VIRUSSSSSSSSSSSSSSSSSSSSS
Utilisateur anonyme
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour tout le monde
Ca fait maintenant quelques jours que l'ecran de mon ordi
s'eteint tout seul, comme si il n'etait pas brancher a l'ordinateur.
Virus ? Ou tout simplement une piece endomagee ? Mettre a jour l'antivirus ?
Je ne peux utiliser l'ordinateur sans que l'ecran s'eteigne seulement
si j'utilise le mode sans echec avec connexion internet.
Lorsque l'ecran s'eteint, l'ordinateur m'envoi aussi tot un message en Anglais et des codes
et se redemarre et recommence la meme chose a chaque fois..
Quelqu'un a t-il une idee ?
Ca fait maintenant quelques jours que l'ecran de mon ordi
s'eteint tout seul, comme si il n'etait pas brancher a l'ordinateur.
Virus ? Ou tout simplement une piece endomagee ? Mettre a jour l'antivirus ?
Je ne peux utiliser l'ordinateur sans que l'ecran s'eteigne seulement
si j'utilise le mode sans echec avec connexion internet.
Lorsque l'ecran s'eteint, l'ordinateur m'envoi aussi tot un message en Anglais et des codes
et se redemarre et recommence la meme chose a chaque fois..
Quelqu'un a t-il une idee ?
148 réponses
Re,
* Pour avancer, telecharges RSIT sur ton bureau :
http://images.malwareremoval.com/random/RSIT.exe
* Cliques droit sur RSIT.exe ( executer en tant qu'administrateur)
pour lancer le programme
* Cliques sur " continue " à l'ecran disclaimer
* Si l'outil hijackthis ( version à jour) n'est pas detecté ou non presents
RSIT le telechargera --> acceptes la license
* A la fin de l'analyse --> 2 fichiers textes s'ouvriront
log.txt et info.txt ( dans la barre des taches)
* Postes leurs contenu
Note : comme tu es sous-vista il faudra laisser le controle des comptes desactivé
jusqu'à la fin de la desinfection !
* Pour avancer, telecharges RSIT sur ton bureau :
http://images.malwareremoval.com/random/RSIT.exe
* Cliques droit sur RSIT.exe ( executer en tant qu'administrateur)
pour lancer le programme
* Cliques sur " continue " à l'ecran disclaimer
* Si l'outil hijackthis ( version à jour) n'est pas detecté ou non presents
RSIT le telechargera --> acceptes la license
* A la fin de l'analyse --> 2 fichiers textes s'ouvriront
log.txt et info.txt ( dans la barre des taches)
* Postes leurs contenu
Note : comme tu es sous-vista il faudra laisser le controle des comptes desactivé
jusqu'à la fin de la desinfection !
Que veut tu dire par cracks ?
Sinon pour RSTI j'ai fais tout ce que vous m'avez dis de faire mais au moment ou j'appuis sur continue
Il se bloque et se ferme mais ne s'execute pas..
Pourquoi se bloque t'il ? Pourtant je l'execute en tant qu'administrateur..
Sinon pour RSTI j'ai fais tout ce que vous m'avez dis de faire mais au moment ou j'appuis sur continue
Il se bloque et se ferme mais ne s'execute pas..
Pourquoi se bloque t'il ? Pourtant je l'execute en tant qu'administrateur..
Re,
Que veux tu dire par cracks ?
--> Je parles d'Avast Pro et Nero 8 crackés ...
* Ensuite telecharges CCleaner ici : ( n'installes pas la barre Yahoo proposée d'office, decoches la)
https://filehippo.com/download_ccleaner/
* Ouvres CCleane et cliques sur Options --> avancé et decoches la case devant:
effacer les fichiers plus vieux que 48 h et laisses le avec ses parametres.
* Cliques sur " Nettoyeur "
--> lances analyse + Nettoyage, plusieurs fois si il le faut
* Refermes Ccleaner
* Veilles bien a ce que l'UAC ( le controle des comptes utilisateurs) soit bien desactvé !
