Virus myspacy sur msn
Résolu
mymy14
Messages postés
50
Statut
Membre
-
mymy14 Messages postés 50 Statut Membre -
mymy14 Messages postés 50 Statut Membre -
Bonjour,
je suis infecté par le virus myspacy de msn. Je n arrive pas a m en débarasser pourriez vous m aider svp.
Merci d avance
je suis infecté par le virus myspacy de msn. Je n arrive pas a m en débarasser pourriez vous m aider svp.
Merci d avance
Configuration: Windows XP Internet Explorer 7.0
A voir également:
- Virus myspacy sur msn
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn 2009 - Télécharger - Messagerie
- Consulter mail msn - Guide
- Msn plus - Télécharger - Messagerie
74 réponses
- 1
- 2
- 3
- 4
Suivant
Résumé de la discussion
Une infection malware sur Windows XP/Internet Explorer 7 suscite plusieurs procédures de suppression et nettoyage, notamment via des outils comme UsbFix, ad-remover et Combofix pour éliminer les traces d'autorun et les composants malveillants. Plusieurs mesures sont proposées dans les échanges, notamment désinstaller certains outils potentiellement indésirables, lancer UsbFix pour nettoyer les clés USB et autorun.inf, puis utiliser RSIT et HijackThis pour générer des rapports. Une clarification utile: les outils comme Combofix et RSIT nécessitent des précautions et ne doivent être lancés que lorsque les conditions et avertissements sont bien compris afin d’éviter des perturbations système.
Salut,
- Télécharge MSNFix.zip (de !aur3n7) sur ton Bureau:
http://sosvirus.changelog.fr/MSNFix.zip
- Décompresse-le (Clic droit >> Extraire ici).
- Double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur.
- Le rapport sera enregistré dans C:\Windows\ sous le nom de MSNFix, poste-le.
- Télécharge MSNFix.zip (de !aur3n7) sur ton Bureau:
http://sosvirus.changelog.fr/MSNFix.zip
- Décompresse-le (Clic droit >> Extraire ici).
- Double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur.
- Le rapport sera enregistré dans C:\Windows\ sous le nom de MSNFix, poste-le.
Salut destrio5
malheureusement j ai déja essayer avec msn fix mais lorsqu je lance la recherche le message check service aparait et il ne se passe rien.
malheureusement j ai déja essayer avec msn fix mais lorsqu je lance la recherche le message check service aparait et il ne se passe rien.
- Télécharge HijackThis v2.0.2 sur ton Bureau.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voila j ai réussi a avoir le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:28, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: zqbjvs.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:28, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: zqbjvs.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
En attendant que je revienne d'ici une demi-heure.
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
je te remercie de ton aide. J ai suivi tes indications. Je t envoie le rapport. sinon mon antivirus (avast) s est manifesté a plusieurs reprises pour me dire que mon pc était infecté j ai fait supprimer au fur et a mesure (j espère avoir bien fait).
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1565
Windows 5.1.2600 Service Pack 3
29/12/2008 23:40:09
mbam-log-2008-12-29 (23-40-09).txt
Type de recherche: Examen rapide
Eléments examinés: 52976
Temps écoulé: 8 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlcvmf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.2 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\XHikmUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XHikmUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\alajoqrv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQgeff.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccddaXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEXQhE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUomlKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMggdDV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifgFXQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCRlmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPfGax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEWQhf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUommKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnliJAT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXQiJde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPJayw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRIxvVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1565
Windows 5.1.2600 Service Pack 3
29/12/2008 23:40:09
mbam-log-2008-12-29 (23-40-09).txt
Type de recherche: Examen rapide
Eléments examinés: 52976
Temps écoulé: 8 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlcvmf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.2 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\XHikmUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XHikmUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\alajoqrv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQgeff.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccddaXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEXQhE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUomlKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMggdDV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifgFXQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCRlmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPfGax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEWQhf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUommKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnliJAT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXQiJde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPJayw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRIxvVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
Je viens de me rendre compte qu un autre message est apparu après que je t envoie le rapport.
Impossible de supprimer certains élément tous les éléments qui n ont pas pu etre supprimés ont été ajoutés à la liste des suppressions au redémarrage.
Impossible de supprimer certains élément tous les éléments qui n ont pas pu etre supprimés ont été ajoutés à la liste des suppressions au redémarrage.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\Combofix.txt
Tutoriel officiel :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\Combofix.txt
Tutoriel officiel :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
je n arrive pas a telecharger combofix, un message s affiche me demandant si je suis certain de vouloir fermer VisageON. PS j ai désinstallé le logiciel trojan remover pensant que le problème venait de la mais je n arrive tjrs pas a telecharger combofix
finallement je pense avoir réussi. Voici le rapport. Merci d'avance de l'attention que tu continuera à donner à mon problème.
ComboFix 08-12-28.04 - user 2008-12-30 0:24:59.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eyqwocos.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zqbjvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13102:TCP"= 13102:TCP:NortonAV
"18253:TCP"= 18253:TCP:NortonAV
