Si c'est ok dois-je garder RSIT ET MALWAREBYTES SUR MON PC

VOICI LE NOUVEAU RAPPORT



Logfile of random's system information tool 1.06 (written by random/random)
Run by laurent at 2009-06-29 23:40:39
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 182 MB (0%) free of 76 GB
Total RAM: 447 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:11, on 29/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\RSIT.exe
C:\Program Files\trend micro\laurent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Test.lnk = C:\sysprep\TestMulti.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
End of file - 7454 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f}]
peer2Peer-FR2 Toolbar - C:\Program Files\peer2Peer-FR2\tbpee0.dll [2009-05-20 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - peer2Peer-FR2 Toolbar - C:\Program Files\peer2Peer-FR2\tbpee0.dll [2009-05-20 2094616]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE [2004-03-04 98304]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"RelevantKnowledge"=C:\program files\relevantknowledge\rlvknlg.exe -boot []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-11-14 43616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\Temp\NavBrowser.exe"="C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-06-29 19:53:43 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Malwarebytes
2009-06-29 19:53:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-29 19:53:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-29 16:54:00 ----D---- C:\Program Files\trend micro
2009-06-29 16:53:59 ----D---- C:\rsit
2009-06-29 10:06:37 ----HD---- C:\$AVG8.VAULT$
2009-06-29 09:48:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-06-23 20:23:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-23 20:23:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-19 20:05:04 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Yahoo!
2009-06-19 20:05:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-06-13 18:37:03 ----D---- C:\Program Files\directx
2009-06-13 18:33:51 ----D---- C:\Program Files\Fourmis
2009-06-13 18:33:46 ----A---- C:\WINDOWS\IsUn040c.exe
2009-06-11 09:34:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 09:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 09:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 09:30:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 09:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-08 22:57:23 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\WinRAR
2009-06-08 22:27:36 ----D---- C:\WINDOWS\ERUNT
2009-06-05 15:34:33 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\KC Softwares
2009-06-05 08:20:26 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt

======List of files/folders modified in the last 1 months======

2009-06-29 23:12:33 ----D---- C:\WINDOWS\Prefetch
2009-06-29 21:46:30 ----D---- C:\WINDOWS\Temp
2009-06-29 21:44:51 ----D---- C:\Program Files\Symantec AntiVirus
2009-06-29 21:42:31 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 21:42:31 ----D---- C:\WINDOWS\system32
2009-06-29 21:41:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-29 21:33:22 ----RD---- C:\Program Files
2009-06-29 14:12:44 ----SD---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Microsoft
2009-06-29 12:51:35 ----D---- C:\WINDOWS
2009-06-29 09:48:11 ----SHD---- C:\WINDOWS\Installer
2009-06-29 09:48:11 ----D---- C:\Config.Msi
2009-06-29 09:48:09 ----D---- C:\WINDOWS\WinSxS
2009-06-29 09:48:09 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-06-22 11:33:58 ----D---- C:\Documents and Settings
2009-06-19 20:12:49 ----D---- C:\WINDOWS\Debug
2009-06-19 20:12:48 ----D---- C:\WINDOWS\Minidump
2009-06-11 09:42:54 ----HD---- C:\WINDOWS\inf
2009-06-11 09:42:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-11 09:34:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-11 09:34:22 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-05 08:34:42 ----D---- C:\Program Files\Alice
2009-06-04 22:03:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-31 10:39:58 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090624.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090624.003\navex15.sys []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 catchme;catchme; \??\C:\DOCUME~1\LAUREN~1.LIM\LOCALS~1\Temp\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-14 31840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-14 1835104]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-08 2528960]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-14 119904]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------

Désolée je suis novice

je l'ai refait à partir du bureau

Logfile of random's system information tool 1.06 (written by random/random)
Run by laurent at 2009-06-29 17:03:43
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 298 MB (0%) free of 76 GB
Total RAM: 447 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:57, on 29/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\program files\relevantknowledge\rlvknlg.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\RSIT.exe
C:\Program Files\trend micro\laurent.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Test.lnk = C:\sysprep\TestMulti.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
End of file - 7648 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f}]
peer2Peer-FR2 Toolbar - C:\Program Files\peer2Peer-FR2\tbpee0.dll [2009-05-20 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - peer2Peer-FR2 Toolbar - C:\Program Files\peer2Peer-FR2\tbpee0.dll [2009-05-20 2094616]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE [2004-03-04 98304]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"RelevantKnowledge"=C:\program files\relevantknowledge\rlvknlg.exe [2009-03-30 1669632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-11-14 43616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\Temp\NavBrowser.exe"="C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-06-29 16:54:00 ----D---- C:\Program Files\trend micro
2009-06-29 16:53:59 ----D---- C:\rsit
2009-06-29 10:06:37 ----HD---- C:\$AVG8.VAULT$
2009-06-29 09:48:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-06-23 20:23:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-23 20:23:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-19 20:05:04 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Yahoo!
2009-06-19 20:05:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-06-13 18:37:03 ----D---- C:\Program Files\directx
2009-06-13 18:33:51 ----D---- C:\Program Files\Fourmis
2009-06-13 18:33:46 ----A---- C:\WINDOWS\IsUn040c.exe
2009-06-11 09:34:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 09:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 09:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 09:30:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 09:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-08 22:57:23 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\WinRAR
2009-06-08 22:27:36 ----D---- C:\WINDOWS\ERUNT
2009-06-05 15:34:33 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\KC Softwares
2009-06-05 15:33:10 ----D---- C:\Program Files\RelevantKnowledge
2009-06-05 08:20:26 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt

