Virus myspacy sur msn
Résolu
mymy14
Messages postés
50
Statut
Membre
-
mymy14 Messages postés 50 Statut Membre -
mymy14 Messages postés 50 Statut Membre -
Bonjour,
je suis infecté par le virus myspacy de msn. Je n arrive pas a m en débarasser pourriez vous m aider svp.
Merci d avance
je suis infecté par le virus myspacy de msn. Je n arrive pas a m en débarasser pourriez vous m aider svp.
Merci d avance
A voir également:
- Virus myspacy sur msn
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Virus informatique - Guide
- Msn messenger - Télécharger - Messagerie
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
74 réponses
Salut,
- Télécharge MSNFix.zip (de !aur3n7) sur ton Bureau:
http://sosvirus.changelog.fr/MSNFix.zip
- Décompresse-le (Clic droit >> Extraire ici).
- Double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur.
- Le rapport sera enregistré dans C:\Windows\ sous le nom de MSNFix, poste-le.
- Télécharge MSNFix.zip (de !aur3n7) sur ton Bureau:
http://sosvirus.changelog.fr/MSNFix.zip
- Décompresse-le (Clic droit >> Extraire ici).
- Double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur.
- Le rapport sera enregistré dans C:\Windows\ sous le nom de MSNFix, poste-le.
Salut destrio5
malheureusement j ai déja essayer avec msn fix mais lorsqu je lance la recherche le message check service aparait et il ne se passe rien.
malheureusement j ai déja essayer avec msn fix mais lorsqu je lance la recherche le message check service aparait et il ne se passe rien.
- Télécharge HijackThis v2.0.2 sur ton Bureau.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voila j ai réussi a avoir le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:28, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: zqbjvs.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:28, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: zqbjvs.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
En attendant que je revienne d'ici une demi-heure.
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
je te remercie de ton aide. J ai suivi tes indications. Je t envoie le rapport. sinon mon antivirus (avast) s est manifesté a plusieurs reprises pour me dire que mon pc était infecté j ai fait supprimer au fur et a mesure (j espère avoir bien fait).
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1565
Windows 5.1.2600 Service Pack 3
29/12/2008 23:40:09
mbam-log-2008-12-29 (23-40-09).txt
Type de recherche: Examen rapide
Eléments examinés: 52976
Temps écoulé: 8 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlcvmf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.2 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\XHikmUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XHikmUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\alajoqrv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQgeff.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccddaXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEXQhE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUomlKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMggdDV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifgFXQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCRlmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPfGax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEWQhf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUommKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnliJAT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXQiJde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPJayw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRIxvVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1565
Windows 5.1.2600 Service Pack 3
29/12/2008 23:40:09
mbam-log-2008-12-29 (23-40-09).txt
Type de recherche: Examen rapide
Eléments examinés: 52976
Temps écoulé: 8 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlcvmf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.2 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\XHikmUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XHikmUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\alajoqrv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQgeff.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccddaXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEXQhE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUomlKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMggdDV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifgFXQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCRlmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPfGax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEWQhf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUommKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnliJAT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXQiJde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPJayw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRIxvVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
Je viens de me rendre compte qu un autre message est apparu après que je t envoie le rapport.
Impossible de supprimer certains élément tous les éléments qui n ont pas pu etre supprimés ont été ajoutés à la liste des suppressions au redémarrage.
Impossible de supprimer certains élément tous les éléments qui n ont pas pu etre supprimés ont été ajoutés à la liste des suppressions au redémarrage.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\Combofix.txt
Tutoriel officiel :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\Combofix.txt
Tutoriel officiel :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
je n arrive pas a telecharger combofix, un message s affiche me demandant si je suis certain de vouloir fermer VisageON. PS j ai désinstallé le logiciel trojan remover pensant que le problème venait de la mais je n arrive tjrs pas a telecharger combofix
finallement je pense avoir réussi. Voici le rapport. Merci d'avance de l'attention que tu continuera à donner à mon problème.
ComboFix 08-12-28.04 - user 2008-12-30 0:24:59.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eyqwocos.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zqbjvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13102:TCP"= 13102:TCP:NortonAV
"18253:TCP"= 18253:TCP:NortonAV
"17822:TCP"= 17822:TCP:NortonAV
"14827:TCP"= 14827:TCP:NortonAV
"17423:TCP"= 17423:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"12900:TCP"= 12900:TCP:NortonAV
"18949:TCP"= 18949:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"12167:TCP"= 12167:TCP:NortonAV
"18052:TCP"= 18052:TCP:NortonAV
"18011:TCP"= 18011:TCP:NortonAV
"17873:TCP"= 17873:TCP:NortonAV
"14381:TCP"= 14381:TCP:NortonAV
"16085:TCP"= 16085:TCP:NortonAV
"17493:TCP"= 17493:TCP:NortonAV
"16229:TCP"= 16229:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"12419:TCP"= 12419:TCP:NortonAV
"16679:TCP"= 16679:TCP:NortonAV