* Telecharges Combofix sur ton bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Desactives ton antivirus et la garde de ton antispyware /!\
/!\ Fermes toutes les applications en cours et deconnectes toi /!\
* Cliques droit sur Combofix.exe ( executer en tant qu'administrateur)
--> Un pop-up apparait --> reponds oui
( Il est conseillé d'installer la console de recuperation )
* Choisis la langue et cliques sur 1 ( yes)
/!\ Ne touche ni à ta souris, ni à ton clavier durant le scan /!\
--> Cela pourrait figer l'ordi
* En fin de scan, il est possible que ComboFix ait besoin de redemarrer pour finr la desinfection
laisses le faire
* Une fois le scan terminé, un rapport s'établira
* Reactives la garde de ton antivirus et postes le rapport
Note : le rapport est aussi à C:\Combofix.txt
*
Que veux tu dire par cracks ?
--> Je parles d'Avast Pro et Nero 8 crackés ...
* Ensuite telecharges CCleaner ici : ( n'installes pas la barre Yahoo proposée d'office, decoches la)
https://filehippo.com/download_ccleaner/
* Ouvres CCleane et cliques sur Options --> avancé et decoches la case devant:
effacer les fichiers plus vieux que 48 h et laisses le avec ses parametres.
* Cliques sur " Nettoyeur "
--> lances analyse + Nettoyage, plusieurs fois si il le faut
* Refermes Ccleaner
* Veilles bien a ce que l'UAC ( le controle des comptes utilisateurs) soit bien desactvé !
* Telecharges Combofix sur ton bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Desactives ton antivirus et la garde de ton antispyware /!\
/!\ Fermes toutes les applications en cours et deconnectes toi /!\
* Cliques droit sur Combofix.exe ( executer en tant qu'administrateur)
--> Un pop-up apparait --> reponds oui
( Il est conseillé d'installer la console de recuperation )
* Choisis la langue et cliques sur 1 ( yes)
/!\ Ne touche ni à ta souris, ni à ton clavier durant le scan /!\
--> Cela pourrait figer l'ordi
* En fin de scan, il est possible que ComboFix ait besoin de redemarrer pour finr la desinfection
laisses le faire
* Une fois le scan terminé, un rapport s'établira
* Reactives la garde de ton antivirus et postes le rapport
Note : le rapport est aussi à C:\Combofix.txt
*
Bonjour,
juste de passage : Malwarebytes n'était pas mis à jour...
http://www.commentcamarche.net/forum/affich 10823810 virusssssssssssssssssssss?page=2#53
Faire une mise à jour et une analyse complète
juste de passage : Malwarebytes n'était pas mis à jour...
http://www.commentcamarche.net/forum/affich 10823810 virusssssssssssssssssssss?page=2#53
Faire une mise à jour et une analyse complète
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 09-02-02.04 - Pascal 2009-02-03 15:07:04.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.994 [GMT 0:00]
Lancé depuis: c:\users\Pascal\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Lilou\AppData\Roaming\.#
c:\users\Lilou\AppData\Roaming\.#\MBX@1348@1E82990.###
c:\users\Lilou\AppData\Roaming\.#\MBX@1348@1E829C0.###
c:\users\Lilou\AppData\Roaming\.#\MBX@1348@1E829F0.###
c:\users\Maxime\AppData\Roaming\.#
c:\users\Maxime\AppData\Roaming\.#\MBX@137C@782990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@137C@7829C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@137C@7829F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@1380@1D52990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@1380@1D529C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@1380@1D529F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@221C@1BB2990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@221C@1BB29C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@221C@1BB29F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2858@1C02990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2858@1C029C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2858@1C029F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2948@252990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2948@2529C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2948@2529F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@544@382990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@544@3829C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@544@3829F0.###
c:\users\Pascal\AppData\Roaming\.#
c:\users\Pascal\AppData\Roaming\.#\MBX@17B8@1BB2990.###
c:\users\Pascal\AppData\Roaming\.#\MBX@17B8@1BB29C0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@17B8@1BB29F0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@29D8@6C2990.###
c:\users\Pascal\AppData\Roaming\.#\MBX@29D8@6C29C0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@29D8@6C29F0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@5B4@1A92990.###
c:\users\Pascal\AppData\Roaming\.#\MBX@5B4@1A929C0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@5B4@1A929F0.###
c:\users\Sasha\AppData\Roaming\.#
c:\users\Sasha\AppData\Roaming\.#\MBX@D84@1CA2990.###
c:\users\Sasha\AppData\Roaming\.#\MBX@D84@1CA29C0.###
c:\users\Sasha\AppData\Roaming\.#\MBX@D84@1CA29F0.###
c:\windows\system32\404Fix.exe
c:\windows\system32\AVSredirect.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msqpdxwqsctmei.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.
