Installer
2008-12-25 14:49:11 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-25 13:55:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 10:48:50 ----HD---- C:\Program Files\Fex
2008-12-19 20:42:09 ----D---- C:\WINDOWS\Media
2008-12-18 18:00:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 18:00:55 ----D---- C:\WINDOWS\ie7updates
2008-12-18 18:00:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 14:26:27 ----D---- C:\Program Files\UltraStar Deluxe
2008-12-15 11:39:13 ----D---- C:\Site StRenan
2008-12-13 18:42:07 ----D---- C:\Sonata France
2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 18:04:13 ----D---- C:\Program Files\Internet Explorer
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 15:05:41 ----D---- C:\Films
2008-12-09 13:33:40 ----D---- C:\Program Files\Java
2008-12-05 17:51:42 ----D---- C:\Divers
2008-12-05 17:20:31 ----D---- C:\Program Files\FLVPlayer
2008-12-05 17:20:03 ----D---- C:\Program Files\Filezilla
2008-12-05 17:20:03 ----D---- C:\Program Files\Fichiers communs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2004-09-10 84064]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-08-29 223128]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-06-13 28352]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver; C:\WINDOWS\system32\DRIVERS\Eagle2RC.sys [2006-05-24 8576]
S3 Eagle2TV;TV tuner device; C:\WINDOWS\System32\Drivers\eagle2tv_B.sys [2006-06-02 384128]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBAV708;Instant VideoMPX; C:\WINDOWS\SYSTEM32\DRIVERS\USBAV708.SYS [2004-07-06 101120]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared\a2service.exe [2008-12-17 419448]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast\ashServ.exe [2008-11-26 155160]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-09-22 53248]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-11-02 265216]
R2 PoliceService;PoliceService; C:\WINDOWS\system32\srksrv.exe [2006-06-03 453120]
R2 SentinelProtectionServer;SentinelProtectionServer; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2004-09-10 189536]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-12-25 540672]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast\ashWebSv.exe [2008-11-26 352920]
S2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

J'ai refait un scan avec une version shareware d'Exterminate It, qui me trouve pas mal de saloperies. Sans la licence je ne peux pas les supprimer, avec quel outil puis-je faire ça efficacement ?

Salut Strato


Bonne initiative

Fais le scan avec Combofix, il va supprimer le rootkit TDSS et ces petits frères.


@++

Super, Combofix a pu supprimer ce qui avait résisté à MBAM ! Je le garde sous la main, très pratique ce petit outil que je ne connaissais pas.
Tout est clean maintenant !
Encore une fois un grand merci à toi Dédé !!

Salut Strato


Ce n'est pas fini, poste le rapport pour que je vérifie tous cela, il ce trouve ici : C:\Combofix.txt


@++

ComboFix 08-12-28.03 - STIRWEN 2008-12-29 23:58:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.557 [GMT 1:00]
Lancé depuis: c:\documents and settings\STIRWEN\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\STIRWEN\Local Settings\Temporary Internet Files\Update.msf
C:\InfoSat.txt
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\sorujome.dll
c:\windows\system32\TDSSmtpe.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.