======List of files/folders modified in the last 1 months======

2009-06-29 17:03:30 ----D---- C:\WINDOWS\Prefetch
2009-06-29 16:55:19 ----D---- C:\WINDOWS\Temp
2009-06-29 16:54:00 ----RD---- C:\Program Files
2009-06-29 14:52:27 ----D---- C:\Program Files\Symantec AntiVirus
2009-06-29 14:49:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-29 14:12:44 ----SD---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Microsoft
2009-06-29 12:51:35 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 12:51:35 ----D---- C:\WINDOWS\system32
2009-06-29 12:51:35 ----D---- C:\WINDOWS
2009-06-29 09:48:11 ----SHD---- C:\WINDOWS\Installer
2009-06-29 09:48:11 ----D---- C:\Config.Msi
2009-06-29 09:48:09 ----D---- C:\WINDOWS\WinSxS
2009-06-29 09:48:09 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-06-22 11:33:58 ----D---- C:\Documents and Settings
2009-06-19 20:12:49 ----D---- C:\WINDOWS\Debug
2009-06-19 20:12:48 ----D---- C:\WINDOWS\Minidump
2009-06-11 09:42:54 ----HD---- C:\WINDOWS\inf
2009-06-11 09:42:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-11 09:34:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-11 09:34:22 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-05 08:34:42 ----D---- C:\Program Files\Alice
2009-06-04 22:03:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-31 10:39:58 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090624.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090624.003\navex15.sys []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 catchme;catchme; \??\C:\DOCUME~1\LAUREN~1.LIM\LOCALS~1\Temp\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-14 31840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-14 1835104]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-08 2528960]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-14 119904]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------

J'ai suivi tes conseils et voici dans l'ordre les deux rapports le premier du site virustotal et le second de malwarebytes

Fichier rlvknlg.exe reçu le 2009.06.29 17:23:44 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 17/41 (41.47%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 4.
L'heure estimée de démarrage est entre 62 et 88 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.29 Riskware.AdWare.Win32.RK!IK
AhnLab-V3 5.0.0.2 2009.06.29 -
AntiVir 7.9.0.199 2009.06.29 TR/Spy.Agen.1669632
Antiy-AVL 2.0.3.1 2009.06.29 -
Authentium 5.1.2.4 2009.06.29 -
Avast 4.8.1335.0 2009.06.29 -
AVG 8.5.0.339 2009.06.29 -
BitDefender 7.2 2009.06.29 Gen:Adware.Heur.5612ED4F4F
CAT-QuickHeal 10.00 2009.06.29 Trojan.Agent.ATV
ClamAV 0.94.1 2009.06.29 -
Comodo 1490 2009.06.29 ApplicUnwnt.Win32.AdWare.RelaventKnowledge.~B
DrWeb 5.0.0.12182 2009.06.29 -
eSafe 7.0.17.0 2009.06.29 -
eTrust-Vet 31.6.6588 2009.06.29 -
F-Prot 4.4.4.56 2009.06.29 -
F-Secure 8.0.14470.0 2009.06.29 -
Fortinet 3.117.0.0 2009.06.29 Misc/Oss
GData 19 2009.06.29 Gen:Adware.Heur.5612ED4F4F
Ikarus T3.1.1.64.0 2009.06.29 not-a-virus:AdWare.Win32.RK
Jiangmin 11.0.706 2009.06.29 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.29 -
McAfee 5661 2009.06.29 potentially unwanted program Proxy-OSS
McAfee+Artemis 5661 2009.06.29 potentially unwanted program Proxy-OSS
McAfee-GW-Edition 6.7.6 2009.06.29 Trojan.Spy.Agen.1669632
Microsoft 1.4803 2009.06.29 -
NOD32 4197 2009.06.29 probably a variant of Win32/Genetik
Norman 6.01.09 2009.06.29 MarketScore.S
nProtect 2009.1.8.0 2009.06.29 Trojan-Clicker/W32.Agent.1669632
Panda 10.0.0.14 2009.06.29 Spyware/MarketScore
PCTools 4.4.2.0 2009.06.28 -
Prevx 3.0 2009.06.29 -
Rising 21.36.04.00 2009.06.29 -
Sophos 4.43.0 2009.06.29 -
Sunbelt 3.2.1858.2 2009.06.29 Marketscore.RelevantKnowledge
Symantec 1.4.4.12 2009.06.29 -
TheHacker 6.3.4.3.356 2009.06.27 -
TrendMicro 8.950.0.1094 2009.06.29 -
VBA32 3.12.10.7 2009.06.29 -
ViRobot 2009.6.29.1810 2009.06.29 -
VirusBuster 4.6.5.0 2009.06.29 TrojanSpy.Agent.LMEV
Information additionnelle
File size: 1669632 bytes
MD5...: 1a7f49370dbe59acb08f6965654bba7b
SHA1..: f0371c2f764a32a5dc619b77fb5c2c53c56e03f8
SHA256: e03ad22389bed5e82c85e9730a5c98ef0a4e86aef20c89e59a782b67d7150ae8
ssdeep: 49152:UDfAJHbEmbYlEdA6C7RJFzWZ5o8+TJEA6E:JlbEfEa6CVJFz8o8