2009-02-03 13:55 . 2009-02-03 13:55 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-02 11:40 . 2009-02-03 08:44 <DIR> d-------- c:\program files\FindyKill
2009-02-02 10:41 . 2009-02-02 10:41 <DIR> d-------- C:\rsit
2009-02-02 09:39 . 2009-02-02 09:39 <DIR> d-------- c:\users\Lilou\AppData\Roaming\Malwarebytes
2009-02-02 08:48 . 2009-02-02 08:48 <DIR> d-------- c:\users\Pascal\AppData\Roaming\Malwarebytes
2009-02-02 08:48 . 2009-02-02 08:48 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-02 08:48 . 2009-02-02 08:48 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-02 08:48 . 2009-02-03 15:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 08:48 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-02 08:48 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-01 22:44 . 2009-02-01 22:44 691 --a------ c:\users\Pascal\AppData\Roaming\GetValue.vbs
2009-02-01 22:44 . 2009-02-01 22:44 35 --a------ c:\users\Pascal\AppData\Roaming\SetValue.bat
2009-02-01 21:30 . 2009-02-01 21:30 <DIR> d-------- c:\program files\CCleaner
2009-02-01 21:05 . 2009-02-01 21:48 <DIR> d-------- C:\ToolBar SD
2009-02-01 20:57 . 2009-02-01 20:57 <DIR> d-------- c:\program files\Trend Micro
2009-01-29 22:07 . 2007-03-12 23:34 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2009-01-29 22:07 . 2007-03-12 23:34 77,312 --a------ c:\windows\System32\ztvunace26.dll
2009-01-29 22:07 . 2007-03-12 23:34 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2009-01-24 22:11 . 2009-01-24 22:11 <DIR> d-------- c:\users\All Users\vsosdk
2009-01-24 22:11 . 2009-01-24 22:11 <DIR> d-------- c:\programdata\vsosdk
2009-01-24 21:12 . 2009-01-30 09:11 <DIR> d-------- c:\users\Lilou\AppData\Roaming\Vso
2009-01-24 20:45 . 2009-01-30 09:12 <DIR> d-------- c:\users\Pascal\AppData\Roaming\Vso
2009-01-24 20:45 . 2009-01-24 20:45 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2009-01-24 20:45 . 2009-01-30 09:12 47,360 --a------ c:\users\Pascal\AppData\Roaming\pcouffin.sys
2009-01-22 16:01 . 2009-01-22 16:01 <DIR> d-------- c:\users\Maxime\AppData\Roaming\Ace
2009-01-21 15:13 . 2009-01-21 15:13 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-19 20:35 . 2009-01-19 20:35 <DIR> d-------- c:\program files\Xvid
2009-01-19 20:35 . 2007-06-28 18:52 765,952 --a------ c:\windows\System32\xvidcore.dll
2009-01-19 20:35 . 2007-06-28 18:54 180,224 --a------ c:\windows\System32\xvidvfw.dll
