Probème trojan

voici le rapportSearch Navipromo version 3.6.7 commencé le 29/10/2008 à 15:13:39,39

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "gregory"

Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\gregory\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\gregory\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\gregory\menud+~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\gregory\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

lewftcorki.dat trouvé !

* Dans "C:\Documents and Settings\gregory\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 29/10/2008 à 15:17:30,89 ***

voici le rapport Search Navipromo version 3.6.7 commencé le 29/10/2008 à 15:38:45,82

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "gregory"

Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\gregory\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\gregory\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\gregory\menud+~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\gregory\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

lewftcorki.dat trouvé !

* Dans "C:\Documents and Settings\gregory\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 29/10/2008 à 15:41:24,89 ***

voila je suis de retour ,voici les deux rapports.j ai toujours des problèmes UC (epm-dm.exe)qui tourne à 80% et internet qui m affiche (le programe ne répond pas)ou encore mes documents au format pdf qui ne s'ouvrent pas .merci d'avance .Clean Navipromo version 3.6.7 commencé le 29/10/2008 à 17:57:58,56

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "gregory"

Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\gregory\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\gregory\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\gregory\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\gregory\menud+~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\gregory\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\gregory\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 29/10/2008 à 18:06:36,57 ***

e progamme ne répond pas ) ou encore des fichiers pdf qui ne s'ouvrent pas .merciLogfile of HijackThis v1.99.1
Scan saved at 18:16:24, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\gregory\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P36 "EPSON Stylus DX4800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX4800"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS4\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

voila j ai effectuer dans l'ordre les opérations demandés ,voici les deux rapports .Merci de votre aide.ComboFix 08-10-29.07 - gregory 2008-10-29 19:44:57.1 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.227 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\gregory\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\gregory\Application Data\inst.exe
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-29 19:30 . 2008-10-29 19:30 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-29 15:11 . 2008-10-29 15:11 <REP> d-------- C:\Program Files\Navilog1
2008-10-28 11:42 . 2008-10-28 11:42 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-10-27 17:53 . 2008-10-27 17:53 <REP> d-------- C:\Documents and Settings\gregory\Application Data\InstallShield
2008-10-27 17:39 . 2008-10-27 17:39 <REP> d-------- C:\Program Files\a-squared Free
2008-10-27 13:23 . 2008-10-27 13:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-10-27 11:26 . 2008-10-27 11:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-10-25 14:48 . 2008-10-25 14:48 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-24 12:53 . 2008-10-24 12:53 <REP> d-------- C:\Program Files\Windows Sidebar
2008-10-24 12:53 . 2008-10-28 17:44 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-24 12:53 . 2008-10-28 17:44 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-24 12:45 . 2008-10-24 12:45 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-24 11:13 . 2008-10-24 11:13 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-23 23:05 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 14:25 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-10-20 17:22 . 2008-10-20 17:22 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Malwarebytes
2008-10-20 17:20 . 2008-10-20 17:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-20 01:47 . 2008-10-20 01:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-10-17 13:51 . 2008-10-17 13:51 <REP> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
2008-10-16 12:07 . 2006-05-17 23:41 219,648 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-10-16 10:48 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 10:46 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 10:46 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 10:46 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 20:46 . 2008-10-14 20:46 <REP> d-------- C:\Program Files\Fighters
2008-10-14 20:46 . 2008-10-14 20:46 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fighters
2008-10-11 11:54 . 2008-10-11 11:54 <REP> d-------- C:\Program Files\Uniblue
2008-10-09 15:14 . 2008-10-09 15:14 <REP> d-------- C:\Documents and Settings\gregory\Application Data\vlc
2008-10-08 21:55 . 2008-10-08 21:55 <REP> d-------- C:\Program Files\WeFi
2008-10-08 21:54 . 2008-10-08 21:54 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Camfrog
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Program Files\Camfrog
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Program Files\alot
2008-10-08 21:53 . 2008-10-08 21:53 <REP> d-------- C:\Documents and Settings\gregory\Application Data\alot