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10a7dc
timedatestamp.....: 0x49b521f4 (Mon Mar 09 14:04:36 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13264a 0x132800 6.53 048be6cd990d514991148a5944c01908
.rdata 0x134000 0x56eb1 0x57000 5.29 f890b3cce16ab70d5d24417ae472ee6a
.data 0x18b000 0x2bd8c 0x4e00 5.07 de3367e7eb30868efb06c2aa851f2cf7
.rsrc 0x1b7000 0x8e48 0x9000 5.37 5399af945b90c705b31b47417e99be45

( 20 imports )
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> WININET.dll: InternetGetConnectedState, InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetCloseHandle, InternetConnectA, HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetSetOptionA, DeleteUrlCacheEntry, RetrieveUrlCacheEntryStreamA, ReadUrlCacheEntryStream, UnlockUrlCacheEntryStream
> COMCTL32.dll: ImageList_LoadImageA
> RPCRT4.dll: UuidCreate, UuidCompare
> WINMM.dll: waveInGetNumDevs, midiInGetNumDevs, mixerGetNumDevs, auxGetNumDevs, joyGetNumDevs, midiOutGetNumDevs, waveOutGetNumDevs
> iphlpapi.dll: GetAdaptersInfo, GetNetworkParams, GetIpForwardTable
> SETUPAPI.dll: SetupDiOpenDeviceInfoA, SetupDiGetDeviceRegistryPropertyA, SetupDiDestroyDeviceInfoList, SetupDiGetClassDevsA, SetupDiGetDeviceInstanceIdA, SetupDiEnumDeviceInfo, SetupDiCreateDeviceInfoList, SetupDiGetDeviceInterfaceDetailA, SetupDiEnumDeviceInterfaces
> KERNEL32.dll: FindNextFileA, GetDiskFreeSpaceA, FindFirstFileW, DeleteFileW, FindNextFileW, OpenEventA, CreateSemaphoreA, InterlockedCompareExchange, LCMapStringA, HeapSize, HeapReAlloc, InterlockedExchange, GetThreadLocale, GetLocaleInfoA, GetACP, GetVersionExA, RaiseException, GetLastError, InitializeCriticalSection, DeleteCriticalSection, CloseHandle, SetEvent, GetTickCount, ResetEvent, QueryPerformanceCounter, DeleteFileA, CreateFileA, GetFileSize, LocalFree, LocalAlloc, lstrlenA, FormatMessageA, GetSystemTimeAsFileTime, LoadLibraryA, GetProcAddress, FreeLibrary, SetFilePointer, WriteFile, ReadFile, OpenProcess, GetFileAttributesA, CreateEventA, Sleep, GetTempPathA, GetTempFileNameA, CreateDirectoryA, CopyFileA, RemoveDirectoryA, GetStartupInfoA, GetCurrentProcessId, CreateProcessA, OpenMutexA, WaitForSingleObject, EnterCriticalSection, LeaveCriticalSection, QueryPerformanceFrequency, SetThreadPriority, GetCurrentThread, InterlockedDecrement, GetCurrentThreadId, InterlockedIncrement, SetLastError, GetComputerNameA, GetCurrentProcess, IsBadReadPtr, GetSystemInfo, GlobalMemoryStatus, WaitForMultipleObjects, ResumeThread, HeapAlloc, GetProcessHeap, GetModuleHandleA, IsDebuggerPresent, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, lstrcmpiA, GetVersion, GetEnvironmentVariableA, GetStringTypeExA, SetUnhandledExceptionFilter, ExitProcess, GlobalAlloc, GlobalFree, WriteProcessMemory, GlobalLock, GlobalUnlock, CreateRemoteThread, GetShortPathNameA, MoveFileExA, GetWindowsDirectoryA, WritePrivateProfileStringA, GetModuleFileNameA, FindResourceA, SizeofResource, LoadResource, LockResource, GetUserDefaultLangID, GetLocalTime, MoveFileA, MulDiv, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, SetConsoleCtrlHandler, GetTimeZoneInformation, ReleaseSemaphore, DuplicateHandle, CreateMutexA, ReleaseMutex, GetSystemDefaultLangID, GetSystemDirectoryA, SetFileAttributesA, GetSystemTime, GlobalSize, RemoveDirectoryW, CreateDirectoryW, FlushInstructionCache, HeapFree, lstrcmpA, GetExitCodeThread, TerminateThread, GetLongPathNameA, GetDriveTypeA, FindFirstFileA, SetFileTime, GetSystemDefaultLCID, FindClose, GetLogicalDriveStringsA, GetLogicalDrives, GetUserDefaultLCID, FileTimeToSystemTime, SystemTimeToFileTime, CompareFileTime, HeapDestroy, GetModuleHandleW, GetTimeFormatA, GetDateFormatA, Process32Next, Process32First, CreateToolhelp32Snapshot, LoadLibraryExA, GetModuleFileNameW, WritePrivateProfileSectionA, GetPrivateProfileSectionA
> USER32.dll: ExitWindowsEx, RegisterClassA, IsWindowEnabled, IsWindowVisible, EnumChildWindows, UnregisterClassA, SetWindowsHookExA, UnregisterDeviceNotification, RegisterDeviceNotificationA, EnumWindows, EnableWindow, EndDialog, SetDlgItemInt, SetDlgItemTextA, GetWindowRect, CreateDialogParamA, RemoveMenu, GetSubMenu, LoadMenuA, FlashWindowEx, SetClassLongA, GetSystemMetrics, CallNextHookEx, LoadStringA, ReleaseCapture, CreateAcceleratorTableA, FillRect, GetFocus, DestroyAcceleratorTable, GetSysColor, SystemParametersInfoA, GetClassNameA, GetDlgItem, GetParent, IsChild, SetCapture, RedrawWindow, InvalidateRgn, SetWindowPos, GetWindowTextLengthA, GetWindowTextA, CharNextA, InvalidateRect, SetWindowRgn, DrawTextA, KillTimer, EndPaint, BeginPaint, SetTimer, GetClientRect, GetDesktopWindow, ReleaseDC, GetDC, InsertMenuItemA, CreatePopupMenu, LoadImageA, TrackPopupMenu, GetCursorPos, DestroyMenu, DestroyIcon, FindWindowA, IsWindow, PeekMessageA, MsgWaitForMultipleObjects, SetWindowTextA, UpdateWindow, DestroyWindow, PostMessageA, TranslateMessage, IsDialogMessageA, TranslateAcceleratorA, LoadAcceleratorsA, ShowWindow, RegisterWindowMessageA, CallWindowProcA, DefWindowProcA, GetMenu, CheckMenuItem, SetForegroundWindow, SetFocus, SetActiveWindow, GetWindow, GetClassInfoExA, UnhookWindowsHookEx, wsprintfA, MessageBoxA, PostThreadMessageA, MoveWindow, PostQuitMessage, SendMessageA, SetWindowLongA, GetWindowLongA, CreateWindowExA, RegisterClassExA, LoadCursorA, LoadIconA, GetWindowThreadProcessId, DispatchMessageA, GetMessageA
> GDI32.dll: CreateCompatibleBitmap, CreateSolidBrush, GetObjectA, SetBkMode, CombineRgn, CreateRectRgn, SetTextColor, CreateFontA, SelectObject, CreateDIBSection, CreateCompatibleDC, DeleteDC, DeleteObject, BitBlt, GetDeviceCaps, GetStockObject
> WINSPOOL.DRV: EnumPrintersA
> comdlg32.dll: GetSaveFileNameA, FindTextA