"17822:TCP"= 17822:TCP:NortonAV
"14827:TCP"= 14827:TCP:NortonAV
"17423:TCP"= 17423:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"12900:TCP"= 12900:TCP:NortonAV
"18949:TCP"= 18949:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"12167:TCP"= 12167:TCP:NortonAV
"18052:TCP"= 18052:TCP:NortonAV
"18011:TCP"= 18011:TCP:NortonAV
"17873:TCP"= 17873:TCP:NortonAV
"14381:TCP"= 14381:TCP:NortonAV
"16085:TCP"= 16085:TCP:NortonAV
"17493:TCP"= 17493:TCP:NortonAV
"16229:TCP"= 16229:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"12419:TCP"= 12419:TCP:NortonAV
"16679:TCP"= 16679:TCP:NortonAV
"15948:TCP"= 15948:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"17805:TCP"= 17805:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"13975:TCP"= 13975:TCP:NortonAV
"14303:TCP"= 14303:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"15727:TCP"= 15727:TCP:NortonAV
"12931:TCP"= 12931:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"16992:TCP"= 16992:TCP:NortonAV
"15569:TCP"= 15569:TCP:NortonAV
"16191:TCP"= 16191:TCP:NortonAV
"15534:TCP"= 15534:TCP:NortonAV
"15107:TCP"= 15107:TCP:NortonAV
"13061:TCP"= 13061:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"16061:TCP"= 16061:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13067:TCP"= 13067:TCP:NortonAV
"12354:TCP"= 12354:TCP:NortonAV
"15991:TCP"= 15991:TCP:NortonAV
"13051:TCP"= 13051:TCP:NortonAV
"14091:TCP"= 14091:TCP:NortonAV
"17027:TCP"= 17027:TCP:NortonAV
"14652:TCP"= 14652:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"18426:TCP"= 18426:TCP:NortonAV
"18414:TCP"= 18414:TCP:NortonAV
"13104:TCP"= 13104:TCP:NortonAV
"12643:TCP"= 12643:TCP:NortonAV
"18711:TCP"= 18711:TCP:NortonAV
"17621:TCP"= 17621:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"13823:TCP"= 13823:TCP:NortonAV
"12305:TCP"= 12305:TCP:NortonAV
"12350:TCP"= 12350:TCP:NortonAV
"18390:TCP"= 18390:TCP:NortonAV
"14330:TCP"= 14330:TCP:NortonAV
"13741:TCP"= 13741:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"13724:TCP"= 13724:TCP:NortonAV
"12358:TCP"= 12358:TCP:NortonAV
"13923:TCP"= 13923:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"16975:TCP"= 16975:TCP:NortonAV
"14012:TCP"= 14012:TCP:NortonAV
"17815:TCP"= 17815:TCP:NortonAV
"16859:TCP"= 16859:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"17446:TCP"= 17446:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14383:TCP"= 14383:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18831:TCP"= 18831:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"17002:TCP"= 17002:TCP:NortonAV
"17131:TCP"= 17131:TCP:NortonAV
"13643:TCP"= 13643:TCP:NortonAV
"14421:TCP"= 14421:TCP:NortonAV
"12605:TCP"= 12605:TCP:NortonAV
"15729:TCP"= 15729:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"14823:TCP"= 14823:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"17881:TCP"= 17881:TCP:NortonAV
"14736:TCP"= 14736:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"12769:TCP"= 12769:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"15409:TCP"= 15409:TCP:NortonAV
"17525:TCP"= 17525:TCP:NortonAV
"15112:TCP"= 15112:TCP:NortonAV
"14232:TCP"= 14232:TCP:NortonAV
"17511:TCP"= 17511:TCP:NortonAV
"14401:TCP"= 14401:TCP:NortonAV
"18019:TCP"= 18019:TCP:NortonAV
"16546:TCP"= 16546:TCP:NortonAV
"13648:TCP"= 13648:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"18078:TCP"= 18078:TCP:NortonAV
"13915:TCP"= 13915:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"15547:TCP"= 15547:TCP:NortonAV
"15331:TCP"= 15331:TCP:NortonAV
"13939:TCP"= 13939:TCP:NortonAV
"15236:TCP"= 15236:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"18937:TCP"= 18937:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13444:TCP"= 13444:TCP:NortonAV
"18547:TCP"= 18547:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"17462:TCP"= 17462:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"13884:TCP"= 13884:TCP:NortonAV
"16021:TCP"= 16021:TCP:NortonAV
"17713:TCP"= 17713:TCP:NortonAV
"16544:TCP"= 16544:TCP:NortonAV
"18654:TCP"= 18654:TCP:NortonAV
"14495:TCP"= 14495:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"13147:TCP"= 13147:TCP:NortonAV
"18341:TCP"= 18341:TCP:NortonAV
"13756:TCP"= 13756:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"12172:TCP"= 12172:TCP:NortonAV
"16008:TCP"= 16008:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"13457:TCP"= 13457:TCP:NortonAV
"14327:TCP"= 14327:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16518:TCP"= 16518:TCP:NortonAV
"17677:TCP"= 17677:TCP:NortonAV
"14105:TCP"= 14105:TCP:NortonAV
"14032:TCP"= 14032:TCP:NortonAV
"12249:TCP"= 12249:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"16168:TCP"= 16168:TCP:NortonAV
"17917:TCP"= 17917:TCP:NortonAV
"17162:TCP"= 17162:TCP:NortonAV
"12437:TCP"= 12437:TCP:NortonAV
"13161:TCP"= 13161:TCP:NortonAV
"13727:TCP"= 13727:TCP:NortonAV
"13880:TCP"= 13880:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"12707:TCP"= 12707:TCP:NortonAV
"13760:TCP"= 13760:TCP:NortonAV
"16926:TCP"= 16926:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"12884:TCP"= 12884:TCP:NortonAV
"14474:TCP"= 14474:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"13141:TCP"= 13141:TCP:NortonAV
"12959:TCP"= 12959:TCP:NortonAV
"13121:TCP"= 13121:TCP:NortonAV
"14558:TCP"= 14558:TCP:NortonAV
"15116:TCP"= 15116:TCP:NortonAV
"14684:TCP"= 14684:TCP:NortonAV
"13345:TCP"= 13345:TCP:NortonAV
"12294:TCP"= 12294:TCP:NortonAV
"12405:TCP"= 12405:TCP:NortonAV
"14378:TCP"= 14378:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"12282:TCP"= 12282:TCP:NortonAV
"13495:TCP"= 13495:TCP:NortonAV
"16928:TCP"= 16928:TCP:NortonAV
"15959:TCP"= 15959:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"17820:TCP"= 17820:TCP:NortonAV
"12568:TCP"= 12568:TCP:NortonAV
"17355:TCP"= 17355:TCP:NortonAV
"17720:TCP"= 17720:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"16630:TCP"= 16630:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"14074:TCP"= 14074:TCP:NortonAV
"14683:TCP"= 14683:TCP:NortonAV
"17857:TCP"= 17857:TCP:NortonAV
"16635:TCP"= 16635:TCP:NortonAV
"12652:TCP"= 12652:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"12939:TCP"= 12939:TCP:NortonAV
"15649:TCP"= 15649:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"13160:TCP"= 13160:TCP:NortonAV
"14862:TCP"= 14862:TCP:NortonAV
"12463:TCP"= 12463:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"15000:TCP"= 15000:TCP:NortonAV
"18750:TCP"= 18750:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"16392:TCP"= 16392:TCP:NortonAV
"12257:TCP"= 12257:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"17430:TCP"= 17430:TCP:NortonAV
"17008:TCP"= 17008:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"16763:TCP"= 16763:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"13144:TCP"= 13144:TCP:NortonAV
"18542:TCP"= 18542:TCP:NortonAV
"14927:TCP"= 14927:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - G:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
HKCU-Run-MsServer - msfun80.exe
HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:29:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
C:\WINDOWS\system32\Ati2evxx.dll
.