2009-01-19 20:35 . 2007-06-28 18:55 77,824 --a------ c:\windows\System32\xvid.ax
2009-01-14 18:58 . 2009-01-14 18:58 <DIR> d-------- c:\users\Pascal\AppData\Roaming\OpenOffice.org
2009-01-14 10:13 . 2009-01-14 10:13 <DIR> d-------- c:\users\Lilou\AppData\Roaming\Canneverbe_Limited
2009-01-14 09:50 . 2009-01-14 09:50 <DIR> d-------- c:\users\Lilou\AppData\Roaming\OpenOffice.org
2009-01-14 09:48 . 2009-01-14 09:48 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-01-14 09:48 . 2009-01-14 09:48 <DIR> d-------- c:\program files\JRE
2009-01-14 09:47 . 2009-01-21 15:13 <DIR> d-------- c:\program files\Java
2009-01-14 09:47 . 2009-01-14 09:47 <DIR> d-------- c:\program files\Common Files\Java
2009-01-13 12:23 . 2009-01-13 12:23 <DIR> d-------- c:\users\All Users\Avira
2009-01-13 12:23 . 2009-01-13 12:23 <DIR> d-------- c:\programdata\Avira
2009-01-13 12:23 . 2009-01-13 12:23 <DIR> d-------- c:\program files\Avira
2009-01-12 13:20 . 2009-01-12 13:35 <DIR> d-------- c:\program files\PhotoFiltre
2009-01-11 20:22 . 2009-01-11 20:22 <DIR> d-------- c:\program files\Red Kawa
2009-01-11 19:33 . 2009-01-11 19:33 <DIR> d-------- c:\program files\Common Files\Sony Shared
2009-01-11 19:32 . 2009-01-11 19:32 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-11 19:32 . 2009-01-11 19:32 <DIR> d-------- c:\programdata\Apple Computer
2009-01-11 19:32 . 2009-01-11 19:33 <DIR> d-------- c:\program files\QuickTime
2009-01-11 19:32 . 2009-01-11 19:32 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\users\All Users\Apple
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\programdata\Apple
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\program files\Apple Software Update
2009-01-11 19:30 . 2009-01-11 19:30 <DIR> d-------- c:\users\All Users\Sony Corporation
2009-01-11 19:30 . 2009-01-11 19:30 <DIR> d-------- c:\programdata\Sony Corporation
2009-01-11 19:30 . 2009-01-11 19:33 <DIR> d-------- c:\program files\Sony
2009-01-11 19:27 . 2009-01-11 19:27 <DIR> d-------- c:\users\Pascal\AppData\Roaming\Sony Setup
2009-01-11 19:27 . 2009-01-11 19:27 <DIR> d-------- c:\program files\Sony Setup
2009-01-09 20:29 . 2009-01-10 22:54 <DIR> d-------- c:\users\Lilou\AppData\Roaming\uTorrent
2009-01-06 21:35 . 2009-01-18 18:24 <DIR> d-------- c:\users\All Users\Messenger Plus!
2009-01-06 21:35 . 2009-01-18 18:24 <DIR> d-------- c:\programdata\Messenger Plus!