> ADVAPI32.dll: GetLengthSid, RegEnumKeyExA, SetNamedSecurityInfoW, SetNamedSecurityInfoA, RegEnumKeyA, RegEnumValueA, RegSetValueExA, RegNotifyChangeKeyValue, RegOpenKeyExA, RegDeleteKeyA, RegCreateKeyExA, AddAccessAllowedAce, InitializeAcl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, RegDeleteValueA, RegCloseKey, RegQueryValueExA, RegOpenKeyA, GetUserNameA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegCreateKeyA, DuplicateTokenEx, CreateProcessAsUserA, SetSecurityInfo, SetTokenInformation, GetTokenInformation, IsValidSid, GetSidSubAuthority, GetSidSubAuthorityCount, SetFileSecurityA, RegSetKeySecurity, DeleteService
> SHELL32.dll: ShellExecuteA, SHGetSpecialFolderPathA, SHGetSpecialFolderPathW, Shell_NotifyIconA
> ole32.dll: CoInitialize, CoUninitialize, OleRun, StringFromGUID2, CoCreateGuid, CreateStreamOnHGlobal, CoMarshalInterface, CoGetMarshalSizeMax, CoInitializeEx, CoSetProxyBlanket, GetHGlobalFromStream, CoTaskMemAlloc, CLSIDFromString, CLSIDFromProgID, OleUninitialize, OleInitialize, OleLockRunning, CoGetClassObject, CoTaskMemFree, CoCreateInstance
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCP71.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD0@Z, _seekoff@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAE_AV_$fpos@H@2@JHH@Z, _seekpos@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAE_AV_$fpos@H@2@V32@H@Z, __0_$basic_ostream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N@Z, __1_$basic_ostream@DU_$char_traits@D@std@@@std@@UAE@XZ, ___7_$basic_ostream@DU_$char_traits@D@std@@@std@@6B@, __Xlen@_String_base@std@@QBEXXZ, __Xran@_String_base@std@@QBEXXZ, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@PBGI@Z, _clear@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEXXZ, _find_first_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIGI@Z, _find_last_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGI@Z, _find_first_not_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIGI@Z, _find_last_not_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIGI@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, __$_8GU_$char_traits@G@std@@V_$allocator@G@1@@std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AViterator@12@V312@@Z, _swap@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXAAV12@@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IPBDI@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IABV12@@Z, _ends@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@_N@Z, _clear@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, _setw@std@@YA_AU_$_Smanip@H@1@H@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@_J@Z, _resize@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _resize@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXID@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBG@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGI@Z, _substr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBE_AV12@II@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, _str@_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@@Z, __0_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAE@XZ, _open@_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAEXPBDHH@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@N@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@G@Z, _copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPADII@Z, _find_first_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV01@@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@PBG@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@IG@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@G@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHIIPBDI@Z, _erase@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@II@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, __$_NDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __$_ODU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AViterator@12@V312@D@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD0@Z, _underflow@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, _find_first_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _pbackfail@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHH@Z, _sputn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHPBDH@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@PBG@Z, _npos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@2IB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, ___D_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAEXXZ, __0_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAE@PBDHH@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@PBG@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@Vconst_iterator@01@0@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHABV12@@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHIIPBD@Z, _str@_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@@Z, __$_6U_$char_traits@D@std@@@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@D@Z, _rfind@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, _find_first_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _find_last_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, __1_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIPBD@Z, _cout@std@@3V_$basic_ostream@DU_$char_traits@D@std@@@1@A, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV01@AAI@Z, ___D_$basic_istringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, ___D_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@II@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z, _widen@_$basic_ios@DU_$char_traits@D@std@@@std@@QBEDD@Z, _write@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z, __0_$basic_istringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@H@Z, __0_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@H@Z, __Nomemory@std@@YAXXZ, _xalloc@ios_base@std@@SAHXZ, _pword@ios_base@std@@QAEAAPAXH@Z, _register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBG@Z, _resize@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEXIG@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AViterator@12@XZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AViterator