"15948:TCP"= 15948:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"17805:TCP"= 17805:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"13975:TCP"= 13975:TCP:NortonAV
"14303:TCP"= 14303:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"15727:TCP"= 15727:TCP:NortonAV
"12931:TCP"= 12931:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"16992:TCP"= 16992:TCP:NortonAV
"15569:TCP"= 15569:TCP:NortonAV
"16191:TCP"= 16191:TCP:NortonAV
"15534:TCP"= 15534:TCP:NortonAV
"15107:TCP"= 15107:TCP:NortonAV
"13061:TCP"= 13061:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"16061:TCP"= 16061:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13067:TCP"= 13067:TCP:NortonAV
"12354:TCP"= 12354:TCP:NortonAV
"15991:TCP"= 15991:TCP:NortonAV
"13051:TCP"= 13051:TCP:NortonAV
"14091:TCP"= 14091:TCP:NortonAV
"17027:TCP"= 17027:TCP:NortonAV
"14652:TCP"= 14652:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"18426:TCP"= 18426:TCP:NortonAV
"18414:TCP"= 18414:TCP:NortonAV
"13104:TCP"= 13104:TCP:NortonAV
"12643:TCP"= 12643:TCP:NortonAV
"18711:TCP"= 18711:TCP:NortonAV
"17621:TCP"= 17621:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"13823:TCP"= 13823:TCP:NortonAV
"12305:TCP"= 12305:TCP:NortonAV
"12350:TCP"= 12350:TCP:NortonAV
"18390:TCP"= 18390:TCP:NortonAV
"14330:TCP"= 14330:TCP:NortonAV
"13741:TCP"= 13741:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"13724:TCP"= 13724:TCP:NortonAV
"12358:TCP"= 12358:TCP:NortonAV
"13923:TCP"= 13923:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"16975:TCP"= 16975:TCP:NortonAV
"14012:TCP"= 14012:TCP:NortonAV
"17815:TCP"= 17815:TCP:NortonAV
"16859:TCP"= 16859:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"17446:TCP"= 17446:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14383:TCP"= 14383:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18831:TCP"= 18831:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"17002:TCP"= 17002:TCP:NortonAV
"17131:TCP"= 17131:TCP:NortonAV
"13643:TCP"= 13643:TCP:NortonAV
"14421:TCP"= 14421:TCP:NortonAV
"12605:TCP"= 12605:TCP:NortonAV
"15729:TCP"= 15729:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"14823:TCP"= 14823:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"17881:TCP"= 17881:TCP:NortonAV
"14736:TCP"= 14736:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"12769:TCP"= 12769:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"15409:TCP"= 15409:TCP:NortonAV
"17525:TCP"= 17525:TCP:NortonAV
"15112:TCP"= 15112:TCP:NortonAV
"14232:TCP"= 14232:TCP:NortonAV
"17511:TCP"= 17511:TCP:NortonAV
"14401:TCP"= 14401:TCP:NortonAV
"18019:TCP"= 18019:TCP:NortonAV
"16546:TCP"= 16546:TCP:NortonAV
"13648:TCP"= 13648:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"18078:TCP"= 18078:TCP:NortonAV
"13915:TCP"= 13915:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"15547:TCP"= 15547:TCP:NortonAV
"15331:TCP"= 15331:TCP:NortonAV
"13939:TCP"= 13939:TCP:NortonAV
"15236:TCP"= 15236:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"18937:TCP"= 18937:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13444:TCP"= 13444:TCP:NortonAV
"18547:TCP"= 18547:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"17462:TCP"= 17462:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"13884:TCP"= 13884:TCP:NortonAV
"16021:TCP"= 16021:TCP:NortonAV
"17713:TCP"= 17713:TCP:NortonAV
"16544:TCP"= 16544:TCP:NortonAV
"18654:TCP"= 18654:TCP:NortonAV
"14495:TCP"= 14495:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"13147:TCP"= 13147:TCP:NortonAV
"18341:TCP"= 18341:TCP:NortonAV
"13756:TCP"= 13756:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"12172:TCP"= 12172:TCP:NortonAV
"16008:TCP"= 16008:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"13457:TCP"= 13457:TCP:NortonAV
"14327:TCP"= 14327:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16518:TCP"= 16518:TCP:NortonAV
"17677:TCP"= 17677:TCP:NortonAV
"14105:TCP"= 14105:TCP:NortonAV
"14032:TCP"= 14032:TCP:NortonAV
"12249:TCP"= 12249:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"16168:TCP"= 16168:TCP:NortonAV
"17917:TCP"= 17917:TCP:NortonAV
"17162:TCP"= 17162:TCP:NortonAV
"12437:TCP"= 12437:TCP:NortonAV
"13161:TCP"= 13161:TCP:NortonAV
"13727:TCP"= 13727:TCP:NortonAV
"13880:TCP"= 13880:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"12707:TCP"= 12707:TCP:NortonAV
"13760:TCP"= 13760:TCP:NortonAV
"16926:TCP"= 16926:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"12884:TCP"= 12884:TCP:NortonAV
"14474:TCP"= 14474:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"13141:TCP"= 13141:TCP:NortonAV
"12959:TCP"= 12959:TCP:NortonAV
"13121:TCP"= 13121:TCP:NortonAV
"14558:TCP"= 14558:TCP:NortonAV
"15116:TCP"= 15116:TCP:NortonAV
"14684:TCP"= 14684:TCP:NortonAV
"13345:TCP"= 13345:TCP:NortonAV
"12294:TCP"= 12294:TCP:NortonAV
"12405:TCP"= 12405:TCP:NortonAV
"14378:TCP"= 14378:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"12282:TCP"= 12282:TCP:NortonAV
"13495:TCP"= 13495:TCP:NortonAV
"16928:TCP"= 16928:TCP:NortonAV
"15959:TCP"= 15959:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"17820:TCP"= 17820:TCP:NortonAV
"12568:TCP"= 12568:TCP:NortonAV
"17355:TCP"= 17355:TCP:NortonAV
"17720:TCP"= 17720:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"16630:TCP"= 16630:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"14074:TCP"= 14074:TCP:NortonAV
"14683:TCP"= 14683:TCP:NortonAV
"17857:TCP"= 17857:TCP:NortonAV
"16635:TCP"= 16635:TCP:NortonAV
"12652:TCP"= 12652:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"12939:TCP"= 12939:TCP:NortonAV
"15649:TCP"= 15649:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"13160:TCP"= 13160:TCP:NortonAV
"14862:TCP"= 14862:TCP:NortonAV
"12463:TCP"= 12463:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"15000:TCP"= 15000:TCP:NortonAV
"18750:TCP"= 18750:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"16392:TCP"= 16392:TCP:NortonAV
"12257:TCP"= 12257:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"17430:TCP"= 17430:TCP:NortonAV
"17008:TCP"= 17008:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"16763:TCP"= 16763:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"13144:TCP"= 13144:TCP:NortonAV
"18542:TCP"= 18542:TCP:NortonAV
"14927:TCP"= 14927:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - G:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
HKCU-Run-MsServer - msfun80.exe
HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:29:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
C:\WINDOWS\system32\Ati2evxx.dll
.
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eyqwocos.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zqbjvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13102:TCP"= 13102:TCP:NortonAV
"18253:TCP"= 18253:TCP:NortonAV
"17822:TCP"= 17822:TCP:NortonAV
"14827:TCP"= 14827:TCP:NortonAV
"17423:TCP"= 17423:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"12900:TCP"= 12900:TCP:NortonAV