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-08 00:26 . 2008-10-08 00:26 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-08 00:22 . 2008-10-08 00:22 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-08 00:13 . 2008-10-08 00:13 <REP> d-------- C:\WINDOWS\EHome
2008-10-07 22:04 . 2008-10-07 22:04 <REP> d-------- C:\Documents and Settings\gregory\Application Data\Uniblue
2008-10-05 20:26 . 2008-10-05 20:26 <REP> d-------- C:\Program Files\CCleaner
2008-10-01 17:02 . 2008-10-20 20:15 3,532 --a------ C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 14:05 47,360 ----a-w C:\Documents and Settings\gregory\Application Data\pcouffin.sys
2008-10-26 13:43 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-10-20 22:05 2,690 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-08 19:27 1,660 ----a-w C:\Documents and Settings\gregory\Application Data\wklnhst.dat
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-23 13:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-23 13:21 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-09-23 11:25 --------- d-----w C:\Program Files\Inventel
2008-09-19 10:48 --------- d-----w C:\Program Files\Wireless LAN Utility
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-05-22 14:03 114,920 ----a-w C:\Documents and Settings\gregory\pays.zip
2008-03-02 18:28 32 ----a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
2007-05-31 15:39 1,388 ----a-w C:\Documents and Settings\gregory\Application Data\ViewerApp.dat
2007-04-10 18:30 87,608 ----a-w C:\Documents and Settings\gregory\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4800 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-29 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 707376]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-10-19 2782352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\gregory\Menu D‚marrer\Programmes\D‚marrage\
WKCALREM.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceCheck"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=C:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^gregory^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\gregory\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
--a------ 2005-01-05 15:45 1015808 C:\Program Files\ATnotes\ATnotes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:34 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
--a------ 2003-09-16 14:28 20480 C:\Program Files\Launch Manager\CtrlVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
--a------ 2005-06-01 14:17 192512 c:\Acer\ePM\epm-dm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
--a------ 2005-03-15 10:03 2893824 C:\Acer\ePM\ePM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-06-29 17:26 352256 C:\Program Files\acer\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-27 21:36 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-23 10:31 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-01-23 10:36 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2005-07-25 13:36 32768 C:\Program Files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-06-30 00:54 269104 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2005-06-06 11:52 69632 C:\Program Files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2005-07-25 10:45 241664 C:\Program Files\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-03-09 18:59 49152 C:\Program Files\Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
--a------ 2002-08-30 15:02 94208 C:\Program Files\Launch Manager\Powerkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
--a------ 2005-05-19 17:09 32768 C:\WINDOWS\RUNXMLPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-29 20:28 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-03-30 01:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-04 11:11 708698 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-04 11:12 102490 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
-ra------ 2006-06-30 00:43 707376 C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2005-07-25 13:34 81920 C:\Program Files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 78208]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 187184]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 8704]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 1965872]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [ ]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-27 29744]
S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [ ]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dfe77ec-030f-11dc-9c89-0014a4481921}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4869ed2-baa2-11db-9c6d-0060b3f2b750}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-29 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-Nero PhotoShow Media Manager - C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
MSConfigStartUp-Orange Link - C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe
MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-TomTomHOME - C:\Program Files\TomTom HOME\TomTomHOME.exe
MSConfigStartUp-UberIcon - C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
MSConfigStartUp-WOOKIT - C:\PROGRA~1\WANADOO\Shell.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\gregory\Application Data\Mozilla\Firefox\Profiles\qul8mf8q.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:51:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\A2SERVICE.EXE
C:\PROGRAM FILES\A-SQUARED FREE\A2SERVICE.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 19:54:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 18:54:36