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eyqwocos.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zqbjvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13102:TCP"= 13102:TCP:NortonAV
"18253:TCP"= 18253:TCP:NortonAV
"17822:TCP"= 17822:TCP:NortonAV
"14827:TCP"= 14827:TCP:NortonAV
"17423:TCP"= 17423:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"12900:TCP"= 12900:TCP:NortonAV
"18949:TCP"= 18949:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"12167:TCP"= 12167:TCP:NortonAV
"18052:TCP"= 18052:TCP:NortonAV
"18011:TCP"= 18011:TCP:NortonAV
"17873:TCP"= 17873:TCP:NortonAV
"14381:TCP"= 14381:TCP:NortonAV
"16085:TCP"= 16085:TCP:NortonAV
"17493:TCP"= 17493:TCP:NortonAV
"16229:TCP"= 16229:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"12419:TCP"= 12419:TCP:NortonAV
"16679:TCP"= 16679:TCP:NortonAV
"15948:TCP"= 15948:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"17805:TCP"= 17805:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"13975:TCP"= 13975:TCP:NortonAV
"14303:TCP"= 14303:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"15727:TCP"= 15727:TCP:NortonAV
"12931:TCP"= 12931:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"16992:TCP"= 16992:TCP:NortonAV
"15569:TCP"= 15569:TCP:NortonAV
"16191:TCP"= 16191:TCP:NortonAV
"15534:TCP"= 15534:TCP:NortonAV
"15107:TCP"= 15107:TCP:NortonAV
"13061:TCP"= 13061:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"16061:TCP"= 16061:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13067:TCP"= 13067:TCP:NortonAV
"12354:TCP"= 12354:TCP:NortonAV
"15991:TCP"= 15991:TCP:NortonAV
"13051:TCP"= 13051:TCP:NortonAV
"14091:TCP"= 14091:TCP:NortonAV
"17027:TCP"= 17027:TCP:NortonAV
"14652:TCP"= 14652:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"18426:TCP"= 18426:TCP:NortonAV
"18414:TCP"= 18414:TCP:NortonAV
"13104:TCP"= 13104:TCP:NortonAV
"12643:TCP"= 12643:TCP:NortonAV
"18711:TCP"= 18711:TCP:NortonAV
"17621:TCP"= 17621:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"13823:TCP"= 13823:TCP:NortonAV
"12305:TCP"= 12305:TCP:NortonAV
"12350:TCP"= 12350:TCP:NortonAV
"18390:TCP"= 18390:TCP:NortonAV
"14330:TCP"= 14330:TCP:NortonAV
"13741:TCP"= 13741:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"13724:TCP"= 13724:TCP:NortonAV
"12358:TCP"= 12358:TCP:NortonAV
"13923:TCP"= 13923:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"16975:TCP"= 16975:TCP:NortonAV
"14012:TCP"= 14012:TCP:NortonAV
"17815:TCP"= 17815:TCP:NortonAV
"16859:TCP"= 16859:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"17446:TCP"= 17446:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14383:TCP"= 14383:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18831:TCP"= 18831:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"17002:TCP"= 17002:TCP:NortonAV
"17131:TCP"= 17131:TCP:NortonAV
"13643:TCP"= 13643:TCP:NortonAV
"14421:TCP"= 14421:TCP:NortonAV
"12605:TCP"= 12605:TCP:NortonAV
"15729:TCP"= 15729:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"14823:TCP"= 14823:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"17881:TCP"= 17881:TCP:NortonAV
"14736:TCP"= 14736:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"12769:TCP"= 12769:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"15409:TCP"= 15409:TCP:NortonAV
"17525:TCP"= 17525:TCP:NortonAV
"15112:TCP"= 15112:TCP:NortonAV
"14232:TCP"= 14232:TCP:NortonAV
"17511:TCP"= 17511:TCP:NortonAV
"14401:TCP"= 14401:TCP:NortonAV
"18019:TCP"= 18019:TCP:NortonAV
"16546:TCP"= 16546:TCP:NortonAV
"13648:TCP"= 13648:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"18078:TCP"= 18078:TCP:NortonAV
"13915:TCP"= 13915:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"15547:TCP"= 15547:TCP:NortonAV
"15331:TCP"= 15331:TCP:NortonAV
"13939:TCP"= 13939:TCP:NortonAV
"15236:TCP"= 15236:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"18937:TCP"= 18937:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13444:TCP"= 13444:TCP:NortonAV
"18547:TCP"= 18547:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"17462:TCP"= 17462:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"13884:TCP"= 13884:TCP:NortonAV
"16021:TCP"= 16021:TCP:NortonAV
"17713:TCP"= 17713:TCP:NortonAV
"16544:TCP"= 16544:TCP:NortonAV
"18654:TCP"= 18654:TCP:NortonAV
"14495:TCP"= 14495:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"13147:TCP"= 13147:TCP:NortonAV
"18341:TCP"= 18341:TCP:NortonAV
"13756:TCP"= 13756:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"12172:TCP"= 12172:TCP:NortonAV
"16008:TCP"= 16008:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"13457:TCP"= 13457:TCP:NortonAV
"14327:TCP"= 14327:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16518:TCP"= 16518:TCP:NortonAV
"17677:TCP"= 17677:TCP:NortonAV
"14105:TCP"= 14105:TCP:NortonAV
"14032:TCP"= 14032:TCP:NortonAV
"12249:TCP"= 12249:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"16168:TCP"= 16168:TCP:NortonAV
"17917:TCP"= 17917:TCP:NortonAV
"17162:TCP"= 17162:TCP:NortonAV
"12437:TCP"= 12437:TCP:NortonAV
"13161:TCP"= 13161:TCP:NortonAV
"13727:TCP"= 13727:TCP:NortonAV
"13880:TCP"= 13880:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"12707:TCP"= 12707:TCP:NortonAV
"13760:TCP"= 13760:TCP:NortonAV
"16926:TCP"= 16926:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"12884:TCP"= 12884:TCP:NortonAV
"14474:TCP"= 14474:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"13141:TCP"= 13141:TCP:NortonAV
"12959:TCP"= 12959:TCP:NortonAV
"13121:TCP"= 13121:TCP:NortonAV
"14558:TCP"= 14558:TCP:NortonAV
"15116:TCP"= 15116:TCP:NortonAV
"14684:TCP"= 14684:TCP:NortonAV
"13345:TCP"= 13345:TCP:NortonAV
"12294:TCP"= 12294:TCP:NortonAV
"12405:TCP"= 12405:TCP:NortonAV
"14378:TCP"= 14378:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"12282:TCP"= 12282:TCP:NortonAV
"13495:TCP"= 13495:TCP:NortonAV
"16928:TCP"= 16928:TCP:NortonAV
"15959:TCP"= 15959:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"17820:TCP"= 17820:TCP:NortonAV
"12568:TCP"= 12568:TCP:NortonAV
"17355:TCP"= 17355:TCP:NortonAV
"17720:TCP"= 17720:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"16630:TCP"= 16630:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"14074:TCP"= 14074:TCP:NortonAV
"14683:TCP"= 14683:TCP:NortonAV
"17857:TCP"= 17857:TCP:NortonAV
"16635:TCP"= 16635:TCP:NortonAV
"12652:TCP"= 12652:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"12939:TCP"= 12939:TCP:NortonAV
"15649:TCP"= 15649:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"13160:TCP"= 13160:TCP:NortonAV
"14862:TCP"= 14862:TCP:NortonAV
"12463:TCP"= 12463:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"15000:TCP"= 15000:TCP:NortonAV
"18750:TCP"= 18750:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"16392:TCP"= 16392:TCP:NortonAV
"12257:TCP"= 12257:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"17430:TCP"= 17430:TCP:NortonAV
"17008:TCP"= 17008:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"16763:TCP"= 16763:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"13144:TCP"= 13144:TCP:NortonAV
"18542:TCP"= 18542:TCP:NortonAV
"14927:TCP"= 14927:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - G:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
HKCU-Run-MsServer - msfun80.exe
HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:29:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
C:\WINDOWS\system32\Ati2evxx.dll
.