@12@XZ, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __$_6U_$char_traits@D@std@@@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@PBD@Z, _setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, _sputc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHD@Z, __Osfx@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEXXZ, _uncaught_exception@std@@YA_NXZ, _flush@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@XZ, __Unlock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, __Lock@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEXXZ, __$_MDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _push_back@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXD@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AVconst_iterator@12@XZ, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AVconst_iterator@12@XZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __0_$_String_val@DV_$allocator@D@std@@@std@@IAE@V_$allocator@D@1@@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@IAEX_NI@Z, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@Viterator@12@0ABV12@@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE_AViterator@12@V312@0@Z, _str@_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, __0_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@H@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@K@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@J@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@I@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z, ___D_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXViterator@12@PBD1@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXViterator@12@Vconst_iterator@12@1@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@H@Z, _find_last_not_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _str@_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NPBDABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ID@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _clear@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __0locale@std@@QAE@XZ, __1locale@std@@QAE@XZ, __Getcat@_$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z, _id@_$ctype@D@std@@2V0locale@2@A, __Register@facet@locale@std@@QAEXXZ, __Getfacet@locale@std@@QBEPBVfacet@12@I@Z, __Bid@locale@std@@QAEIXZ, __1_Lockit@std@@QAE@XZ, __0_Lockit@std@@QAE@H@Z, __Incref@facet@locale@std@@QAEXXZ, _toupper@_$ctype@D@std@@QBEDD@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@Viterator@12@0Vconst_iterator@12@1@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@Viterator@12@0PBD1@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@_K@Z, _find_last_of@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _tolower@_$ctype@D@std@@QBEDD@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@IPBD@Z, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDI@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEHPBD@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, __1_$basic_streambuf@DU_$char_traits@D@std@@@std@@UAE@XZ, __Init@strstreambuf@std@@IAEXHPAD0H@Z, __1strstreambuf@std@@UAE@XZ, __1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ, __1_$basic_istream@DU_$char_traits@D@std@@@std@@UAE@XZ, __1istrstream@std@@UAE@XZ, _overflow@strstreambuf@std@@MAEHH@Z, _pbackfail@strstreambuf@std@@MAEHH@Z, _showmanyc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, _underflow@strstreambuf@std@@MAEHXZ, _uflow@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, _xsgetn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHPADH@Z, _xsputn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHPBDH@Z, _seekoff@strstreambuf@std@@MAE_AV_$fpos@H@2@JHH@Z, _seekpos@strstreambuf@std@@MAE_AV_$fpos@H@2@V32@H@Z, _setbuf@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEPAV12@PADH@Z, _sync@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEHXZ, _imbue@_$basic_streambuf@DU_$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z, __0_$basic_istream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N1@Z, __0_$basic_ios@DU_$char_traits@D@std@@@std@@IAE@XZ, __0_$basic_streambuf@DU_$char_traits@D@std@@@std@@IAE@XZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _snextc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHXZ, __Ipfx@_$basic_istream@DU_$char_traits@D@std@@@std@@QAE_N_N@Z, _sgetc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHXZ, _max_size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _sbumpc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHXZ, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IG@Z
> MSVCR71.dll: __3@YAXPAX@Z, tolower, __0exception@@QAE@ABV0@@Z, __1exception@@UAE@XZ, __0exception@@QAE@XZ, free, memmove, __0bad_cast@@QAE@PBD@Z, __1bad_cast@@UAE@XZ, strchr, __0bad_cast@@QAE@ABV0@@Z, atoi, strstr, sprintf, _splitpath, ___V@YAXPAX@Z, strncpy, atol, printf, _snprintf, strrchr, time, _strnicmp, strncat, _strrev, _stricmp, _itoa, isspace, _purecall, localtime, strftime, isprint, rand, srand, strtok, toupper, _atoi64, malloc, _resetstkoflw, wcscpy, _beginthread, strncmp, isalnum, isdigit, strpbrk, atof, _vsnprintf, _mbsnbcpy, _beginthreadex, strtol, _strdup, sscanf, strcspn, _strlwr, swprintf, fopen, fseek, fwrite, fclose, __CxxFrameHandler, iswdigit, wcsncmp, wcscat, realloc, _mbsstr, _mbslwr, _mbscmp, wcstombs, __8type_info@@QBEHABV0@@Z, strtoul, fprintf, _iob, isalpha, wcslen, strlen, memcpy, _futime, _CxxThrowException, vsprintf, _mktime64, strtod, ceil, _mbschr, fputc, _errno, fread, ftell, _fdopen, _swab, _wcsicmp, mbstowcs, _callnewh, _except_handler3, __1type_info@@UAE@XZ, __dllonexit, _onexit, _terminate@@YAXXZ, _c_exit, _exit, _XcptFilter, _ismbblead, _cexit, exit, _acmdln, _amsg_exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _open, _write, _close, _sopen, _lseek, _read, _fstat, _tell, memset, __security_error_handler
> SHLWAPI.dll: SHCopyKeyA
> VERSION.dll: VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA

( 4 exports )
__0CNGCTraceProxy@@QAE@ABV0@@Z, __0CNGCTraceProxy@@QAE@XZ, __4CNGCTraceProxy@@QAEAAV0@ABV0@@Z, ___7CNGCTraceProxy@@6B@

PDFiD.: -
RDS...: NSRL Reference Data Set



Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2351
Windows 5.1.2600 Service Pack 3

29/06/2009 21:33:23
mbam-log-2009-06-29 (21-33-23).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 246890
Temps écoulé: 1 hour(s), 33 minute(s), 17 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 24
Fichier(s) infecté(s): 33

Processus mémoire infecté(s):
C:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\rhc5bnj0eg03 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\laurent\application data\rhc5bnj0eg03\quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\rhc5bnj0eg03\quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\RP1\A0001075.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0006347.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0007309.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0007310.exe (Rogue.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0007321.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0007326.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0007327.exe (Rogue.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0008325.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0008326.exe (Rogue.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0008337.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0008339.exe (Rogue.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0009343.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0009344.exe (Rogue.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0009358.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bdf91518-72bb-48be-b24f-ce8639d522c7}\rp5\A0009359.exe (Rogue.Agent) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\rhc5bnj0eg03\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\rhc5bnj0eg03\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\rhc5bnj0eg03\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\rhc5bnj0eg03\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\rhc5bnj0eg03\rhc5bnj0eg03.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\Test\application data\tmprecenticons\PCPrivacyCleaner.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\Test\local settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Test\local settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Test\local settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Test\local settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Test\local settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Test\local settings\Temp\.tt1.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Test\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

Kevin05

Un grand merci

Apparament le problème est résolu, je suis sur internet et je n'ai plus de message qui m'indique que j'ai un virus

j'espère que cela va durer

Encore merci de m'avoir dépannée, cela fait plusieurs jours que j'essayais de me sortir de ce guépier.