"18949:TCP"= 18949:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"12167:TCP"= 12167:TCP:NortonAV
"18052:TCP"= 18052:TCP:NortonAV
"18011:TCP"= 18011:TCP:NortonAV
"17873:TCP"= 17873:TCP:NortonAV
"14381:TCP"= 14381:TCP:NortonAV
"16085:TCP"= 16085:TCP:NortonAV
"17493:TCP"= 17493:TCP:NortonAV
"16229:TCP"= 16229:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"12419:TCP"= 12419:TCP:NortonAV
"16679:TCP"= 16679:TCP:NortonAV
"15948:TCP"= 15948:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"17805:TCP"= 17805:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"13975:TCP"= 13975:TCP:NortonAV
"14303:TCP"= 14303:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"15727:TCP"= 15727:TCP:NortonAV
"12931:TCP"= 12931:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"16992:TCP"= 16992:TCP:NortonAV
"15569:TCP"= 15569:TCP:NortonAV
"16191:TCP"= 16191:TCP:NortonAV
"15534:TCP"= 15534:TCP:NortonAV
"15107:TCP"= 15107:TCP:NortonAV
"13061:TCP"= 13061:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"16061:TCP"= 16061:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13067:TCP"= 13067:TCP:NortonAV
"12354:TCP"= 12354:TCP:NortonAV
"15991:TCP"= 15991:TCP:NortonAV
"13051:TCP"= 13051:TCP:NortonAV
"14091:TCP"= 14091:TCP:NortonAV
"17027:TCP"= 17027:TCP:NortonAV
"14652:TCP"= 14652:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"18426:TCP"= 18426:TCP:NortonAV
"18414:TCP"= 18414:TCP:NortonAV
"13104:TCP"= 13104:TCP:NortonAV
"12643:TCP"= 12643:TCP:NortonAV
"18711:TCP"= 18711:TCP:NortonAV
"17621:TCP"= 17621:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"13823:TCP"= 13823:TCP:NortonAV
"12305:TCP"= 12305:TCP:NortonAV
"12350:TCP"= 12350:TCP:NortonAV
"18390:TCP"= 18390:TCP:NortonAV
"14330:TCP"= 14330:TCP:NortonAV
"13741:TCP"= 13741:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"13724:TCP"= 13724:TCP:NortonAV
"12358:TCP"= 12358:TCP:NortonAV
"13923:TCP"= 13923:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"16975:TCP"= 16975:TCP:NortonAV
"14012:TCP"= 14012:TCP:NortonAV
"17815:TCP"= 17815:TCP:NortonAV
"16859:TCP"= 16859:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"17446:TCP"= 17446:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14383:TCP"= 14383:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18831:TCP"= 18831:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"17002:TCP"= 17002:TCP:NortonAV
"17131:TCP"= 17131:TCP:NortonAV
"13643:TCP"= 13643:TCP:NortonAV
"14421:TCP"= 14421:TCP:NortonAV
"12605:TCP"= 12605:TCP:NortonAV
"15729:TCP"= 15729:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"14823:TCP"= 14823:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"17881:TCP"= 17881:TCP:NortonAV
"14736:TCP"= 14736:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"12769:TCP"= 12769:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"15409:TCP"= 15409:TCP:NortonAV
"17525:TCP"= 17525:TCP:NortonAV
"15112:TCP"= 15112:TCP:NortonAV
"14232:TCP"= 14232:TCP:NortonAV
"17511:TCP"= 17511:TCP:NortonAV
"14401:TCP"= 14401:TCP:NortonAV
"18019:TCP"= 18019:TCP:NortonAV
"16546:TCP"= 16546:TCP:NortonAV
"13648:TCP"= 13648:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"18078:TCP"= 18078:TCP:NortonAV
"13915:TCP"= 13915:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"15547:TCP"= 15547:TCP:NortonAV
"15331:TCP"= 15331:TCP:NortonAV
"13939:TCP"= 13939:TCP:NortonAV
"15236:TCP"= 15236:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"18937:TCP"= 18937:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13444:TCP"= 13444:TCP:NortonAV
"18547:TCP"= 18547:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"17462:TCP"= 17462:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"13884:TCP"= 13884:TCP:NortonAV
"16021:TCP"= 16021:TCP:NortonAV
"17713:TCP"= 17713:TCP:NortonAV
"16544:TCP"= 16544:TCP:NortonAV
"18654:TCP"= 18654:TCP:NortonAV
"14495:TCP"= 14495:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"13147:TCP"= 13147:TCP:NortonAV
"18341:TCP"= 18341:TCP:NortonAV
"13756:TCP"= 13756:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"12172:TCP"= 12172:TCP:NortonAV
"16008:TCP"= 16008:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"13457:TCP"= 13457:TCP:NortonAV
"14327:TCP"= 14327:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16518:TCP"= 16518:TCP:NortonAV
"17677:TCP"= 17677:TCP:NortonAV
"14105:TCP"= 14105:TCP:NortonAV
"14032:TCP"= 14032:TCP:NortonAV
"12249:TCP"= 12249:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"16168:TCP"= 16168:TCP:NortonAV
"17917:TCP"= 17917:TCP:NortonAV
"17162:TCP"= 17162:TCP:NortonAV
"12437:TCP"= 12437:TCP:NortonAV
"13161:TCP"= 13161:TCP:NortonAV
"13727:TCP"= 13727:TCP:NortonAV
"13880:TCP"= 13880:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"12707:TCP"= 12707:TCP:NortonAV
"13760:TCP"= 13760:TCP:NortonAV
"16926:TCP"= 16926:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"12884:TCP"= 12884:TCP:NortonAV
"14474:TCP"= 14474:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"13141:TCP"= 13141:TCP:NortonAV
"12959:TCP"= 12959:TCP:NortonAV
"13121:TCP"= 13121:TCP:NortonAV
"14558:TCP"= 14558:TCP:NortonAV
"15116:TCP"= 15116:TCP:NortonAV
"14684:TCP"= 14684:TCP:NortonAV
"13345:TCP"= 13345:TCP:NortonAV
"12294:TCP"= 12294:TCP:NortonAV
"12405:TCP"= 12405:TCP:NortonAV
"14378:TCP"= 14378:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"12282:TCP"= 12282:TCP:NortonAV
"13495:TCP"= 13495:TCP:NortonAV
"16928:TCP"= 16928:TCP:NortonAV
"15959:TCP"= 15959:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"17820:TCP"= 17820:TCP:NortonAV
"12568:TCP"= 12568:TCP:NortonAV
"17355:TCP"= 17355:TCP:NortonAV
"17720:TCP"= 17720:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"16630:TCP"= 16630:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"14074:TCP"= 14074:TCP:NortonAV
"14683:TCP"= 14683:TCP:NortonAV
"17857:TCP"= 17857:TCP:NortonAV
"16635:TCP"= 16635:TCP:NortonAV
"12652:TCP"= 12652:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"12939:TCP"= 12939:TCP:NortonAV
"15649:TCP"= 15649:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"13160:TCP"= 13160:TCP:NortonAV
"14862:TCP"= 14862:TCP:NortonAV
"12463:TCP"= 12463:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"15000:TCP"= 15000:TCP:NortonAV
"18750:TCP"= 18750:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"16392:TCP"= 16392:TCP:NortonAV
"12257:TCP"= 12257:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"17430:TCP"= 17430:TCP:NortonAV
"17008:TCP"= 17008:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"16763:TCP"= 16763:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"13144:TCP"= 13144:TCP:NortonAV
"18542:TCP"= 18542:TCP:NortonAV
"14927:TCP"= 14927:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - G:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
HKCU-Run-MsServer - msfun80.exe
HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:29:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
C:\WINDOWS\system32\Ati2evxx.dll
.