ComboFix 08-12-28.04 - user 2008-12-30 0:24:59.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eyqwocos.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zqbjvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13102:TCP"= 13102:TCP:NortonAV
"18253:TCP"= 18253:TCP:NortonAV
"17822:TCP"= 17822:TCP:NortonAV
"14827:TCP"= 14827:TCP:NortonAV
"17423:TCP"= 17423:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"12900:TCP"= 12900:TCP:NortonAV
"18949:TCP"= 18949:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"12167:TCP"= 12167:TCP:NortonAV
"18052:TCP"= 18052:TCP:NortonAV
"18011:TCP"= 18011:TCP:NortonAV
"17873:TCP"= 17873:TCP:NortonAV
"14381:TCP"= 14381:TCP:NortonAV
"16085:TCP"= 16085:TCP:NortonAV
"17493:TCP"= 17493:TCP:NortonAV
"16229:TCP"= 16229:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"12419:TCP"= 12419:TCP:NortonAV
"16679:TCP"= 16679:TCP:NortonAV
"15948:TCP"= 15948:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"17805:TCP"= 17805:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"13975:TCP"= 13975:TCP:NortonAV
"14303:TCP"= 14303:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"15727:TCP"= 15727:TCP:NortonAV
"12931:TCP"= 12931:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"16992:TCP"= 16992:TCP:NortonAV
"15569:TCP"= 15569:TCP:NortonAV
"16191:TCP"= 16191:TCP:NortonAV
"15534:TCP"= 15534:TCP:NortonAV
"15107:TCP"= 15107:TCP:NortonAV
"13061:TCP"= 13061:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"16061:TCP"= 16061:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13067:TCP"= 13067:TCP:NortonAV
"12354:TCP"= 12354:TCP:NortonAV
"15991:TCP"= 15991:TCP:NortonAV
"13051:TCP"= 13051:TCP:NortonAV
"14091:TCP"= 14091:TCP:NortonAV
"17027:TCP"= 17027:TCP:NortonAV
"14652:TCP"= 14652:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"18426:TCP"= 18426:TCP:NortonAV
"18414:TCP"= 18414:TCP:NortonAV
"13104:TCP"= 13104:TCP:NortonAV
"12643:TCP"= 12643:TCP:NortonAV
"18711:TCP"= 18711:TCP:NortonAV
"17621:TCP"= 17621:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"13823:TCP"= 13823:TCP:NortonAV
"12305:TCP"= 12305:TCP:NortonAV
"12350:TCP"= 12350:TCP:NortonAV
"18390:TCP"= 18390:TCP:NortonAV
"14330:TCP"= 14330:TCP:NortonAV
"13741:TCP"= 13741:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"13724:TCP"= 13724:TCP:NortonAV
"12358:TCP"= 12358:TCP:NortonAV
"13923:TCP"= 13923:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"16975:TCP"= 16975:TCP:NortonAV
"14012:TCP"= 14012:TCP:NortonAV
"17815:TCP"= 17815:TCP:NortonAV
"16859:TCP"= 16859:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"17446:TCP"= 17446:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14383:TCP"= 14383:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18831:TCP"= 18831:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"17002:TCP"= 17002:TCP:NortonAV
"17131:TCP"= 17131:TCP:NortonAV
"13643:TCP"= 13643:TCP:NortonAV
"14421:TCP"= 14421:TCP:NortonAV
"12605:TCP"= 12605:TCP:NortonAV
"15729:TCP"= 15729:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"14823:TCP"= 14823:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"17881:TCP"= 17881:TCP:NortonAV
"14736:TCP"= 14736:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"12769:TCP"= 12769:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"15409:TCP"= 15409:TCP:NortonAV
"17525:TCP"= 17525:TCP:NortonAV
"15112:TCP"= 15112:TCP:NortonAV
"14232:TCP"= 14232:TCP:NortonAV
"17511:TCP"= 17511:TCP:NortonAV
"14401:TCP"= 14401:TCP:NortonAV
"18019:TCP"= 18019:TCP:NortonAV
"16546:TCP"= 16546:TCP:NortonAV
"13648:TCP"= 13648:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"18078:TCP"= 18078:TCP:NortonAV
"13915:TCP"= 13915:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"15547:TCP"= 15547:TCP:NortonAV
"15331:TCP"= 15331:TCP:NortonAV
"13939:TCP"= 13939:TCP:NortonAV
"15236:TCP"= 15236:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"18937:TCP"= 18937:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13444:TCP"= 13444:TCP:NortonAV
"18547:TCP"= 18547:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"17462:TCP"= 17462:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"13884:TCP"= 13884:TCP:NortonAV
"16021:TCP"= 16021:TCP:NortonAV
"17713:TCP"= 17713:TCP:NortonAV
"16544:TCP"= 16544:TCP:NortonAV
"18654:TCP"= 18654:TCP:NortonAV
"14495:TCP"= 14495:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"13147:TCP"= 13147:TCP:NortonAV
"18341:TCP"= 18341:TCP:NortonAV
"13756:TCP"= 13756:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"12172:TCP"= 12172:TCP:NortonAV
"16008:TCP"= 16008:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"13457:TCP"= 13457:TCP:NortonAV
"14327:TCP"= 14327:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16518:TCP"= 16518:TCP:NortonAV
"17677:TCP"= 17677:TCP:NortonAV
"14105:TCP"= 14105:TCP:NortonAV
"14032:TCP"= 14032:TCP:NortonAV
"12249:TCP"= 12249:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"16168:TCP"= 16168:TCP:NortonAV
"17917:TCP"= 17917:TCP:NortonAV
"17162:TCP"= 17162:TCP:NortonAV
"12437:TCP"= 12437:TCP:NortonAV
"13161:TCP"= 13161:TCP:NortonAV
"13727:TCP"= 13727:TCP:NortonAV
"13880:TCP"= 13880:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"12707:TCP"= 12707:TCP:NortonAV
"13760:TCP"= 13760:TCP:NortonAV
"16926:TCP"= 16926:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"12884:TCP"= 12884:TCP:NortonAV
"14474:TCP"= 14474:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"13141:TCP"= 13141:TCP:NortonAV
"12959:TCP"= 12959:TCP:NortonAV
"13121:TCP"= 13121:TCP:NortonAV
"14558:TCP"= 14558:TCP:NortonAV
"15116:TCP"= 15116:TCP:NortonAV
"14684:TCP"= 14684:TCP:NortonAV
"13345:TCP"= 13345:TCP:NortonAV
"12294:TCP"= 12294:TCP:NortonAV
"12405:TCP"= 12405:TCP:NortonAV
"14378:TCP"= 14378:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"12282:TCP"= 12282:TCP:NortonAV
"13495:TCP"= 13495:TCP:NortonAV
"16928:TCP"= 16928:TCP:NortonAV
"15959:TCP"= 15959:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"17820:TCP"= 17820:TCP:NortonAV
"12568:TCP"= 12568:TCP:NortonAV
"17355:TCP"= 17355:TCP:NortonAV
"17720:TCP"= 17720:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"16630:TCP"= 16630:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"14074:TCP"= 14074:TCP:NortonAV
"14683:TCP"= 14683:TCP:NortonAV
"17857:TCP"= 17857:TCP:NortonAV
"16635:TCP"= 16635:TCP:NortonAV
"12652:TCP"= 12652:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"12939:TCP"= 12939:TCP:NortonAV
"15649:TCP"= 15649:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"13160:TCP"= 13160:TCP:NortonAV
"14862:TCP"= 14862:TCP:NortonAV
"12463:TCP"= 12463:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"15000:TCP"= 15000:TCP:NortonAV
"18750:TCP"= 18750:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"16392:TCP"= 16392:TCP:NortonAV
"12257:TCP"= 12257:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"17430:TCP"= 17430:TCP:NortonAV
"17008:TCP"= 17008:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"16763:TCP"= 16763:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"13144:TCP"= 13144:TCP:NortonAV
"18542:TCP"= 18542:TCP:NortonAV
"14927:TCP"= 14927:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - G:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
HKCU-Run-MsServer - msfun80.exe
HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:29:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
C:\WINDOWS\system32\Ati2evxx.dll
.