Logfile of random's system information tool 1.06 (written by random/random)
Run by laurent at 2009-06-29 23:48:01
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 181 MB (0%) free of 76 GB
Total RAM: 447 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:15, on 29/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\RSIT.exe
C:\Program Files\trend micro\laurent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Test.lnk = C:\sysprep\TestMulti.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
End of file - 7598 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f}]
peer2Peer-FR2 Toolbar - C:\Program Files\peer2Peer-FR2\tbpee0.dll [2009-05-20 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - peer2Peer-FR2 Toolbar - C:\Program Files\peer2Peer-FR2\tbpee0.dll [2009-05-20 2094616]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE [2004-03-04 98304]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"RelevantKnowledge"=C:\program files\relevantknowledge\rlvknlg.exe -boot []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-11-14 43616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\Temp\NavBrowser.exe"="C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-06-29 19:53:43 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Malwarebytes
2009-06-29 19:53:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-29 19:53:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-29 16:54:00 ----D---- C:\Program Files\trend micro
2009-06-29 16:53:59 ----D---- C:\rsit
2009-06-29 10:06:37 ----HD---- C:\$AVG8.VAULT$
2009-06-29 09:48:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-06-23 20:23:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-23 20:23:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-19 20:05:04 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Yahoo!
2009-06-19 20:05:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-06-13 18:37:03 ----D---- C:\Program Files\directx
2009-06-13 18:33:51 ----D---- C:\Program Files\Fourmis
2009-06-13 18:33:46 ----A---- C:\WINDOWS\IsUn040c.exe
2009-06-11 09:34:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 09:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 09:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 09:30:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 09:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-08 22:57:23 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\WinRAR
2009-06-08 22:27:36 ----D---- C:\WINDOWS\ERUNT
2009-06-05 15:34:33 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\KC Softwares
2009-06-05 08:20:26 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt

======List of files/folders modified in the last 1 months======

2009-06-29 23:12:33 ----D---- C:\WINDOWS\Prefetch
2009-06-29 21:46:30 ----D---- C:\WINDOWS\Temp
2009-06-29 21:44:51 ----D---- C:\Program Files\Symantec AntiVirus
2009-06-29 21:42:31 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 21:42:31 ----D---- C:\WINDOWS\system32
2009-06-29 21:41:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-29 21:33:22 ----RD---- C:\Program Files
2009-06-29 14:12:44 ----SD---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Microsoft
2009-06-29 12:51:35 ----D---- C:\WINDOWS
2009-06-29 09:48:11 ----SHD---- C:\WINDOWS\Installer
2009-06-29 09:48:11 ----D---- C:\Config.Msi
2009-06-29 09:48:09 ----D---- C:\WINDOWS\WinSxS
2009-06-29 09:48:09 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-06-22 11:33:58 ----D---- C:\Documents and Settings
2009-06-19 20:12:49 ----D---- C:\WINDOWS\Debug
2009-06-19 20:12:48 ----D---- C:\WINDOWS\Minidump
2009-06-11 09:42:54 ----HD---- C:\WINDOWS\inf
2009-06-11 09:42:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-11 09:34:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-11 09:34:22 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-05 08:34:42 ----D---- C:\Program Files\Alice
2009-06-04 22:03:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-31 10:39:58 ----D---- C:\Documents and Settings\laurent.LIMBACH-27E0A50\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090624.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090624.003\navex15.sys []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 catchme;catchme; \??\C:\DOCUME~1\LAUREN~1.LIM\LOCALS~1\Temp\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-14 31840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-14 1835104]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-08 2528960]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-14 119904]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------

Kevin05


Je suis désolée mais après avoir ouvert le site mentionné en début de ta procédure http://www.cijoint.fr/cjlink.php?file=cj200906/cijb43nwt3.tx­t ", j'ai trois choses en gras :

Téléchargement du fichier cj200906/cijb43nwt3.txt
Cliquez droit sur le lien ci-contre pour enregistrer le fichier : lologuitare.txt
Le lien à transmettre est http://www.cijoint.fr/cjlink.php?file=cj200906/cijb43nwt3.txt

Comme je ne sais pas pourquoi je fais cela, je ne sais pas laquelles choisir

Peux-tu m'aider SVP

Voici les trois rapports

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\WINDOWS\IsUn040c.exe moved successfully.
File/Folder c:\program files\relevantknowledge\rlvknlg.exe not found.
========== SERVICES/DRIVERS ==========

Service\Driver catchme deleted successfully.
========== REGISTRY ==========
\\"Adobe Reader Speed Launcher"|C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] /E :invalid edit format. No such root key.
\\"RelevantKnowledge"|C:\program files\relevantknowledge\rlvknlg.exe -boot []-" /E :invalid edit format. No such root key.