2009-01-06 21:35 . 2009-01-06 21:35 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-01-06 21:07 . 2009-01-07 10:09 <DIR> d-------- c:\program files\MediaCoder
2009-01-06 18:28 . 2009-01-06 18:28 <DIR> d-------- c:\users\Pascal\AppData\Roaming\AVS4YOU
2009-01-06 18:28 . 2009-01-06 18:28 <DIR> d-------- c:\users\All Users\AVS4YOU
2009-01-06 18:28 . 2009-01-06 18:28 <DIR> d-------- c:\programdata\AVS4YOU
2009-01-06 18:27 . 2009-01-12 18:47 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-01-06 18:27 . 2009-01-12 18:47 <DIR> d-------- c:\program files\AVS4YOU
2009-01-06 18:27 . 2007-02-27 18:36 974,848 --a------ c:\windows\System32\mfc70.dll
2009-01-06 18:27 . 2007-02-27 18:36 487,424 --a------ c:\windows\System32\msvcp70.dll
2009-01-06 18:27 . 2007-02-27 18:36 24,576 --a------ c:\windows\System32\msxml3a.dll
2009-01-05 16:14 . 2009-01-20 17:36 <DIR> d-------- c:\users\Maxime\AppData\Roaming\ArcSoft
2009-01-05 12:44 . 2009-01-05 14:07 <DIR> d-------- c:\users\Pascal\AppData\Roaming\ArcSoft
2009-01-05 12:11 . 2009-01-22 09:40 <DIR> d-------- c:\users\All Users\EmailNotifier
2009-01-05 12:11 . 2009-01-22 09:40 <DIR> d-------- c:\programdata\EmailNotifier
2009-01-05 12:11 . 2009-01-05 12:11 <DIR> d-------- c:\program files\Visicom Media
2009-01-05 10:37 . 2009-01-05 10:37 <DIR> d-------- c:\users\Sasha\AppData\Roaming\ArcSoft
2009-01-05 09:33 . 2009-01-06 17:48 <DIR> d-------- c:\users\Lilou\AppData\Roaming\gtk-2.0
2009-01-05 09:32 . 2009-01-05 18:47 <DIR> d-------- c:\users\Lilou\AppData\Roaming\avidemux
2009-01-04 22:53 . 2009-01-12 18:49 <DIR> d-------- c:\program files\MostFun
2009-01-04 21:42 . 2009-01-04 21:46 <DIR> d-------- c:\users\Pascal\AppData\Roaming\gtk-2.0
2009-01-04 21:41 . 2009-01-04 21:43 <DIR> d-------- c:\users\Pascal\AppData\Roaming\avidemux
2009-01-04 20:26 . 2009-01-05 10:30 <DIR> d-------- c:\users\Lilou\AppData\Roaming\ArcSoft
2009-01-04 20:25 . 2009-01-06 10:31 <DIR> d-------- c:\users\All Users\ArcSoft
2009-01-04 20:25 . 2009-01-06 10:31 <DIR> d-------- c:\programdata\ArcSoft
2009-01-04 20:25 . 2009-01-04 20:25 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-01-04 20:25 . 2009-01-04 20:25 <DIR> d-------- c:\program files\ArcSoft
2009-01-04 20:25 . 2005-04-27 16:36 245,408 --a------ c:\windows\System32\unicows.dll
2009-01-04 20:23 . 2009-01-04 20:23 <DIR> d-------- c:\users\Lilou\AppData\Roaming\InstallShield Installation Information
2009-01-04 20:23 . 2009-01-04 20:23 <DIR> d-------- c:\users\Lilou\AppData\Roaming\InstallShield
2009-01-04 20:23 . 2009-01-04 20:23 <DIR> d-------- C:\Philips
2009-01-04 10:28 . 2009-01-04 10:28 0 --a------ c:\users\Sasha\AppData\Roaming\wklnhst.dat
2009-01-03 15:44 . 2009-01-03 15:44 <DIR> d-------- c:\program files\Atari
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 14:43 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-03 13:55 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-02 08:59 --------- d-----w c:\program files\Yahoo!