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eyqwocos.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zqbjvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13102:TCP"= 13102:TCP:NortonAV
"18253:TCP"= 18253:TCP:NortonAV
"17822:TCP"= 17822:TCP:NortonAV
"14827:TCP"= 14827:TCP:NortonAV
"17423:TCP"= 17423:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"12900:TCP"= 12900:TCP:NortonAV
"18949:TCP"= 18949:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"12167:TCP"= 12167:TCP:NortonAV
"18052:TCP"= 18052:TCP:NortonAV
"18011:TCP"= 18011:TCP:NortonAV
"17873:TCP"= 17873:TCP:NortonAV
"14381:TCP"= 14381:TCP:NortonAV
"16085:TCP"= 16085:TCP:NortonAV
"17493:TCP"= 17493:TCP:NortonAV
"16229:TCP"= 16229:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"12419:TCP"= 12419:TCP:NortonAV
"16679:TCP"= 16679:TCP:NortonAV
"15948:TCP"= 15948:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"17805:TCP"= 17805:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"13975:TCP"= 13975:TCP:NortonAV
"14303:TCP"= 14303:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"15727:TCP"= 15727:TCP:NortonAV
"12931:TCP"= 12931:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"16992:TCP"= 16992:TCP:NortonAV
"15569:TCP"= 15569:TCP:NortonAV
"16191:TCP"= 16191:TCP:NortonAV
"15534:TCP"= 15534:TCP:NortonAV
"15107:TCP"= 15107:TCP:NortonAV
"13061:TCP"= 13061:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"16061:TCP"= 16061:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13067:TCP"= 13067:TCP:NortonAV
"12354:TCP"= 12354:TCP:NortonAV
"15991:TCP"= 15991:TCP:NortonAV
"13051:TCP"= 13051:TCP:NortonAV
"14091:TCP"= 14091:TCP:NortonAV
"17027:TCP"= 17027:TCP:NortonAV
"14652:TCP"= 14652:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"18426:TCP"= 18426:TCP:NortonAV
"18414:TCP"= 18414:TCP:NortonAV
"13104:TCP"= 13104:TCP:NortonAV
"12643:TCP"= 12643:TCP:NortonAV
"18711:TCP"= 18711:TCP:NortonAV
"17621:TCP"= 17621:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"13823:TCP"= 13823:TCP:NortonAV
"12305:TCP"= 12305:TCP:NortonAV
"12350:TCP"= 12350:TCP:NortonAV
"18390:TCP"= 18390:TCP:NortonAV
"14330:TCP"= 14330:TCP:NortonAV
"13741:TCP"= 13741:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"13724:TCP"= 13724:TCP:NortonAV
"12358:TCP"= 12358:TCP:NortonAV
"13923:TCP"= 13923:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"16975:TCP"= 16975:TCP:NortonAV
"14012:TCP"= 14012:TCP:NortonAV
"17815:TCP"= 17815:TCP:NortonAV
"16859:TCP"= 16859:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"17446:TCP"= 17446:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14383:TCP"= 14383:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18831:TCP"= 18831:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"17002:TCP"= 17002:TCP:NortonAV
"17131:TCP"= 17131:TCP:NortonAV
"13643:TCP"= 13643:TCP:NortonAV
"14421:TCP"= 14421:TCP:NortonAV
"12605:TCP"= 12605:TCP:NortonAV
"15729:TCP"= 15729:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"14823:TCP"= 14823:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"17881:TCP"= 17881:TCP:NortonAV
"14736:TCP"= 14736:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"12769:TCP"= 12769:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"15409:TCP"= 15409:TCP:NortonAV
"17525:TCP"= 17525:TCP:NortonAV
"15112:TCP"= 15112:TCP:NortonAV
"14232:TCP"= 14232:TCP:NortonAV
"17511:TCP"= 17511:TCP:NortonAV
"14401:TCP"= 14401:TCP:NortonAV
"18019:TCP"= 18019:TCP:NortonAV
"16546:TCP"= 16546:TCP:NortonAV
"13648:TCP"= 13648:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"18078:TCP"= 18078:TCP:NortonAV
"13915:TCP"= 13915:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"15547:TCP"= 15547:TCP:NortonAV
"15331:TCP"= 15331:TCP:NortonAV
"13939:TCP"= 13939:TCP:NortonAV
"15236:TCP"= 15236:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"18937:TCP"= 18937:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13444:TCP"= 13444:TCP:NortonAV
"18547:TCP"= 18547:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"17462:TCP"= 17462:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"13884:TCP"= 13884:TCP:NortonAV
"16021:TCP"= 16021:TCP:NortonAV
"17713:TCP"= 17713:TCP:NortonAV
"16544:TCP"= 16544:TCP:NortonAV
"18654:TCP"= 18654:TCP:NortonAV
"14495:TCP"= 14495:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"13147:TCP"= 13147:TCP:NortonAV
"18341:TCP"= 18341:TCP:NortonAV
"13756:TCP"= 13756:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"12172:TCP"= 12172:TCP:NortonAV
"16008:TCP"= 16008:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"13457:TCP"= 13457:TCP:NortonAV
"14327:TCP"= 14327:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16518:TCP"= 16518:TCP:NortonAV
"17677:TCP"= 17677:TCP:NortonAV
"14105:TCP"= 14105:TCP:NortonAV
"14032:TCP"= 14032:TCP:NortonAV
"12249:TCP"= 12249:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"16168:TCP"= 16168:TCP:NortonAV
"17917:TCP"= 17917:TCP:NortonAV
"17162:TCP"= 17162:TCP:NortonAV
"12437:TCP"= 12437:TCP:NortonAV
"13161:TCP"= 13161:TCP:NortonAV
"13727:TCP"= 13727:TCP:NortonAV
"13880:TCP"= 13880:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"12707:TCP"= 12707:TCP:NortonAV
"13760:TCP"= 13760:TCP:NortonAV
"16926:TCP"= 16926:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"12884:TCP"= 12884:TCP:NortonAV
"14474:TCP"= 14474:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"13141:TCP"= 13141:TCP:NortonAV
"12959:TCP"= 12959:TCP:NortonAV
"13121:TCP"= 13121:TCP:NortonAV
"14558:TCP"= 14558:TCP:NortonAV
"15116:TCP"= 15116:TCP:NortonAV
"14684:TCP"= 14684:TCP:NortonAV
"13345:TCP"= 13345:TCP:NortonAV
"12294:TCP"= 12294:TCP:NortonAV
"12405:TCP"= 12405:TCP:NortonAV
"14378:TCP"= 14378:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"12282:TCP"= 12282:TCP:NortonAV
"13495:TCP"= 13495:TCP:NortonAV
"16928:TCP"= 16928:TCP:NortonAV
"15959:TCP"= 15959:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"17820:TCP"= 17820:TCP:NortonAV
"12568:TCP"= 12568:TCP:NortonAV
"17355:TCP"= 17355:TCP:NortonAV
"17720:TCP"= 17720:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"16630:TCP"= 16630:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"14074:TCP"= 14074:TCP:NortonAV
"14683:TCP"= 14683:TCP:NortonAV
"17857:TCP"= 17857:TCP:NortonAV
"16635:TCP"= 16635:TCP:NortonAV
"12652:TCP"= 12652:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"12939:TCP"= 12939:TCP:NortonAV
"15649:TCP"= 15649:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"13160:TCP"= 13160:TCP:NortonAV
"14862:TCP"= 14862:TCP:NortonAV
"12463:TCP"= 12463:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"15000:TCP"= 15000:TCP:NortonAV
"18750:TCP"= 18750:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"16392:TCP"= 16392:TCP:NortonAV
"12257:TCP"= 12257:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"17430:TCP"= 17430:TCP:NortonAV
"17008:TCP"= 17008:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"16763:TCP"= 16763:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"13144:TCP"= 13144:TCP:NortonAV
"18542:TCP"= 18542:TCP:NortonAV
"14927:TCP"= 14927:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - G:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
HKCU-Run-MsServer - msfun80.exe
HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:29:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
C:\WINDOWS\system32\Ati2evxx.dll
.