2008-12-29 16:55 . 2008-12-29 16:55 <REP> d-------- c:\program files\Exterminate It!
2008-12-29 16:34 . 2008-12-29 16:34 <REP> d-------- c:\program files\Multi Virus Cleaner 2008
2008-12-29 16:14 . 2008-12-29 16:14 <REP> d-------- c:\program files\Enigma Software Group
2008-12-29 16:02 . 2008-12-29 16:02 164,943 --a------ C:\ext.jpg
2008-12-29 14:06 . 2008-12-29 14:06 <REP> d-------- C:\rsit
2008-12-29 14:06 . 2008-12-29 14:06 <REP> d-------- c:\program files\trend micro
2008-12-29 11:24 . 2008-12-29 11:24 <REP> d-------- c:\program files\Malwarebytes 2
2008-12-29 11:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 11:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-29 11:00 . 2008-12-28 20:35 182,099,968 --a------ C:\5x20 - Friends - Celui avec la ronde en bagnole ( fr ).avi
2008-12-29 10:57 . 2008-12-29 11:00 <REP> d-------- C:\donnees dd sata
2008-12-28 18:34 . 2008-12-28 18:35 <REP> d-------- c:\program files\UsbFix
2008-12-28 11:00 . 2008-12-28 11:00 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-27 23:38 . 2006-06-29 22:37 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-27 23:38 . 2006-06-29 22:37 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-27 23:38 . 2006-06-29 20:42 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-27 23:38 . 2006-06-29 22:37 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-27 23:38 . 2006-06-29 22:37 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-27 23:38 . 2006-06-29 22:37 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-27 23:38 . 2006-06-29 22:37 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-27 23:38 . 2008-12-27 23:38 <REP> d-------- c:\documents and settings\Administrateur
2008-12-27 23:20 . 2008-12-27 23:27 <REP> d-------- c:\program files\FindyKill
2008-12-27 22:32 . 2008-12-28 10:59 4,343,936 --a------ C:\Année 80-Gérard Blanc - Une Autre Histoire.mp3
2008-12-27 13:41 . 2008-12-27 13:41 37,452 --a------ C:\Image1.jpg
2008-12-25 23:19 . 2008-12-28 18:03 <REP> d-------- c:\program files\Spyware Terminator
2008-12-25 23:19 . 2008-12-28 18:03 <REP> d-------- c:\documents and settings\STIRWEN\Application Data\Spyware Terminator
2008-12-25 23:19 . 2008-12-27 22:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-25 23:19 . 2008-12-25 23:19 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-25 19:53 . 2008-12-25 19:56 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Orbit
2008-12-25 17:17 . 2008-12-25 17:17 <REP> d-------- c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-12-25 17:05 . 2008-12-25 17:05 <REP> d-------- c:\documents and settings\NetworkService\Menu Démarrer
2008-12-25 17:04 . 2008-12-25 17:04 <REP> d-------- c:\documents and settings\NetworkService\Application Data\StumbleUpon
2008-12-25 17:00 . 2008-12-25 17:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
2008-12-25 16:05 . 2008-12-25 16:06 <REP> d-------- c:\program files\Trojan Killer
2008-12-25 15:30 . 2008-12-25 15:30 <REP> d-------- c:\program files\Avira
2008-12-25 15:30 . 2008-12-25 15:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-25 15:09 . 2001-07-28 12:50 265,753 --a------ c:\windows\system32\AS-Exp2.ocx
2008-12-25 15:09 . 2001-04-20 01:28 28,672 --a------ c:\windows\system32\systray.ocx
2008-12-25 15:05 . 2005-08-27 02:38 1,435,272 --a------ c:\windows\system32\Flash.ocx
2008-12-25 15:05 . 2004-05-11 09:56 423,784 --a------ c:\windows\system32\XceedBkp.dll
2008-12-25 15:05 . 2004-01-09 10:54 188,416 --a------ c:\windows\system32\actsplash.ocx
2008-12-25 15:05 . 2004-03-08 23:00 131,856 --a------ c:\windows\system32\MSADODC.ocx
2008-12-25 15:05 . 2001-03-28 22:02 89,088 --a------ c:\windows\system32\ProgressBar4.ocx
2008-12-25 15:05 . 1999-01-26 19:36 11,012 --a------ c:\windows\system32\threadapi.tlb
2008-12-25 14:49 . 2008-12-25 14:49 <REP> d-------- c:\program files\Mamaloes
2008-12-25 14:42 . 2008-12-25 18:56 <REP> d-------- c:\program files\Malware Destroyer
2008-12-25 11:47 . 2008-12-25 11:51 <REP> d-------- c:\program files\a-squared
2008-12-25 11:33 . 2008-12-25 11:33 <REP> dr------- c:\documents and settings\STIRWEN\Copie de Favoris
2008-12-21 23:10 . 2008-12-21 23:11 <REP> d-------- c:\program files\Winamp
2008-12-21 23:10 . 2008-12-21 23:28 <REP> d-------- c:\documents and settings\STIRWEN\Application Data\Winamp
2008-12-21 23:04 . 2008-12-21 23:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Last.fm
2008-12-21 23:03 . 2008-12-21 23:03 <REP> d-------- c:\program files\Last.fm
2008-12-18 17:11 . 2008-12-24 15:28 12,151,146 --a------ C:\02-Sacrifice.mp3
2008-12-18 17:11 . 2008-12-18 15:11 10,092,906 --a------ C:\09-Avantasia [avantasia cover].mp3
2008-12-18 17:11 . 2008-12-24 15:20 6,731,260 --a------ C:\08-Fucking with fire.mp3
2008-12-13 17:27 . 2008-12-27 12:56 6,778,924 --a------ C:\Queens Of The Stone Age - Infinity.mp3
2008-12-11 11:36 . 2008-12-11 11:42 <REP> d-------- c:\program files\Voice Changer
2008-12-05 20:32 . 2008-12-27 00:42 <REP> d-------- C:\Reflets d'acide