ComboFix 08-12-28.04 - user 2008-12-30 0:24:59.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eyqwocos.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zqbjvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13102:TCP"= 13102:TCP:NortonAV
"18253:TCP"= 18253:TCP:NortonAV
"17822:TCP"= 17822:TCP:NortonAV
"14827:TCP"= 14827:TCP:NortonAV
"17423:TCP"= 17423:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"12900:TCP"= 12900:TCP:NortonAV
"18949:TCP"= 18949:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"12167:TCP"= 12167:TCP:NortonAV
"18052:TCP"= 18052:TCP:NortonAV
"18011:TCP"= 18011:TCP:NortonAV
"17873:TCP"= 17873:TCP:NortonAV
"14381:TCP"= 14381:TCP:NortonAV
"16085:TCP"= 16085:TCP:NortonAV
"17493:TCP"= 17493:TCP:NortonAV
"16229:TCP"= 16229:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"12419:TCP"= 12419:TCP:NortonAV
"16679:TCP"= 16679:TCP:NortonAV
"15948:TCP"= 15948:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"17805:TCP"= 17805:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"13975:TCP"= 13975:TCP:NortonAV
"14303:TCP"= 14303:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"15727:TCP"= 15727:TCP:NortonAV
"12931:TCP"= 12931:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"16992:TCP"= 16992:TCP:NortonAV
"15569:TCP"= 15569:TCP:NortonAV
"16191:TCP"= 16191:TCP:NortonAV
"15534:TCP"= 15534:TCP:NortonAV
"15107:TCP"= 15107:TCP:NortonAV
"13061:TCP"= 13061:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"16061:TCP"= 16061:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13067:TCP"= 13067:TCP:NortonAV
"12354:TCP"= 12354:TCP:NortonAV
"15991:TCP"= 15991:TCP:NortonAV
"13051:TCP"= 13051:TCP:NortonAV
"14091:TCP"= 14091:TCP:NortonAV
"17027:TCP"= 17027:TCP:NortonAV
"14652:TCP"= 14652:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"18426:TCP"= 18426:TCP:NortonAV
"18414:TCP"= 18414:TCP:NortonAV
"13104:TCP"= 13104:TCP:NortonAV
"12643:TCP"= 12643:TCP:NortonAV
"18711:TCP"= 18711:TCP:NortonAV
"17621:TCP"= 17621:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"13823:TCP"= 13823:TCP:NortonAV
"12305:TCP"= 12305:TCP:NortonAV
"12350:TCP"= 12350:TCP:NortonAV
"18390:TCP"= 18390:TCP:NortonAV
"14330:TCP"= 14330:TCP:NortonAV
"13741:TCP"= 13741:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"13724:TCP"= 13724:TCP:NortonAV
"12358:TCP"= 12358:TCP:NortonAV
"13923:TCP"= 13923:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"16975:TCP"= 16975:TCP:NortonAV
"14012:TCP"= 14012:TCP:NortonAV
"17815:TCP"= 17815:TCP:NortonAV
"16859:TCP"= 16859:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"17446:TCP"= 17446:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14383:TCP"= 14383:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18831:TCP"= 18831:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"17002:TCP"= 17002:TCP:NortonAV
"17131:TCP"= 17131:TCP:NortonAV
"13643:TCP"= 13643:TCP:NortonAV
"14421:TCP"= 14421:TCP:NortonAV
"12605:TCP"= 12605:TCP:NortonAV
"15729:TCP"= 15729:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"14823:TCP"= 14823:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"17881:TCP"= 17881:TCP:NortonAV
"14736:TCP"= 14736:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"12769:TCP"= 12769:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"15409:TCP"= 15409:TCP:NortonAV
"17525:TCP"= 17525:TCP:NortonAV
"15112:TCP"= 15112:TCP:NortonAV
"14232:TCP"= 14232:TCP:NortonAV
"17511:TCP"= 17511:TCP:NortonAV
"14401:TCP"= 14401:TCP:NortonAV
"18019:TCP"= 18019:TCP:NortonAV
"16546:TCP"= 16546:TCP:NortonAV
"13648:TCP"= 13648:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"18078:TCP"= 18078:TCP:NortonAV
"13915:TCP"= 13915:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"15547:TCP"= 15547:TCP:NortonAV
"15331:TCP"= 15331:TCP:NortonAV
"13939:TCP"= 13939:TCP:NortonAV
"15236:TCP"= 15236:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"18937:TCP"= 18937:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13444:TCP"= 13444:TCP:NortonAV
"18547:TCP"= 18547:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"17462:TCP"= 17462:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"13884:TCP"= 13884:TCP:NortonAV
"16021:TCP"= 16021:TCP:NortonAV
"17713:TCP"= 17713:TCP:NortonAV
"16544:TCP"= 16544:TCP:NortonAV
"18654:TCP"= 18654:TCP:NortonAV
"14495:TCP"= 14495:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"13147:TCP"= 13147:TCP:NortonAV
"18341:TCP"= 18341:TCP:NortonAV
"13756:TCP"= 13756:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"12172:TCP"= 12172:TCP:NortonAV
"16008:TCP"= 16008:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"13457:TCP"= 13457:TCP:NortonAV
"14327:TCP"= 14327:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16518:TCP"= 16518:TCP:NortonAV
"17677:TCP"= 17677:TCP:NortonAV
"14105:TCP"= 14105:TCP:NortonAV
"14032:TCP"= 14032:TCP:NortonAV
"12249:TCP"= 12249:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"16168:TCP"= 16168:TCP:NortonAV
"17917:TCP"= 17917:TCP:NortonAV
"17162:TCP"= 17162:TCP:NortonAV
"12437:TCP"= 12437:TCP:NortonAV
"13161:TCP"= 13161:TCP:NortonAV
"13727:TCP"= 13727:TCP:NortonAV
"13880:TCP"= 13880:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"12707:TCP"= 12707:TCP:NortonAV
"13760:TCP"= 13760:TCP:NortonAV
"16926:TCP"= 16926:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"12884:TCP"= 12884:TCP:NortonAV
"14474:TCP"= 14474:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"13141:TCP"= 13141:TCP:NortonAV
"12959:TCP"= 12959:TCP:NortonAV
"13121:TCP"= 13121:TCP:NortonAV
"14558:TCP"= 14558:TCP:NortonAV
"15116:TCP"= 15116:TCP:NortonAV
"14684:TCP"= 14684:TCP:NortonAV
"13345:TCP"= 13345:TCP:NortonAV
"12294:TCP"= 12294:TCP:NortonAV
"12405:TCP"= 12405:TCP:NortonAV
"14378:TCP"= 14378:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"12282:TCP"= 12282:TCP:NortonAV
"13495:TCP"= 13495:TCP:NortonAV
"16928:TCP"= 16928:TCP:NortonAV
"15959:TCP"= 15959:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"17820:TCP"= 17820:TCP:NortonAV
"12568:TCP"= 12568:TCP:NortonAV
"17355:TCP"= 17355:TCP:NortonAV
"17720:TCP"= 17720:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"16630:TCP"= 16630:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"14074:TCP"= 14074:TCP:NortonAV
"14683:TCP"= 14683:TCP:NortonAV
"17857:TCP"= 17857:TCP:NortonAV
"16635:TCP"= 16635:TCP:NortonAV
"12652:TCP"= 12652:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"12939:TCP"= 12939:TCP:NortonAV
"15649:TCP"= 15649:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"13160:TCP"= 13160:TCP:NortonAV
"14862:TCP"= 14862:TCP:NortonAV
"12463:TCP"= 12463:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"15000:TCP"= 15000:TCP:NortonAV
"18750:TCP"= 18750:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"16392:TCP"= 16392:TCP:NortonAV
"12257:TCP"= 12257:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"17430:TCP"= 17430:TCP:NortonAV
"17008:TCP"= 17008:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"16763:TCP"= 16763:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"13144:TCP"= 13144:TCP:NortonAV
"18542:TCP"= 18542:TCP:NortonAV
"14927:TCP"= 14927:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - G:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
HKCU-Run-MsServer - msfun80.exe
HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:29:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
C:\WINDOWS\system32\Ati2evxx.dll
.