Avant-CF: 5 030 805 504 octets libres
Après-CF: 5,419,761,664 octets libres

287 --- E O F --- 2008-10-24 01:00:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:39, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\gregory\Local Settings\Temporary Internet Files\Content.IE5\LKFUG9TX\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P36 "EPSON Stylus DX4800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX4800"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WKCALREM.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS4\Services\Tcpip\..\{277C5FBC-38A6-461F-8ACC-1DEC9637754A}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

actuellement j ai norton antivirus et j'utilise spybot ,j ai impression que mon pc tourne mieux ,mais j ai toujours UC à 100% . et que veux tu dire par fixe cette ligne ?

bonjours,j ai désinstalé norton ,lors de sa désinstalation il m'indiquait qu'il y avait eu une erreur lors de l'intalation ,je viens de le réinstaler.j ai toujours l UC à 100% et plusieurs erreurs, windows media player,windows messenger me demande un débogage ?

si je desactive norton j ai les memes problèmes .j ai essayer d'effacer le progame windows media player mais impossible,il me dit :impossible de supprimer wmpband.dll:accès refusé.

j ai scaner spybot Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier SpybotSD.exe reçu le 2008.10.24 14:38:02 (CET)
Situation actuelle: terminé

Résultat: 1/36 (2.78%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.24.3 2008.10.24 -
AntiVir 7.9.0.7 2008.10.24 -
Authentium 5.1.0.4 2008.10.24 -
Avast 4.8.1248.0 2008.10.24 -
AVG 8.0.0.161 2008.10.24 -
BitDefender 7.2 2008.10.24 -
CAT-QuickHeal 9.50 2008.10.24 -
ClamAV 0.93.1 2008.10.24 -
DrWeb 4.44.0.09170 2008.10.24 -
eSafe 7.0.17.0 2008.10.23 -
eTrust-Vet 31.6.6164 2008.10.22 -
Ewido 4.0 2008.10.24 -
F-Prot 4.4.4.56 2008.10.24 -
F-Secure 8.0.14332.0 2008.10.24 Suspicious:W32/QDown.v!Gemini
Fortinet 3.113.0.0 2008.10.24 -
GData 19 2008.10.24 -
Ikarus T3.1.1.44.0 2008.10.24 -
K7AntiVirus 7.10.505 2008.10.23 -
Kaspersky 7.0.0.125 2008.10.24 -
McAfee 5414 2008.10.24 -
Microsoft 1.4005 2008.10.24 -
NOD32 3551 2008.10.24 -
Norman 5.80.02 2008.10.23 -
Panda 9.0.0.4 2008.10.24 -
PCTools 4.4.2.0 2008.10.24 -
Prevx1 V2 2008.10.24 -
Rising 21.00.42.00 2008.10.24 -
SecureWeb-Gateway 6.7.6 2008.10.24 -
Sophos 4.34.0 2008.10.24 -
Sunbelt 3.1.1749.1 2008.10.23 -
Symantec 10 2008.10.24 -
TheHacker 6.3.1.0.126 2008.10.23 -
TrendMicro 8.700.0.1004 2008.10.24 -
VBA32 3.12.8.8 2008.10.22 -
ViRobot 2008.10.24.1436 2008.10.24 -
VirusBuster 4.5.11.0 2008.10.23 -
Information additionnelle
File size: 4891472 bytes
MD5...: 3b1b5d09d3c9c4cd39d4db06ed7a0855
SHA1..: 5d1d23e68c8e4b9aff8d26b51de8d211a1749776
SHA256: c83b1cc03edfbf0bccd5774dc52ff63c6010d59efb65e8db844c5b3bad7bf643
SHA512: de83c7b203d7413ae9ba656e5779d9336565a947aa98d10ad538cac351caa4fb
5824f6eac90cbd71a351196e876a3e76f2e7b9d6ef207b9cd2a7627804aa1b2e
PEiD..: -
TrID..: File type identification
InstallShield setup (43.3%)
Win32 EXE PECompact compressed (generic) (41.8%)
Win32 Executable Generic (8.5%)
Win16/32 Executable Delphi generic (2.0%)
Generic Win/DOS Executable (2.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7af3b8
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2a8684 0x2a8800 6.60 6d78f10b64d8cbdd23841638670d2300
.itext 0x2aa000 0x5560 0x5600 6.46 d95f5504a9ef595dbc0aabef00b396d8
.data 0x2b0000 0x2cb38 0x2cc00 7.35 68cba8d672c86cc12c88644326d2cc1c
.bss 0x2dd000 0x7fd8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x2e5000 0x4e9e 0x5000 5.13 375672047935640741dccedaad1a095d
.tls 0x2ea000 0x54 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x2eb000 0x18 0x200 0.21 1e4e7cc2f15b54a2d16519ce7470f844
.reloc 0x2ec000 0x273f8 0x27400 6.69 925edbf16875940be999124da7260ba4
.rsrc 0x314000 0x1a1828 0x1a1a00 6.18 823b996fd90a973986fcbe94464ca293