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:06 --------- d-----w c:\program files\Wanadoo
2008-12-29 23:04 --------- d-----w c:\program files\Avast
2008-12-29 16:04 --------- d-----w c:\documents and settings\STIRWEN\Application Data\uTorrent
2008-12-29 15:34 --------- d-----w c:\program files\FlashGet
2008-12-29 15:01 --------- d-----w c:\program files\Paint Shop Pro 6
2008-12-29 13:33 --------- d-----w c:\program files\CCleaner
2008-12-29 13:08 --------- d-----w c:\program files\Musicmatch Jukebox
2008-12-27 21:44 --------- d-----w c:\program files\eMule0.49
2008-12-27 21:40 --------- d-----w c:\program files\Ad-aware
2008-12-25 23:06 --------- d-----w c:\documents and settings\STIRWEN\Application Data\Orbit
2008-12-25 22:40 --------- d-----w c:\program files\Daemon Tools
2008-12-25 16:05 --------- d-----w c:\program files\StumbleUpon
2008-12-25 13:49 --------- d-----w c:\documents and settings\STIRWEN\Application Data\GetRightToGo
2008-12-25 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 09:48 --------- d--h--w c:\program files\Fex
2008-12-17 13:26 --------- d-----w c:\program files\UltraStar Deluxe
2008-12-09 12:33 --------- d-----w c:\program files\Java
2008-12-05 16:20 --------- d-----w c:\program files\FLVPlayer
2008-12-05 16:20 --------- d-----w c:\program files\Filezilla
2008-11-25 12:00 --------- d-----w c:\documents and settings\STIRWEN\Application Data\gtk-2.0
2008-11-23 20:33 --------- d-----w c:\program files\Veoh
2008-11-17 19:22 --------- d-----w c:\program files\QPed
2008-11-14 11:12 --------- d-----w c:\program files\SopCast
2008-11-14 11:06 --------- d-----w c:\program files\TVUPlayer
2008-11-10 17:36 --------- d-----w c:\documents and settings\STIRWEN\Application Data\SPORE
2008-09-19 16:15 39,192 ----a-w c:\documents and settings\STIRWEN\Application Data\GDIPFONTCACHEV1.DAT
2007-08-07 20:03 436,184 ----a-w c:\program files\Youtube Video Download 2.exe
2007-07-10 08:18 38,408 ----a-w c:\documents and settings\Autre\Application Data\GDIPFONTCACHEV1.DAT
1998-02-09 02:20 305,664 ----a-w c:\program files\freemem.exe
2006-09-12 11:07 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-20 17:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082020080821\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"MimBoot"="c:\program files\Musicmatch Jukebox\mimboot.exe" [2004-12-10 11776]
"MMTray"="c:\program files\Musicmatch Jukebox\mm_tray.exe" [2004-12-10 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-17 282624]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ymetray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^STIRWEN^Menu Démarrer^Programmes^Démarrage^YouTube Uploader.lnk]
path=c:\documents and settings\STIRWEN\Menu Démarrer\Programmes\Démarrage\YouTube Uploader.lnk
backup=c:\windows\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-21 13:07 2752512 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
--a------ 2005-02-08 23:06 356352 c:\program files\Internet Explorer\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2006-09-15 12:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-17 23:17 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Savvy DTV Service]
--a------ 2006-05-29 22:35 49152 c:\program files\Savvy TV\DTV Service.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-06 20:21 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-07 00:52 36864 c:\program files\Ulead\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBTUCopy]
-ra------ 2004-09-22 12:04 126976 c:\program files\VBTUCopy\VBTUCOPY.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TribalWeb\\tribalweb.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\tvants\\Tvants.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Jeux\\Top Spin 2\\Data\\Top Spin 2.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Program Files\\GetRight\\getright.exe"=
"c:\\Jeux\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Jeux\\Speedball 2 Tournament\\Speedball 2\\speedball2.exe"=
"c:\\Program Files\\Real Player\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\eMule0.49\\emule.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45862:TCP"= 45862:TCP:Azureus
"4662:TCP"= 4662:TCP:127.0.0.1/255.255.255.255:Enabled:emule
"4672:UDP"= 4672:UDP:127.0.0.1/255.255.255.255:Enabled:emule
"15005:UDP"= 15005:UDP:90.12.208.168/255.255.255.255:Enabled:Utorrent
"15005:TCP"= 15005:TCP:Utorrent