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\ravmonlog
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eyqwocos.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ufdata2000.log
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
"QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]
C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zqbjvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Azureus\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13102:TCP"= 13102:TCP:NortonAV
"18253:TCP"= 18253:TCP:NortonAV
"17822:TCP"= 17822:TCP:NortonAV
"14827:TCP"= 14827:TCP:NortonAV
"17423:TCP"= 17423:TCP:NortonAV
"18744:TCP"= 18744:TCP:NortonAV
"12900:TCP"= 12900:TCP:NortonAV
"18949:TCP"= 18949:TCP:NortonAV
"13401:TCP"= 13401:TCP:NortonAV
"12167:TCP"= 12167:TCP:NortonAV
"18052:TCP"= 18052:TCP:NortonAV
"18011:TCP"= 18011:TCP:NortonAV
"17873:TCP"= 17873:TCP:NortonAV
"14381:TCP"= 14381:TCP:NortonAV
"16085:TCP"= 16085:TCP:NortonAV
"17493:TCP"= 17493:TCP:NortonAV
"16229:TCP"= 16229:TCP:NortonAV
"18008:TCP"= 18008:TCP:NortonAV
"12419:TCP"= 12419:TCP:NortonAV
"16679:TCP"= 16679:TCP:NortonAV
"15948:TCP"= 15948:TCP:NortonAV
"18004:TCP"= 18004:TCP:NortonAV
"17805:TCP"= 17805:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"13975:TCP"= 13975:TCP:NortonAV
"14303:TCP"= 14303:TCP:NortonAV
"16922:TCP"= 16922:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"15727:TCP"= 15727:TCP:NortonAV
"12931:TCP"= 12931:TCP:NortonAV
"15525:TCP"= 15525:TCP:NortonAV
"16992:TCP"= 16992:TCP:NortonAV
"15569:TCP"= 15569:TCP:NortonAV
"16191:TCP"= 16191:TCP:NortonAV
"15534:TCP"= 15534:TCP:NortonAV
"15107:TCP"= 15107:TCP:NortonAV
"13061:TCP"= 13061:TCP:NortonAV
"13203:TCP"= 13203:TCP:NortonAV
"16061:TCP"= 16061:TCP:NortonAV
"14502:TCP"= 14502:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13067:TCP"= 13067:TCP:NortonAV
"12354:TCP"= 12354:TCP:NortonAV
"15991:TCP"= 15991:TCP:NortonAV
"13051:TCP"= 13051:TCP:NortonAV
"14091:TCP"= 14091:TCP:NortonAV
"17027:TCP"= 17027:TCP:NortonAV
"14652:TCP"= 14652:TCP:NortonAV
"12008:TCP"= 12008:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"18426:TCP"= 18426:TCP:NortonAV
"18414:TCP"= 18414:TCP:NortonAV
"13104:TCP"= 13104:TCP:NortonAV
"12643:TCP"= 12643:TCP:NortonAV
"18711:TCP"= 18711:TCP:NortonAV
"17621:TCP"= 17621:TCP:NortonAV
"18315:TCP"= 18315:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"13823:TCP"= 13823:TCP:NortonAV
"12305:TCP"= 12305:TCP:NortonAV
"12350:TCP"= 12350:TCP:NortonAV
"18390:TCP"= 18390:TCP:NortonAV
"14330:TCP"= 14330:TCP:NortonAV
"13741:TCP"= 13741:TCP:NortonAV
"18074:TCP"= 18074:TCP:NortonAV
"13724:TCP"= 13724:TCP:NortonAV
"12358:TCP"= 12358:TCP:NortonAV
"13923:TCP"= 13923:TCP:NortonAV
"14124:TCP"= 14124:TCP:NortonAV
"16975:TCP"= 16975:TCP:NortonAV
"14012:TCP"= 14012:TCP:NortonAV
"17815:TCP"= 17815:TCP:NortonAV
"16859:TCP"= 16859:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"17446:TCP"= 17446:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14383:TCP"= 14383:TCP:NortonAV
"13761:TCP"= 13761:TCP:NortonAV
"18831:TCP"= 18831:TCP:NortonAV
"15639:TCP"= 15639:TCP:NortonAV
"17002:TCP"= 17002:TCP:NortonAV
"17131:TCP"= 17131:TCP:NortonAV
"13643:TCP"= 13643:TCP:NortonAV
"14421:TCP"= 14421:TCP:NortonAV
"12605:TCP"= 12605:TCP:NortonAV
"15729:TCP"= 15729:TCP:NortonAV
"15308:TCP"= 15308:TCP:NortonAV
"14823:TCP"= 14823:TCP:NortonAV
"18487:TCP"= 18487:TCP:NortonAV
"17881:TCP"= 17881:TCP:NortonAV
"14736:TCP"= 14736:TCP:NortonAV
"13361:TCP"= 13361:TCP:NortonAV
"12769:TCP"= 12769:TCP:NortonAV
"15992:TCP"= 15992:TCP:NortonAV
"15409:TCP"= 15409:TCP:NortonAV
"17525:TCP"= 17525:TCP:NortonAV
"15112:TCP"= 15112:TCP:NortonAV
"14232:TCP"= 14232:TCP:NortonAV
"17511:TCP"= 17511:TCP:NortonAV
"14401:TCP"= 14401:TCP:NortonAV
"18019:TCP"= 18019:TCP:NortonAV
"16546:TCP"= 16546:TCP:NortonAV
"13648:TCP"= 13648:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"18078:TCP"= 18078:TCP:NortonAV
"13915:TCP"= 13915:TCP:NortonAV
"18904:TCP"= 18904:TCP:NortonAV
"15547:TCP"= 15547:TCP:NortonAV
"15331:TCP"= 15331:TCP:NortonAV
"13939:TCP"= 13939:TCP:NortonAV
"15236:TCP"= 15236:TCP:NortonAV
"14586:TCP"= 14586:TCP:NortonAV
"12538:TCP"= 12538:TCP:NortonAV
"17432:TCP"= 17432:TCP:NortonAV
"18937:TCP"= 18937:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13444:TCP"= 13444:TCP:NortonAV
"18547:TCP"= 18547:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"17867:TCP"= 17867:TCP:NortonAV
"17462:TCP"= 17462:TCP:NortonAV
"12067:TCP"= 12067:TCP:NortonAV
"13884:TCP"= 13884:TCP:NortonAV
"16021:TCP"= 16021:TCP:NortonAV
"17713:TCP"= 17713:TCP:NortonAV
"16544:TCP"= 16544:TCP:NortonAV
"18654:TCP"= 18654:TCP:NortonAV
"14495:TCP"= 14495:TCP:NortonAV
"18789:TCP"= 18789:TCP:NortonAV
"17795:TCP"= 17795:TCP:NortonAV
"13147:TCP"= 13147:TCP:NortonAV
"18341:TCP"= 18341:TCP:NortonAV
"13756:TCP"= 13756:TCP:NortonAV
"18893:TCP"= 18893:TCP:NortonAV
"16095:TCP"= 16095:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"12172:TCP"= 12172:TCP:NortonAV
"16008:TCP"= 16008:TCP:NortonAV
"16507:TCP"= 16507:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"13457:TCP"= 13457:TCP:NortonAV
"14327:TCP"= 14327:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16518:TCP"= 16518:TCP:NortonAV
"17677:TCP"= 17677:TCP:NortonAV
"14105:TCP"= 14105:TCP:NortonAV
"14032:TCP"= 14032:TCP:NortonAV
"12249:TCP"= 12249:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"16168:TCP"= 16168:TCP:NortonAV
"17917:TCP"= 17917:TCP:NortonAV
"17162:TCP"= 17162:TCP:NortonAV
"12437:TCP"= 12437:TCP:NortonAV
"13161:TCP"= 13161:TCP:NortonAV
"13727:TCP"= 13727:TCP:NortonAV
"13880:TCP"= 13880:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"12707:TCP"= 12707:TCP:NortonAV
"13760:TCP"= 13760:TCP:NortonAV
"16926:TCP"= 16926:TCP:NortonAV
"12936:TCP"= 12936:TCP:NortonAV
"12884:TCP"= 12884:TCP:NortonAV
"14474:TCP"= 14474:TCP:NortonAV
"13847:TCP"= 13847:TCP:NortonAV
"13141:TCP"= 13141:TCP:NortonAV
"12959:TCP"= 12959:TCP:NortonAV
"13121:TCP"= 13121:TCP:NortonAV
"14558:TCP"= 14558:TCP:NortonAV
"15116:TCP"= 15116:TCP:NortonAV
"14684:TCP"= 14684:TCP:NortonAV
"13345:TCP"= 13345:TCP:NortonAV
"12294:TCP"= 12294:TCP:NortonAV
"12405:TCP"= 12405:TCP:NortonAV
"14378:TCP"= 14378:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"12282:TCP"= 12282:TCP:NortonAV
"13495:TCP"= 13495:TCP:NortonAV
"16928:TCP"= 16928:TCP:NortonAV
"15959:TCP"= 15959:TCP:NortonAV
"13319:TCP"= 13319:TCP:NortonAV
"17820:TCP"= 17820:TCP:NortonAV
"12568:TCP"= 12568:TCP:NortonAV
"17355:TCP"= 17355:TCP:NortonAV
"17720:TCP"= 17720:TCP:NortonAV
"14977:TCP"= 14977:TCP:NortonAV
"16630:TCP"= 16630:TCP:NortonAV
"13237:TCP"= 13237:TCP:NortonAV
"14074:TCP"= 14074:TCP:NortonAV
"14683:TCP"= 14683:TCP:NortonAV
"17857:TCP"= 17857:TCP:NortonAV
"16635:TCP"= 16635:TCP:NortonAV
"12652:TCP"= 12652:TCP:NortonAV
"15707:TCP"= 15707:TCP:NortonAV
"12939:TCP"= 12939:TCP:NortonAV
"15649:TCP"= 15649:TCP:NortonAV
"14962:TCP"= 14962:TCP:NortonAV
"13160:TCP"= 13160:TCP:NortonAV
"14862:TCP"= 14862:TCP:NortonAV
"12463:TCP"= 12463:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"15000:TCP"= 15000:TCP:NortonAV
"18750:TCP"= 18750:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"16392:TCP"= 16392:TCP:NortonAV
"12257:TCP"= 12257:TCP:NortonAV
"17469:TCP"= 17469:TCP:NortonAV
"17430:TCP"= 17430:TCP:NortonAV
"17008:TCP"= 17008:TCP:NortonAV
"15360:TCP"= 15360:TCP:NortonAV
"16763:TCP"= 16763:TCP:NortonAV
"17304:TCP"= 17304:TCP:NortonAV
"13144:TCP"= 13144:TCP:NortonAV
"18542:TCP"= 18542:TCP:NortonAV
"14927:TCP"= 14927:TCP:NortonAV
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - G:\AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
\shell\Auto\command - F:\fun.xls.exe
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
HKCU-Run-MsServer - msfun80.exe
HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 00:29:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
C:\WINDOWS\system32\Ati2evxx.dll
.
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
comme tu me l as demandé je t envoie lLogfile of random's system information tool 1.05 (written by random/random)
Run by user at 2008-12-30 12:59:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (9%) free of 35 GB
Total RAM: 1014 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59, on 2008-12-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\JL90IEQD\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Run by user at 2008-12-30 12:59:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (9%) free of 35 GB
Total RAM: 1014 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59, on 2008-12-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\JL90IEQD\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
info.txt logfile of random's system information tool 1.05 2008-12-30 12:59:16
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x40c
Acer eSettings Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Agere Systems HDA Modem-->agrsmdel
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze-->D:\Azureus\uninstall.exe
Canon Camera Support Core Library-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1036
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x40c /remove
Creative MuVo N200 Media Explorer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c /remove
Encyclopédie Microsoft Encarta 99-->RunDll32 C:\PROGRA~1\MIE1DB~1\ENCYCL~1\UNENC99.DLL,Uninstall C:\PROGRA~1\MIE1DB~1\ENCYCL~1\SETUP99F\INST99F.LOG
eoEngine 7.1-->"C:\Program Files\EoRezo\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel Acer OrbiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\Setup.EXE" -l0x40c
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MuVo Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c /remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Need For Speed III-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PrintMaster Gold 4.00-->c:\pmw\msrun.exe
Programme de gestion Acer OrbiCam-->"C:\Program Files\Fichiers communs\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c
QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
SA31xx Device Manager & Media Converter-->C:\Program Files\InstallShield Installation Information\{E572B060-C98B-4984-A48E-E4FA56265903}\setup.exe -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperCopier2-->"D:\SuperCopier2\SC2Uninst.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Calculatem 4 with "AutoRead"-->"C:\Program Files\TexasCalculatem\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1036
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081229-0]
System event log
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.
Record Number: 20258
Source Name: Service Control Manager
Time Written: 20081119185849.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play.
Record Number: 20257
Source Name: Service Control Manager
Time Written: 20081119185848.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 20256
Source Name: Service Control Manager
Time Written: 20081119185839.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 20255
Source Name: Service Control Manager
Time Written: 20081119185832.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 20254
Source Name: Service Control Manager
Time Written: 20081119185832.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Application event log
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16167
Source Name: AcerMemUsageCheckService
Time Written: 20080922173535.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16166
Source Name: AcerMemUsageCheckService
Time Written: 20080922173533.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16165
Source Name: AcerMemUsageCheckService
Time Written: 20080922163522.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16164
Source Name: AcerMemUsageCheckService
Time Written: 20080922163522.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 35
Message:
Record Number: 16163
Source Name: NSCService
Time Written: 20080922142532.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x40c
Acer eSettings Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Agere Systems HDA Modem-->agrsmdel
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze-->D:\Azureus\uninstall.exe
Canon Camera Support Core Library-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1036
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x40c /remove
Creative MuVo N200 Media Explorer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c /remove
Encyclopédie Microsoft Encarta 99-->RunDll32 C:\PROGRA~1\MIE1DB~1\ENCYCL~1\UNENC99.DLL,Uninstall C:\PROGRA~1\MIE1DB~1\ENCYCL~1\SETUP99F\INST99F.LOG
eoEngine 7.1-->"C:\Program Files\EoRezo\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel Acer OrbiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\Setup.EXE" -l0x40c
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MuVo Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c /remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Need For Speed III-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PrintMaster Gold 4.00-->c:\pmw\msrun.exe
Programme de gestion Acer OrbiCam-->"C:\Program Files\Fichiers communs\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c
QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
SA31xx Device Manager & Media Converter-->C:\Program Files\InstallShield Installation Information\{E572B060-C98B-4984-A48E-E4FA56265903}\setup.exe -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperCopier2-->"D:\SuperCopier2\SC2Uninst.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Calculatem 4 with "AutoRead"-->"C:\Program Files\TexasCalculatem\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1036
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081229-0]
System event log
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.
Record Number: 20258
Source Name: Service Control Manager
Time Written: 20081119185849.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play.
Record Number: 20257
Source Name: Service Control Manager
Time Written: 20081119185848.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 20256
Source Name: Service Control Manager
Time Written: 20081119185839.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 20255
Source Name: Service Control Manager
Time Written: 20081119185832.000000+060
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 20254
Source Name: Service Control Manager
Time Written: 20081119185832.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Application event log
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16167
Source Name: AcerMemUsageCheckService
Time Written: 20080922173535.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16166
Source Name: AcerMemUsageCheckService
Time Written: 20080922173533.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16165
Source Name: AcerMemUsageCheckService
Time Written: 20080922163522.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 0
Message: Le service a géré avec succès PowerEvent.
Record Number: 16164
Source Name: AcerMemUsageCheckService
Time Written: 20080922163522.000000+120
Event Type: Informations
User:
Computer Name: ACER-D9F74F6A24
Event Code: 35
Message:
Record Number: 16163
Source Name: NSCService
Time Written: 20080922142532.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau.
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Choisis l'option 1 (Nettoyage).
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Choisis l'option 1 (Nettoyage).
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
désolé j ai été long mais voila le rapport et encore merci de ton aide.