( 34 imports )
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, RemoveDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, CreateDirectoryA, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> user32.dll: CreateWindowExW, CreateWindowExA, WindowFromPoint, WaitMessage, VkKeyScanW, ValidateRect, UpdateWindow, UnregisterClassW, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAscii, SystemParametersInfoA, SubtractRect, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowRgn, SetWindowsHookExW, SetWindowsHookExA, SetWindowTextW, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetParent, SetMenuItemInfoW, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScrollDC, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassW, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyW, MapVirtualKeyA, LockWindowUpdate, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsClipboardFormatAvailable, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageA, GetMenuStringW, GetMenuStringA, GetMenuState, GetMenuItemInfoW, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardFormatNameA, GetClipboardData, GetClientRect, GetClassNameW, GetClassNameA, GetClassLongA, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumDisplaySettingsA, EnumClipboardFormats, EnumChildWindows, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcW, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIconIndirect, CreateIcon, CopyImage, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CharNextW, CallWindowProcW, CallWindowProcA, CallNextHookEx, BeginPaint, BeginDeferWindowPos, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharUpperA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> gdi32.dll: UnrealizeObject, TranslateCharsetInfo, TextOutA, StretchDIBits, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixelV, SetPixel, SetPaletteEntries, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, OffsetRgn, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32W, GetTextExtentPoint32A, GetTextColor, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetNearestPaletteIndex, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBkColor, GetBitmapBits, GdiFlush, ExtTextOutW, ExtTextOutA, ExtSelectClipRgn, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePenIndirect, CreatePen, CreatePatternBrush, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, CloseEnhMetaFile, BitBlt
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum
> kernel32.dll: lstrlenW, lstrcpynW, lstrcpyA, lstrcmpA, WritePrivateProfileStringA, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, UnmapViewOfFile, TerminateThread, TerminateProcess, SuspendThread, Sleep, SizeofResource, SetVolumeLabelA, SetThreadPriority, SetThreadLocale, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, SearchPathA, ResumeThread, ResetEvent, RemoveDirectoryA, ReleaseSemaphore, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, QueryDosDeviceA, OutputDebugStringA, OpenProcess, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LocalAlloc, LoadResource, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, IsBadWritePtr, IsBadReadPtr, InitializeCriticalSection, HeapFree, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVolumeInformationA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemTime, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetShortPathNameA, GetProfileStringA, GetProfileIntA, GetProcessHeap, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameW, GetFullPathNameA, GetFileTime, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageW, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, ExitThread, EnumResourceNamesA, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DosDateTimeToFileTime, DeleteFileA, DeleteCriticalSection, CreateThread, CreateSemaphoreA, CreateProcessA, CreateFileMappingW, CreateFileMappingA, CreateFileW, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringW, CompareStringA, CloseHandle, BackupRead
> advapi32.dll: SetFileSecurityA, ReportEventA, RegisterEventSourceA, RegUnLoadKeyA, RegSetValueExA, RegSetKeySecurity, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegOpenKeyA, RegLoadKeyA, RegGetKeySecurity, RegFlushKey, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, LookupAccountSidA, LookupAccountNameA, GetUserNameA, GetLengthSid, GetFileSecurityA, DeregisterEventSource, AdjustTokenPrivileges
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> oleaut32.dll: GetErrorInfo, SysFreeString
> ole32.dll: CreateStreamOnHGlobal, IsAccelerator, ReleaseStgMedium, OleDraw, OleSetMenuDescriptor, OleGetClipboard, OleSetClipboard, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CreateDataAdviseHolder, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
> comctl32.dll: _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_LoadImageA, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
> shell32.dll: ShellExecuteA, SHGetFileInfoA, SHFileOperationA, ExtractIconA, ExtractAssociatedIconA, DragQueryFileA, DragFinish, DragAcceptFiles
> wininet.dll: UnlockUrlCacheEntryFile, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, FindCloseUrlCache, DeleteUrlCacheEntry
> shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA
> comdlg32.dll: PrintDlgA, GetSaveFileNameA, GetOpenFileNameA
> winmm.dll: timeGetTime, timeEndPeriod, timeBeginPeriod, sndPlaySoundA, mciSendCommandA, mciGetErrorStringA
> GDI32.DLL: GetRandomRgn
> kernel32.dll: GetProcAddress, LoadLibraryA, GetModuleHandleA
> wsock32.dll: WSACleanup, WSAStartup, gethostbyname, gethostbyaddr, inet_ntoa, inet_addr
> netapi32.dll: Netbios
> sqlite3.dll: sqlite3_finalize, sqlite3_column_int64, sqlite3_column_type, sqlite3_column_text, sqlite3_column_double, sqlite3_column_bytes, sqlite3_column_blob, sqlite3_step, sqlite3_column_decltype, sqlite3_column_name, sqlite3_column_count, sqlite3_prepare, sqlite3_free, sqlite3_errcode, sqlite3_errmsg, sqlite3_close, sqlite3_open
> advapi32.dll: GetKernelObjectSecurity
> kernel32.dll: GetVersionExA
> ole32.dll: CoCreateGuid
> advapi32.dll: CryptGetProvParam, CryptImportKey, CryptExportKey, CryptReleaseContext, CryptDestroyKey, CryptGetUserKey, CryptAcquireContextA
> crypt32.dll: CertSetCertificateContextProperty, CertGetCertificateContextProperty, CertOpenStore, CertDuplicateCertificateContext, CertEnumCertificatesInStore, CertDeleteCertificateFromStore, CertFreeCertificateContext, CertAddEncodedCertificateToStore, CertCloseStore, CertFindCertificateInStore, CertOpenSystemStoreA
> advapi32.dll: StartServiceA, StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, QueryServiceConfigA, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle, ChangeServiceConfigA
> user32.dll: SwitchToThisWindow

( 0 exports )

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=3b1b5d09d3c9c4cd39d4db06ed7a0855


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

voila c est fait ,ca fonctionne mieux .Dans le gestionnaire des taches,il y à :processus inactif 90 en processeur ,util memoire 16 ko .L'application epm-dm.exe est donc bloquer des le démarrage .

merci,mon pc tourne mieux et chauffe moins .cordialement .MG