OTM by OldTimer - Version 3.0.0.2 log created on 06302009_133513



-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : laurent ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 10.1.5.5000 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:0 Go)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 30/06/2009|13:45 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.google.fr/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.trooner.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 30/06/2009|13:47 - Option : [1]

-----------\\ Fin du rapport a 13:47:26,68


.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:51:34, 30/06/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: LIMBACH-27E0A50 | Utilisateur actuel: laurent
.
Administrateur: Administrateur
Administrateur: annie
Administrateur: corentin
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: laurent
Administrateur: mégane
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RelevantKnowledge
.
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\RelevantKnowledge\About RelevantKnowledge.lnk
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\RelevantKnowledge\Support.lnk
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\RelevantKnowledge\Uninstall Instructions.lnk
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\RelevantKnowledge
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\db
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\eoStats
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo\eoStats\eoStats.txt
C:\DOCUME~1\LAUREN~1.LIM\APPLIC~1\EoRezo
C:\Documents and Settings\corentin\Application Data\Eorezo\cmhost.cyp
C:\Documents and Settings\corentin\Application Data\Eorezo\ConfMedia.cyp
C:\Documents and Settings\corentin\Application Data\Eorezo\db
C:\Documents and Settings\corentin\Application Data\Eorezo\eoDesktop
C:\Documents and Settings\corentin\Application Data\Eorezo\host.cyp
C:\Documents and Settings\corentin\Application Data\Eorezo\user.cyp
C:\Documents and Settings\corentin\Application Data\Eorezo\db\cat.cyp
C:\Documents and Settings\corentin\Application Data\Eorezo\eoDesktop\config.xml
C:\Documents and Settings\corentin\Application Data\Eorezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\corentin\Application Data\Eorezo\eoDesktop\userConfig.xml
C:\Documents and Settings\corentin\Application Data\Eorezo
C:\Documents and Settings\corentin\Application Data\ItsLabel\ItsTV
C:\Documents and Settings\corentin\Application Data\ItsLabel\ItsTV\itsTV.xml
C:\Documents and Settings\corentin\Application Data\ItsLabel
C:\WINDOWS\Prefetch\RLVKNLG.EXE-2A0A2C3D.pf

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 6.0.2900.5512 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
4743 Octet(s) - C:\Ad-Report-CLEAN.log
.
59 Fichier(s) - C:\DOCUME~1\LAUREN~1.LIM\LOCALS~1\Temp
275 Fichier(s) - C:\WINDOWS\Temp
.
17 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
23 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 14:13:54 | 30/06/2009
.
============== E.O.F ==============
.

Voici le dernier rapport

========== FILES ==========
File/Folder - C:\Program Files\peer2Peer-FR2 not found.

OTM by OldTimer - Version 3.0.0.2 log created on 06302009_192129

Helllo,

depuis hier plus de problème de virus qui ressortent.

Je vais suivre ta dernière procédure et m'organiser pour prendre plus de précaution selon tes conseils.

Merci encore pour ton aide

ciao

[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\TB.txt: trouvé !
C:\_OTM: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\SDFIX: trouvé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\OTM.exe: supprimé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\Ad-remover.lnk: supprimé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\ToolBarSD.exe: supprimé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\Rsit.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\_OTM: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Bureau\SDFIX: supprimé !
C:\Documents and Settings\laurent.LIMBACH-27E0A50\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !



Je suis coincée dans la procédure que tu m'as donné : je ne sais pas où vérifier si j'ai java stp et lorsque je clique sur rechercher lors de la mis à jour via jucheck rien ne se passe

D'une part, tu m'as demandé de vérifier ma console java, je ne sais pas où je peux trouver si j'ai java ou pas, j'ai cherché via les programmes d'installation/desinstallation je ne l'ai pas trouvé mais faut-il que je chercher ailleurs ce programme ?
Du coup, j'ai essayé de d'utiliser javara mais lorsque je clique sur rechercher rien ne se passe.

D'après le lien que tu m'as transmis je n'ai pas sun jre

dois-je l'installer à partir du dernier lien que tu m'as communiquer ?

Salut,

j'ai fini toute ta procédure, j'ai installé java sun, j'ai gardé mon antivirus, ajouter zone alarm, spyware, mis à jour adobe reader et j'ai gardé malwarebyte's
dois-je garder ccleaner, tools cleaner, atf cleaner, javara ?

Merci par avance de ta réponse

J'ai symantec

Par contre depuis que j'ai installé zone alarm, je rame. C'est normal ????