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
comme tu me l as demandé je t envoie lLogfile of random's system information tool 1.05 (written by random/random)
Run by user at 2008-12-30 12:59:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (9%) free of 35 GB
Total RAM: 1014 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59, on 2008-12-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\JL90IEQD\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Run by user at 2008-12-30 12:59:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (9%) free of 35 GB
Total RAM: 1014 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59, on 2008-12-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\JL90IEQD\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
info.txt logfile of random's system information tool 1.05 2008-12-30 12:59:16
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x40c
Acer eSettings Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Agere Systems HDA Modem-->agrsmdel
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze-->D:\Azureus\uninstall.exe
Canon Camera Support Core Library-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1036
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x40c /remove
Creative MuVo N200 Media Explorer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c /remove
Encyclopédie Microsoft Encarta 99-->RunDll32 C:\PROGRA~1\MIE1DB~1\ENCYCL~1\UNENC99.DLL,Uninstall C:\PROGRA~1\MIE1DB~1\ENCYCL~1\SETUP99F\INST99F.LOG
eoEngine 7.1-->"C:\Program Files\EoRezo\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel Acer OrbiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\Setup.EXE" -l0x40c
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MuVo Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c /remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Need For Speed III-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PrintMaster Gold 4.00-->c:\pmw\msrun.exe
Programme de gestion Acer OrbiCam-->"C:\Program Files\Fichiers communs\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c
QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
SA31xx Device Manager & Media Converter-->C:\Program Files\InstallShield Installation Information\{E572B060-C98B-4984-A48E-E4FA56265903}\setup.exe -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperCopier2-->"D:\SuperCopier2\SC2Uninst.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Calculatem 4 with "AutoRead"-->"C:\Program Files\TexasCalculatem\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1036
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081229-0]
System event log
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.
Record Number: 20258
Source Name: Service Control Manager
Time Written: 20081119185849.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play.
Record Number: 20257
Source Name: Service Control Manager
Time Written: 20081119185848.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 20256
Source Name: Service Control Manager
Time Written: 20081119185839.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 20255
Source Name: Service Control Manager
Time Written: 20081119185832.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 20254
Source Name: Service Control Manager
Time Written: 20081119185832.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Application event log
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16167
Source Name: AcerMemUsageCheckService
Time Written: 20080922173535.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16166
Source Name: AcerMemUsageCheckService
Time Written: 20080922173533.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16165
Source Name: AcerMemUsageCheckService
Time Written: 20080922163522.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16164
Source Name: AcerMemUsageCheckService
Time Written: 20080922163522.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 35
Message:
Record Number: 16163
Source Name: NSCService
Time Written: 20080922142532.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x40c
Acer eSettings Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Agere Systems HDA Modem-->agrsmdel
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze-->D:\Azureus\uninstall.exe
Canon Camera Support Core Library-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1036
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x40c /remove
Creative MuVo N200 Media Explorer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c /remove
Encyclopédie Microsoft Encarta 99-->RunDll32 C:\PROGRA~1\MIE1DB~1\ENCYCL~1\UNENC99.DLL,Uninstall C:\PROGRA~1\MIE1DB~1\ENCYCL~1\SETUP99F\INST99F.LOG
eoEngine 7.1-->"C:\Program Files\EoRezo\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel Acer OrbiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\Setup.EXE" -l0x40c
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MuVo Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c /remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Need For Speed III-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PrintMaster Gold 4.00-->c:\pmw\msrun.exe
Programme de gestion Acer OrbiCam-->"C:\Program Files\Fichiers communs\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c
QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
SA31xx Device Manager & Media Converter-->C:\Program Files\InstallShield Installation Information\{E572B060-C98B-4984-A48E-E4FA56265903}\setup.exe -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperCopier2-->"D:\SuperCopier2\SC2Uninst.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Calculatem 4 with "AutoRead"-->"C:\Program Files\TexasCalculatem\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1036
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081229-0]
System event log
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.
Record Number: 20258
Source Name: Service Control Manager
Time Written: 20081119185849.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play.
Record Number: 20257
Source Name: Service Control Manager
Time Written: 20081119185848.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 20256
Source Name: Service Control Manager
Time Written: 20081119185839.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 20255
Source Name: Service Control Manager
Time Written: 20081119185832.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 20254
Source Name: Service Control Manager
Time Written: 20081119185832.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Application event log
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16167
Source Name: AcerMemUsageCheckService
Time Written: 20080922173535.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16166
Source Name: AcerMemUsageCheckService
Time Written: 20080922173533.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16165
Source Name: AcerMemUsageCheckService
Time Written: 20080922163522.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16164
Source Name: AcerMemUsageCheckService
Time Written: 20080922163522.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 35
Message:
Record Number: 16163
Source Name: NSCService
Time Written: 20080922142532.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau.
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Choisis l'option 1 (Nettoyage).
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Choisis l'option 1 (Nettoyage).
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
désolé j ai été long mais voila le rapport et encore merci de ton aide.