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-10-12 101120]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-08 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-08 20560]
R2 PoliceService;PoliceService;c:\windows\system32\srksrv.exe [2006-11-19 453120]
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\DRIVERS\Eagle2RC.sys [2006-11-17 8576]
S3 Eagle2TV;TV tuner device;c:\windows\system32\Drivers\eagle2tv_B.sys [2006-11-17 384128]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-29 38496]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\DRIVERS\USBAV708.SYS [2007-02-10 101120]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2008-02-19 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2008-02-19 85696]
.
Contenu du dossier 'Tâches planifiées'

2008-12-25 c:\windows\Tasks\At10.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-25 c:\windows\Tasks\At11.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-28 c:\windows\Tasks\At12.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-28 c:\windows\Tasks\At13.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-28 c:\windows\Tasks\At14.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-28 c:\windows\Tasks\At15.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At16.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At17.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At18.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At19.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At20.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At21.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At22.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At23.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At24.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-26 c:\windows\Tasks\At25.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-27 c:\windows\Tasks\At26.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At27.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At28.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At29.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At3.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-25 c:\windows\Tasks\At30.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At31.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At32.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At33.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At34.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At35.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-28 c:\windows\Tasks\At36.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-28 c:\windows\Tasks\At37.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-28 c:\windows\Tasks\At38.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-28 c:\windows\Tasks\At39.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At4.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-29 c:\windows\Tasks\At40.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-29 c:\windows\Tasks\At41.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-29 c:\windows\Tasks\At42.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-29 c:\windows\Tasks\At43.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-29 c:\windows\Tasks\At44.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-29 c:\windows\Tasks\At45.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-29 c:\windows\Tasks\At46.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-29 c:\windows\Tasks\At47.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-29 c:\windows\Tasks\At48.job
- c:\windows\system32\V6Ge0N5C.exe []

2008-12-25 c:\windows\Tasks\At5.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-25 c:\windows\Tasks\At6.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-25 c:\windows\Tasks\At7.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-25 c:\windows\Tasks\At8.job
- c:\windows\system32\Iw5VJ3Fj.exe []

2008-12-25 c:\windows\Tasks\At9.job
- c:\windows\system32\Iw5VJ3Fj.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-Google Update - c:\documents and settings\STIRWEN\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
MSConfigStartUp-InterNeo - c:\program files\InterNeo\interneo.exe
MSConfigStartUp-LaunchList - c:\program files\Pinnacle Studio\LaunchList.exe
MSConfigStartUp-Pando - c:\program files\Pando Networks\Pando\Pando.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
MSConfigStartUp-SweetIM - c:\program files\Macrogaming\SweetIM\SweetIM.exe
MSConfigStartUp-Yahoo! Pager - ~c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE


.
------- Examen supplémentaire -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: StumbleUpon: &Blog This - StumbleUponIEBar.dll/blogimage
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: *.musicmatch.com
Trusted Zone: *.stumbleupon.com
Trusted Zone: *.musicmatch.com

c:\windows\Downloaded Program Files\contactx.dll - O16 -: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C}
hxxp://www.facebook.com/controls/contactx.dll

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.ca(...)
c:\windows\Downloaded Program Files\hardwaredetection.inf

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf
FF - ProfilePath - c:\documents and settings\STIRWEN\Application Data\Mozilla\Firefox\Profiles\4mf9cq81.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.fr
FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&(...)
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Real Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE


FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&(...)

FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&(...)
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:05:24
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avast\aswUpdSv.exe
c:\program files\Avast\ashServ.exe
c:\program files\a-squared\a2service.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avast\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\Musicmatch Jukebox\mim.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
c:\program files\Musicmatch Jukebox\MMDiag.exe
.
**************************************************************************
.
Heure de fin: 2008-12-30 0:09:16 - La machine a redémarré [STIRWEN]
ComboFix-quarantined-files.txt 2008-12-29 23:09:13

Avant-CF: 712,187,904 octets libres
Après-CF: 637,628,416 octets libres

433 --- E O F --- 2008-12-18 17:01:05

Salut Strato


Il reste du boulot encore, faire un scan de ce fichier srksrv.exe ici :

http://www.virustotal.com/fr/


Clique sur Parcourir et copie/colle ceci C:\WINDOWS\system32\srksrv.exe, après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.