-------------- UsbFix V2.413.8 ---------------
* User : user - ACER-D9F74F6A24
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:56:47 le 2008-12-30
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur amovible
G: - Lecteur amovible
H: - Lecteur amovible
I: - Lecteur amovible
+- Contenu de l'autorun : H:\autorun.inf
[AutoRun]
open=fun.xls.exe
shellexecute=fun.xls.exe
shell\Auto\command=fun.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk1
+- Contenu de l'autorun : I:\autorun.inf
[AutoRun]
open=fun.xls.exe
shellexecute=fun.xls.exe
shell\Auto\command=fun.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk1
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
[2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
[2008-12-30 00:24][-rahs----] C:\boot.ini
[2008-12-30 15:56][--a------] C:\UsbFix.txt
[2006-04-15 15:47][--a------] C:\CONFIG.SYS
[2006-04-15 15:47][--a------] C:\IO.SYS
[2006-04-15 15:47][--a------] C:\MSDOS.SYS
[2006-04-15 15:47][--a------] C:\pagefile.sys
[2006-04-15 15:47][--a------] C:\hiberfil.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
[2008-09-28 18:52][---------] F:\AdobeR.exe
--------------- [ Lecteur G ] ----------------
G: - Lecteur amovible
+- Listing des fichiers présents :
--------------- [ Lecteur H ] ----------------
H: - Lecteur amovible
+- Listing des fichiers présents :
[2008-10-06 16:24][---hs----] H:\AdobeR.exe
[2008-10-06 16:24][---hs----] H:\AUTORUN.INF
--------------- [ Lecteur I ] ----------------
I: - Lecteur amovible
+- Listing des fichiers présents :
[2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
[2008-10-02 12:56][---hs----] I:\AdobeR.exe
[2008-10-02 12:56][---hs----] I:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LaunchApp=Alaunch
AGRSMMSG=AGRSMMSG.exe
RTHDCPL=RTHDCPL.EXE
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService="C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Acer ePresentation HPD=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot=C:\Acer\Empowering Technology\ePower\Boot.exe
LManager=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector]=C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt=C:\WINDOWS\system32\ImageItEncrypt.exe
QuickTime Task="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c658d678-9f78-11dc-bded-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [2007-06-08 16:17][--ahs----] D:\THUMBS.DB
Supprimé ! - [2003-06-20 04:05][-rahs----] F:\.\Recycled\Driveinfo.exe
Supprimé ! - [2008-09-28 18:52][---------] F:\adobeR.exe
Supprimé ! - [2007-08-23 14:23][---hs----] F:\msvcr71.dll
Supprimé ! - [2006-09-09 09:54][-r-hs----] F:\Recycled\ctfmon.exe
Supprimé ! - [2007-08-17 14:44][---hs----] G:\msvcr71.dll
Supprimé ! - [2008-10-06 16:24][---hs----] H:\autorun.inf
Supprimé ! - [2008-10-06 16:24][---hs----] H:\adobeR.exe
Supprimé ! - [2007-11-09 12:01][---hs----] H:\msvcr71.dll
Supprimé ! - [2008-10-02 12:56][---hs----] I:\autorun.inf
Supprimé ! - [2008-10-02 12:56][---hs----] I:\adobeR.exe
Supprimé ! - [2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
Supprimé ! - [2007-12-20 17:15][---hs----] I:\msvcr71.dll
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
[2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
[2008-12-30 00:24][-rahs----] C:\boot.ini
--------------- ! Fin du rapport ! ----------------
-------------- UsbFix V2.413.8 ---------------
* User : user - ACER-D9F74F6A24
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:56:47 le 2008-12-30
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur amovible
G: - Lecteur amovible
H: - Lecteur amovible
I: - Lecteur amovible
+- Contenu de l'autorun : H:\autorun.inf
[AutoRun]
open=fun.xls.exe
shellexecute=fun.xls.exe
shell\Auto\command=fun.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk1
+- Contenu de l'autorun : I:\autorun.inf
[AutoRun]
open=fun.xls.exe
shellexecute=fun.xls.exe
shell\Auto\command=fun.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk1
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
[2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
[2008-12-30 00:24][-rahs----] C:\boot.ini
[2008-12-30 15:56][--a------] C:\UsbFix.txt
[2006-04-15 15:47][--a------] C:\CONFIG.SYS
[2006-04-15 15:47][--a------] C:\IO.SYS
[2006-04-15 15:47][--a------] C:\MSDOS.SYS
[2006-04-15 15:47][--a------] C:\pagefile.sys
[2006-04-15 15:47][--a------] C:\hiberfil.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
[2008-09-28 18:52][---------] F:\AdobeR.exe
--------------- [ Lecteur G ] ----------------
G: - Lecteur amovible
+- Listing des fichiers présents :
--------------- [ Lecteur H ] ----------------
H: - Lecteur amovible
+- Listing des fichiers présents :
[2008-10-06 16:24][---hs----] H:\AdobeR.exe
[2008-10-06 16:24][---hs----] H:\AUTORUN.INF
--------------- [ Lecteur I ] ----------------
I: - Lecteur amovible
+- Listing des fichiers présents :
[2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
[2008-10-02 12:56][---hs----] I:\AdobeR.exe
[2008-10-02 12:56][---hs----] I:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LaunchApp=Alaunch
AGRSMMSG=AGRSMMSG.exe
RTHDCPL=RTHDCPL.EXE
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService="C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Acer ePresentation HPD=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot=C:\Acer\Empowering Technology\ePower\Boot.exe
LManager=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector]=C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt=C:\WINDOWS\system32\ImageItEncrypt.exe
QuickTime Task="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c658d678-9f78-11dc-bded-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [2007-06-08 16:17][--ahs----] D:\THUMBS.DB
Supprimé ! - [2003-06-20 04:05][-rahs----] F:\.\Recycled\Driveinfo.exe
Supprimé ! - [2008-09-28 18:52][---------] F:\adobeR.exe
Supprimé ! - [2007-08-23 14:23][---hs----] F:\msvcr71.dll
Supprimé ! - [2006-09-09 09:54][-r-hs----] F:\Recycled\ctfmon.exe
Supprimé ! - [2007-08-17 14:44][---hs----] G:\msvcr71.dll
Supprimé ! - [2008-10-06 16:24][---hs----] H:\autorun.inf
Supprimé ! - [2008-10-06 16:24][---hs----] H:\adobeR.exe
Supprimé ! - [2007-11-09 12:01][---hs----] H:\msvcr71.dll
Supprimé ! - [2008-10-02 12:56][---hs----] I:\autorun.inf
Supprimé ! - [2008-10-02 12:56][---hs----] I:\adobeR.exe
Supprimé ! - [2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
Supprimé ! - [2007-12-20 17:15][---hs----] I:\msvcr71.dll
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
[2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
[2008-12-30 00:24][-rahs----] C:\boot.ini
--------------- ! Fin du rapport ! ----------------
J'espère que tu n'as pas branché ta clé USB un peu partout vu comment elle était infectée...
---> Désinstalle EoEngine.
● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
● Double-clique sur l'icône Ad-remover située sur ton Bureau.
● Au menu principal, choisis l'option "A".
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
---> Désinstalle EoEngine.
● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
● Double-clique sur l'icône Ad-remover située sur ton Bureau.
● Au menu principal, choisis l'option "A".