-------------- UsbFix V2.413.8 ---------------
* User : user - ACER-D9F74F6A24
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:56:47 le 2008-12-30
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur amovible
G: - Lecteur amovible
H: - Lecteur amovible
I: - Lecteur amovible
+- Contenu de l'autorun : H:\autorun.inf
[AutoRun]
open=fun.xls.exe
shellexecute=fun.xls.exe
shell\Auto\command=fun.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk1
+- Contenu de l'autorun : I:\autorun.inf
[AutoRun]
open=fun.xls.exe
shellexecute=fun.xls.exe
shell\Auto\command=fun.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk1
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
[2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
[2008-12-30 00:24][-rahs----] C:\boot.ini
[2008-12-30 15:56][--a------] C:\UsbFix.txt
[2006-04-15 15:47][--a------] C:\CONFIG.SYS
[2006-04-15 15:47][--a------] C:\IO.SYS
[2006-04-15 15:47][--a------] C:\MSDOS.SYS
[2006-04-15 15:47][--a------] C:\pagefile.sys
[2006-04-15 15:47][--a------] C:\hiberfil.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
[2008-09-28 18:52][---------] F:\AdobeR.exe
--------------- [ Lecteur G ] ----------------
G: - Lecteur amovible
+- Listing des fichiers présents :
--------------- [ Lecteur H ] ----------------
H: - Lecteur amovible
+- Listing des fichiers présents :
[2008-10-06 16:24][---hs----] H:\AdobeR.exe
[2008-10-06 16:24][---hs----] H:\AUTORUN.INF
--------------- [ Lecteur I ] ----------------
I: - Lecteur amovible
+- Listing des fichiers présents :
[2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
[2008-10-02 12:56][---hs----] I:\AdobeR.exe
[2008-10-02 12:56][---hs----] I:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LaunchApp=Alaunch
AGRSMMSG=AGRSMMSG.exe
RTHDCPL=RTHDCPL.EXE
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService="C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Acer ePresentation HPD=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot=C:\Acer\Empowering Technology\ePower\Boot.exe
LManager=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector]=C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt=C:\WINDOWS\system32\ImageItEncrypt.exe
QuickTime Task="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c658d678-9f78-11dc-bded-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [2007-06-08 16:17][--ahs----] D:\THUMBS.DB
Supprimé ! - [2003-06-20 04:05][-rahs----] F:\.\Recycled\Driveinfo.exe
Supprimé ! - [2008-09-28 18:52][---------] F:\adobeR.exe
Supprimé ! - [2007-08-23 14:23][---hs----] F:\msvcr71.dll
Supprimé ! - [2006-09-09 09:54][-r-hs----] F:\Recycled\ctfmon.exe
Supprimé ! - [2007-08-17 14:44][---hs----] G:\msvcr71.dll
Supprimé ! - [2008-10-06 16:24][---hs----] H:\autorun.inf
Supprimé ! - [2008-10-06 16:24][---hs----] H:\adobeR.exe
Supprimé ! - [2007-11-09 12:01][---hs----] H:\msvcr71.dll
Supprimé ! - [2008-10-02 12:56][---hs----] I:\autorun.inf
Supprimé ! - [2008-10-02 12:56][---hs----] I:\adobeR.exe
Supprimé ! - [2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
Supprimé ! - [2007-12-20 17:15][---hs----] I:\msvcr71.dll
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
[2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
[2008-12-30 00:24][-rahs----] C:\boot.ini
--------------- ! Fin du rapport ! ----------------
-------------- UsbFix V2.413.8 ---------------
* User : user - ACER-D9F74F6A24
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:56:47 le 2008-12-30
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur amovible
G: - Lecteur amovible
H: - Lecteur amovible
I: - Lecteur amovible
+- Contenu de l'autorun : H:\autorun.inf
[AutoRun]
open=fun.xls.exe
shellexecute=fun.xls.exe
shell\Auto\command=fun.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk1
+- Contenu de l'autorun : I:\autorun.inf
[AutoRun]
open=fun.xls.exe
shellexecute=fun.xls.exe
shell\Auto\command=fun.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk1
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
[2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
[2008-12-30 00:24][-rahs----] C:\boot.ini
[2008-12-30 15:56][--a------] C:\UsbFix.txt
[2006-04-15 15:47][--a------] C:\CONFIG.SYS
[2006-04-15 15:47][--a------] C:\IO.SYS
[2006-04-15 15:47][--a------] C:\MSDOS.SYS
[2006-04-15 15:47][--a------] C:\pagefile.sys
[2006-04-15 15:47][--a------] C:\hiberfil.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
[2008-09-28 18:52][---------] F:\AdobeR.exe
--------------- [ Lecteur G ] ----------------
G: - Lecteur amovible
+- Listing des fichiers présents :
--------------- [ Lecteur H ] ----------------
H: - Lecteur amovible
+- Listing des fichiers présents :
[2008-10-06 16:24][---hs----] H:\AdobeR.exe
[2008-10-06 16:24][---hs----] H:\AUTORUN.INF
--------------- [ Lecteur I ] ----------------
I: - Lecteur amovible
+- Listing des fichiers présents :
[2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
[2008-10-02 12:56][---hs----] I:\AdobeR.exe
[2008-10-02 12:56][---hs----] I:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LaunchApp=Alaunch
AGRSMMSG=AGRSMMSG.exe
RTHDCPL=RTHDCPL.EXE
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService="C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Acer ePresentation HPD=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot=C:\Acer\Empowering Technology\ePower\Boot.exe
LManager=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector]=C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt=C:\WINDOWS\system32\ImageItEncrypt.exe
QuickTime Task="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c658d678-9f78-11dc-bded-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [2007-06-08 16:17][--ahs----] D:\THUMBS.DB
Supprimé ! - [2003-06-20 04:05][-rahs----] F:\.\Recycled\Driveinfo.exe
Supprimé ! - [2008-09-28 18:52][---------] F:\adobeR.exe
Supprimé ! - [2007-08-23 14:23][---hs----] F:\msvcr71.dll
Supprimé ! - [2006-09-09 09:54][-r-hs----] F:\Recycled\ctfmon.exe
Supprimé ! - [2007-08-17 14:44][---hs----] G:\msvcr71.dll
Supprimé ! - [2008-10-06 16:24][---hs----] H:\autorun.inf
Supprimé ! - [2008-10-06 16:24][---hs----] H:\adobeR.exe
Supprimé ! - [2007-11-09 12:01][---hs----] H:\msvcr71.dll
Supprimé ! - [2008-10-02 12:56][---hs----] I:\autorun.inf
Supprimé ! - [2008-10-02 12:56][---hs----] I:\adobeR.exe
Supprimé ! - [2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
Supprimé ! - [2007-12-20 17:15][---hs----] I:\msvcr71.dll
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
[2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
[2008-12-30 00:24][-rahs----] C:\boot.ini
--------------- ! Fin du rapport ! ----------------
J'espère que tu n'as pas branché ta clé USB un peu partout vu comment elle était infectée...
---> Désinstalle EoEngine.
● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
● Double-clique sur l'icône Ad-remover située sur ton Bureau.
● Au menu principal, choisis l'option "A".
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
---> Désinstalle EoEngine.
● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
● Double-clique sur l'icône Ad-remover située sur ton Bureau.
● Au menu principal, choisis l'option "A".