Poste le résultat au complet

Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm


@++

Ca n'a pas l'air de marcher :

Fichier srksrv.exe reçu le 2008.12.31 15:46:19 (CET)
Situation actuelle: terminé

Résultat: 0/37 (0.00%)
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2008.12.31 -
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 -
Authentium 5.1.0.4 2008.12.31 -
Avast 4.8.1281.0 2008.12.30 -
AVG 8.0.0.199 2008.12.31 -
BitDefender 7.2 2008.12.31 -
CAT-QuickHeal 10.00 2008.12.31 -
ClamAV 0.94.1 2008.12.31 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2008.12.31 -
eTrust-Vet 31.6.6284 2008.12.31 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2008.12.31 -
Fortinet 3.117.0.0 2008.12.31 -
GData 19 2008.12.31 -
Ikarus T3.1.1.45.0 2008.12.31 -
K7AntiVirus 7.10.572 2008.12.31 -
Kaspersky 7.0.0.125 2008.12.31 -
McAfee 5479 2008.12.30 -
McAfee+Artemis 5479 2008.12.30 -
Microsoft 1.4205 2008.12.31 -
NOD32 3725 2008.12.31 -
Norman 5.80.02 2008.12.31 -
Panda 9.0.0.4 2008.12.31 -
Prevx1 V2 2008.12.31 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 -
Sophos 4.37.0 2008.12.31 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2008.12.30 -
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.31 -
Information additionnelle
File size: 453120 bytes
MD5...: 009745030558db6cce3c4be2aa752b22
SHA1..: 2297ea21b5646dc0b2c72ecac532d20f24c7b82d
SHA256: bf9a75c38668b8e26cfb2750fe74191ac9053c8f01d78a57efaab12ca1cbd9bd
SHA512: e4867f5723574139c40d78e5ce3dcd59d43cc6057af6662ba368d5b85d004f7f
b858305a0c7a20547552a281b002ec92b01c2da93d584c9c43b99cad9158f561

ssdeep: 6144:6fo6V/ejlGiDxZRdJi9F3X/g0TQiOnHmrY79HJqrcoerlI3FoLwo88qBrMv
ofRlL:16V2ZGiDxZRbi/aJlDlIaxXqew3L

PEiD..: -
TrID..: File type identification
Win32 Executable Borland Delphi 7 (69.1%)
Win32 Executable Borland Delphi 6 (27.0%)
Win32 Executable Delphi generic (1.5%)
Win32 Executable Generic (0.8%)
Win32 Dynamic Link Library (generic) (0.7%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x45df74
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x5cfe0 0x5d000 6.55 c3ce2d5bb4a01b04603a94e3feece41f
DATA 0x5e000 0x2b58 0x2c00 2.37 0b54412cffa04bbd38bb81f1f21da3a6
BSS 0x61000 0x125d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x63000 0x2532 0x2600 4.91 e232888a7cf4e986a33edc2f393ca64d
.tls 0x66000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x67000 0x18 0x200 0.20 85d55f92dd07023abcb3c2f3d0dbc613
.reloc 0x68000 0x6874 0x6a00 6.65 72b529caaf01584b546aef364445adb8
.rsrc 0x6f000 0x5800 0x5800 4.19 924b7e63757e2a66579754441d2df9ff

( 13 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: ReportEventA, RegisterEventSourceA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetTokenInformation, DeregisterEventSource, AdjustTokenPrivileges
> kernel32.dll: lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, SuspendThread, Sleep, SizeofResource, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MulDiv, LockResource, LocalFree, LocalAlloc, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetExitCodeThread, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, ExpandEnvironmentStringsA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VarBstrFromBool, VarBstrFromDate, VarBstrFromCy, VarBoolFromStr, VarCyFromStr, VarDateFromStr, VarR8FromStr, VarI4FromStr, VarNot, VarNeg, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit
> advapi32.dll: StartServiceA, StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

( 0 exports )

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=009745030558db6cce3c4be2aa752b22' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=009745030558db6cce3c4be2aa752b22</a>

Salut Strato


Je te poste une procédure de nettoyage bientôt

Bonne année 2009 pour toi et ta famille


@++