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Voila le rapport de ad remover:
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
# START at: 16:18:47 | Mar 30/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ACER-D9F74F6A24 | USER: user ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 66 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[2008-10-11 12:02] C:\Program Files\EoRezo
[2008-10-11 12:02] C:\Program Files\EoRezo\EoAdv
[2008-11-01 15:52] C:\Program Files\EoRezo\EoAdv\eoAdv.url
[2008-10-11 12:06] C:\Program Files\EoRezo\EoAdv\tmp
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.7219
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6211
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1526
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8523
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.4646
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.9129
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3192
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo
[2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\user.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\host.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\cmhost.cyp
[2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\cache
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\db
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\ConfMedia.cyp
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
[2008-10-11 12:03] C:\Documents and Settings\user\Application Data\EoRezo\eoStats
[2008-12-05 13:16] C:\Documents and Settings\user\Application Data\EoRezo\db\cat.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\config.xml
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\userConfig.xml
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\eoDesktop.html
[2008-12-23 13:17] C:\Documents and Settings\user\Application Data\EoRezo\eoStats\eoStats.txt
[2008-12-30 16:03] C:\WINDOWS\Prefetch\EOENGINE.EXE-25D17307.pf
[2008-12-24 00:49] C:\Documents and Settings\user\Cookies\user@eorezo[1].txt
[2008-12-30 14:56] C:\Documents and Settings\user\Cookies\user@ads.eorezo[2].txt
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
.
[2006-04-15 16:20] C:\WINDOWS\Installer\{4AD13F68-CADA-4C6B-9759-C33753F89908}\ARPPRODUCTICON.exe
[2006-04-15 16:10] C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\ARPPRODUCTICON.exe
[2006-04-15 16:11] C:\WINDOWS\Installer\{385979FE-DC4F-4140-8EAD-A59625000D72}\ARPPRODUCTICON.exe
[2007-02-13 11:47] C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\ARPPRODUCTICON.exe
[2007-02-13 11:47] C:\WINDOWS\Installer\{2F81FBFC-9A37-431F-9050-14B55485DF5A}\ARPPRODUCTICON.exe
[2007-02-13 11:48] C:\WINDOWS\Installer\{91F1A0D6-23AD-49FE-8D4E-379485652214}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{C7281207-4AA4-425E-B57A-0E9EF8445635}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{4C96958A-6562-4143-B820-FF4890D3B734}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{45EF4EE3-F591-4B74-A477-0CAE12934CE7}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{28291BD5-92D2-4685-82DC-CCA925C53CCA}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}\ARPPRODUCTICON.exe
[2008-10-28 12:54] C:\WINDOWS\Installer\{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}\ARPPRODUCTICON.exe
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MsServer REG_SZ msfun80.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
LaunchApp REG_SZ Alaunch
AGRSMMSG REG_SZ AGRSMMSG.exe
RTHDCPL REG_SZ RTHDCPL.EXE
AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService REG_SZ "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI REG_SZ C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Acer ePresentation HPD REG_SZ C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
ePower_DMC REG_SZ C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot REG_SZ C:\Acer\Empowering Technology\ePower\Boot.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant REG_SZ C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector] REG_SZ C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E) REG_SZ C:\WINDOWS\system32\ElkCtrl.exe /automation
eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt REG_SZ C:\WINDOWS\system32\ImageItEncrypt.exe
QuickTime Task REG_SZ "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://lo.st#home
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-20.8-.2-30.log" (~10565 bytes)
# END at: 16:19:35 | 2008-12-30 - Time elapsed: 47.5 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 184 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------
# START at: 16:18:47 | Mar 30/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ACER-D9F74F6A24 | USER: user ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
# Internet Explorer v7.0.5730.13
--------- [ RUNNING PROCESSES: 66 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[2008-10-11 12:02] C:\Program Files\EoRezo
[2008-10-11 12:02] C:\Program Files\EoRezo\EoAdv
[2008-11-01 15:52] C:\Program Files\EoRezo\EoAdv\eoAdv.url
[2008-10-11 12:06] C:\Program Files\EoRezo\EoAdv\tmp
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.7219
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6211
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1526
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8523
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.4646
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.9129
[2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3192
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo
[2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\user.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\host.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\cmhost.cyp
[2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\cache
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\db
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\ConfMedia.cyp
[2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
[2008-10-11 12:03] C:\Documents and Settings\user\Application Data\EoRezo\eoStats
[2008-12-05 13:16] C:\Documents and Settings\user\Application Data\EoRezo\db\cat.cyp
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\config.xml
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\userConfig.xml
[2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\eoDesktop.html
[2008-12-23 13:17] C:\Documents and Settings\user\Application Data\EoRezo\eoStats\eoStats.txt
[2008-12-30 16:03] C:\WINDOWS\Prefetch\EOENGINE.EXE-25D17307.pf
[2008-12-24 00:49] C:\Documents and Settings\user\Cookies\user@eorezo[1].txt
[2008-12-30 14:56] C:\Documents and Settings\user\Cookies\user@ads.eorezo[2].txt
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| It's TV Elements found :
.
+-----------------------| Sweetim Elements found :
.
[2006-04-15 16:20] C:\WINDOWS\Installer\{4AD13F68-CADA-4C6B-9759-C33753F89908}\ARPPRODUCTICON.exe
[2006-04-15 16:10] C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\ARPPRODUCTICON.exe
[2006-04-15 16:11] C:\WINDOWS\Installer\{385979FE-DC4F-4140-8EAD-A59625000D72}\ARPPRODUCTICON.exe
[2007-02-13 11:47] C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\ARPPRODUCTICON.exe
[2007-02-13 11:47] C:\WINDOWS\Installer\{2F81FBFC-9A37-431F-9050-14B55485DF5A}\ARPPRODUCTICON.exe
[2007-02-13 11:48] C:\WINDOWS\Installer\{91F1A0D6-23AD-49FE-8D4E-379485652214}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{C7281207-4AA4-425E-B57A-0E9EF8445635}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{4C96958A-6562-4143-B820-FF4890D3B734}\ARPPRODUCTICON.exe
[2007-02-13 11:49] C:\WINDOWS\Installer\{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{45EF4EE3-F591-4B74-A477-0CAE12934CE7}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{28291BD5-92D2-4685-82DC-CCA925C53CCA}\ARPPRODUCTICON.exe
[2007-02-13 11:50] C:\WINDOWS\Installer\{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}\ARPPRODUCTICON.exe
[2008-10-28 12:54] C:\WINDOWS\Installer\{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}\ARPPRODUCTICON.exe
+-----------------------| ADDED SCAN :
+--[HKEY_CURRENT_USER\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MsServer REG_SZ msfun80.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
LaunchApp REG_SZ Alaunch
AGRSMMSG REG_SZ AGRSMMSG.exe
RTHDCPL REG_SZ RTHDCPL.EXE
AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService REG_SZ "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI REG_SZ C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Acer ePresentation HPD REG_SZ C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
ePower_DMC REG_SZ C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot REG_SZ C:\Acer\Empowering Technology\ePower\Boot.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant REG_SZ C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector] REG_SZ C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E) REG_SZ C:\WINDOWS\system32\ElkCtrl.exe /automation
eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
ImageItEncrypt REG_SZ C:\WINDOWS\system32\ImageItEncrypt.exe
QuickTime Task REG_SZ "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://lo.st#home
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-20.8-.2-30.log" (~10565 bytes)
# END at: 16:19:35 | 2008-12-30 - Time elapsed: 47.5 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 184 lines ]
+---------------------------------------------------------------------------+