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Voila le rapport de ad remover:
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
# START at: 16:18:47 | Mar 30/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ACER-D9F74F6A24 | USER: user ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 66 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[2008-10-11 12:02] C:\Program Files\EoRezo
[2008-10-11 12:02] C:\Program Files\EoRezo\EoAdv
[2008-11-01 15:52] C:\Program Files\EoRezo\EoAdv\eoAdv.url
[2008-10-11 12:06] C:\Program Files\EoRezo\EoAdv\tmp
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.7219
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6211
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1526
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8523
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.4646
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.9129
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3192
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo
[2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\user.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\host.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\cmhost.cyp
[2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\cache
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\db
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\ConfMedia.cyp
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
[2008-10-11 12:03] C:\Documents and Settings\user\Application Data\EoRezo\eoStats
[2008-12-05 13:16] C:\Documents and Settings\user\Application Data\EoRezo\db\cat.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\config.xml
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\userConfig.xml
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\eoDesktop.html
[2008-12-23 13:17] C:\Documents and Settings\user\Application Data\EoRezo\eoStats\eoStats.txt
[2008-12-30 16:03] C:\WINDOWS\Prefetch\EOENGINE.EXE-25D17307.pf
[2008-12-24 00:49] C:\Documents and Settings\user\Cookies\user@eorezo[1].txt
[2008-12-30 14:56] C:\Documents and Settings\user\Cookies\user@ads.eorezo[2].txt
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
.
[2006-04-15 16:20] C:\WINDOWS\Installer\{4AD13F68-CADA-4C6B-9759-C33753F89908}\ARPPRODUCTICON.exe
[2006-04-15 16:10] C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\ARPPRODUCTICON.exe
[2006-04-15 16:11] C:\WINDOWS\Installer\{385979FE-DC4F-4140-8EAD-A59625000D72}\ARPPRODUCTICON.exe
[2007-02-13 11:47] C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\ARPPRODUCTICON.exe
[2007-02-13 11:47] C:\WINDOWS\Installer\{2F81FBFC-9A37-431F-9050-14B55485DF5A}\ARPPRODUCTICON.exe
[2007-02-13 11:48] C:\WINDOWS\Installer\{91F1A0D6-23AD-49FE-8D4E-379485652214}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{C7281207-4AA4-425E-B57A-0E9EF8445635}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{4C96958A-6562-4143-B820-FF4890D3B734}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{45EF4EE3-F591-4B74-A477-0CAE12934CE7}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{28291BD5-92D2-4685-82DC-CCA925C53CCA}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}\ARPPRODUCTICON.exe
[2008-10-28 12:54] C:\WINDOWS\Installer\{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}\ARPPRODUCTICON.exe
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MsServer REG_SZ msfun80.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
LaunchApp REG_SZ Alaunch
AGRSMMSG REG_SZ AGRSMMSG.exe
RTHDCPL REG_SZ RTHDCPL.EXE
AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService REG_SZ "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI REG_SZ C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Acer ePresentation HPD REG_SZ C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
ePower_DMC REG_SZ C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot REG_SZ C:\Acer\Empowering Technology\ePower\Boot.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant REG_SZ C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector] REG_SZ C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E) REG_SZ C:\WINDOWS\system32\ElkCtrl.exe /automation
eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt REG_SZ C:\WINDOWS\system32\ImageItEncrypt.exe
QuickTime Task REG_SZ "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://lo.st#home
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-20.8-.2-30.log" (~10565 bytes)
# END at: 16:19:35 | 2008-12-30 - Time elapsed: 47.5 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 184 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
# START at: 16:18:47 | Mar 30/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ACER-D9F74F6A24 | USER: user ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 66 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[2008-10-11 12:02] C:\Program Files\EoRezo
[2008-10-11 12:02] C:\Program Files\EoRezo\EoAdv
[2008-11-01 15:52] C:\Program Files\EoRezo\EoAdv\eoAdv.url
[2008-10-11 12:06] C:\Program Files\EoRezo\EoAdv\tmp
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.7219
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6211
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1526
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8523
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.4646
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.9129
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3192
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo
[2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\user.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\host.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\cmhost.cyp
[2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\cache
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\db
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\ConfMedia.cyp
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
[2008-10-11 12:03] C:\Documents and Settings\user\Application Data\EoRezo\eoStats
[2008-12-05 13:16] C:\Documents and Settings\user\Application Data\EoRezo\db\cat.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\config.xml
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\userConfig.xml
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\eoDesktop.html
[2008-12-23 13:17] C:\Documents and Settings\user\Application Data\EoRezo\eoStats\eoStats.txt
[2008-12-30 16:03] C:\WINDOWS\Prefetch\EOENGINE.EXE-25D17307.pf
[2008-12-24 00:49] C:\Documents and Settings\user\Cookies\user@eorezo[1].txt
[2008-12-30 14:56] C:\Documents and Settings\user\Cookies\user@ads.eorezo[2].txt
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
.
[2006-04-15 16:20] C:\WINDOWS\Installer\{4AD13F68-CADA-4C6B-9759-C33753F89908}\ARPPRODUCTICON.exe
[2006-04-15 16:10] C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\ARPPRODUCTICON.exe
[2006-04-15 16:11] C:\WINDOWS\Installer\{385979FE-DC4F-4140-8EAD-A59625000D72}\ARPPRODUCTICON.exe
[2007-02-13 11:47] C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\ARPPRODUCTICON.exe
[2007-02-13 11:47] C:\WINDOWS\Installer\{2F81FBFC-9A37-431F-9050-14B55485DF5A}\ARPPRODUCTICON.exe
[2007-02-13 11:48] C:\WINDOWS\Installer\{91F1A0D6-23AD-49FE-8D4E-379485652214}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{C7281207-4AA4-425E-B57A-0E9EF8445635}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{4C96958A-6562-4143-B820-FF4890D3B734}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{45EF4EE3-F591-4B74-A477-0CAE12934CE7}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{28291BD5-92D2-4685-82DC-CCA925C53CCA}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}\ARPPRODUCTICON.exe
[2008-10-28 12:54] C:\WINDOWS\Installer\{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}\ARPPRODUCTICON.exe
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MsServer REG_SZ msfun80.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
LaunchApp REG_SZ Alaunch
AGRSMMSG REG_SZ AGRSMMSG.exe
RTHDCPL REG_SZ RTHDCPL.EXE
AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService REG_SZ "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI REG_SZ C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Acer ePresentation HPD REG_SZ C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
ePower_DMC REG_SZ C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot REG_SZ C:\Acer\Empowering Technology\ePower\Boot.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant REG_SZ C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector] REG_SZ C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E) REG_SZ C:\WINDOWS\system32\ElkCtrl.exe /automation
eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt REG_SZ C:\WINDOWS\system32\ImageItEncrypt.exe
QuickTime Task REG_SZ "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://lo.st#home
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-20.8-.2-30.log" (~10565 bytes)
# END at: 16:19:35 | 2008-12-30 - Time elapsed: 47.5 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 184 lines ]
+---------------------------------------------------------------------------+
- 1
- 2
- 3
- 4
Suivant