2009-01-22 15:59 --------- d-----w c:\users\Sasha\AppData\Roaming\Ace
2009-01-08 20:59 --------- d-----w c:\program files\Google
2009-01-06 21:35 --------- d-----w c:\program files\Windows Live
2009-01-06 21:35 --------- d-----w c:\program files\MSN Messenger
2009-01-06 10:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 22:43 --------- d-----w c:\programdata\Driving Test Success
2009-01-02 19:19 --------- d-----w c:\programdata\eSobi
2009-01-01 17:20 --------- d-----w c:\program files\Astonsoft
2008-12-31 20:48 --------- d-----w c:\program files\eRightSoft
2008-12-31 20:48 --------- d-----w c:\program files\AviSynth 2.5
2008-12-31 14:06 --------- d-----w c:\users\Sasha\AppData\Roaming\EPSON
2008-12-30 20:38 --------- d-----w c:\program files\Common Files\Adobe
2008-12-30 13:46 --------- d-----w c:\program files\Illustrate
2008-12-30 13:44 5,052,280 ----a-w c:\windows\System32\SpoonUninstall.exe
2008-12-30 13:40 --------- d-----w c:\users\Pascal\AppData\Roaming\AccurateRip
2008-12-30 12:47 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-28 19:15 --------- d-----w c:\users\Lilou\AppData\Roaming\Template
2008-12-27 12:46 --------- d-----w c:\program files\ReflexiveArcade
2008-12-27 12:46 --------- d-----w c:\program files\Alice Greenfingers
2008-12-26 10:50 --------- d-----w c:\users\Lilou\AppData\Roaming\Ace
2008-12-26 10:14 --------- d-----w c:\users\Pascal\AppData\Roaming\Ace
2008-12-26 10:12 --------- d-----w c:\program files\THQ
2008-12-25 11:54 --------- d-----w c:\programdata\eMule
2008-12-25 11:54 --------- d-----w c:\program files\eMule
2008-12-25 11:47 --------- d-----w c:\programdata\Symantec
2008-12-24 21:17 --------- d-----w c:\users\Pascal\AppData\Roaming\DeepBurner
2008-12-23 09:27 --------- d-----w c:\program files\Micro Application
2008-12-22 11:33 --------- d-----w c:\users\Maxime\AppData\Roaming\vlc
2008-12-22 10:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-22 10:38 --------- d-----w c:\programdata\Microsoft Help
2008-12-22 10:38 --------- d-----w c:\program files\Microsoft Works
2008-12-21 13:33 --------- d-----w c:\users\Sasha\AppData\Roaming\DeepBurner
2008-12-20 20:22 --------- d-----w c:\users\Lilou\AppData\Roaming\DeepBurner
2008-12-20 20:01 --------- d-----w c:\programdata\NtiDvdCopy
2008-12-20 08:56 --------- d-----w c:\program files\Acer GameZone
2008-12-19 22:23 --------- d-----w c:\program files\Zone Labs
2008-12-19 18:55 --------- d-----w c:\programdata\Trymedia
2008-12-19 16:06 --------- d-----w c:\users\Maxime\AppData\Roaming\Zylom
2008-12-19 13:14 --------- d-----w c:\program files\Alwil Software
2008-12-19 13:11 --------- d-----w c:\programdata\CyberLink
2008-12-19 13:10 --------- d-----w c:\programdata\McAfee
2008-12-19 12:52 --------- d-----w c:\programdata\WLInstaller
2008-12-19 12:50 --------- d-----w c:\program files\Windows Installer Clean Up
2008-12-19 12:50 --------- d-----w c:\program files\MSECACHE
2008-12-18 09:04 --------- d-----w c:\users\Lilou\AppData\Roaming\vlc
2008-12-17 20:45 --------- d-----w c:\users\Sasha\AppData\Roaming\vlc
2008-12-17 19:43 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-17 18:42 --------- d-----w c:\program files\extravideo
2008-12-17 16:48 --------- d-----w c:\users\Pascal\AppData\Roaming\vlc
2008-12-17 16:45 --------- d-----w c:\program files\VideoLAN
2008-12-17 08:51 --------- d-----w c:\programdata\SiteAdvisor
2008-12-16 00:16 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-16 00:11 --------- d-----w c:\program files\MSXML 4.0
2008-12-15 19:19 --------- d---a-w c:\programdata\TEMP
2008-12-15 09:57 --------- d-----w c:\programdata\SupportSoft
2008-12-15 09:57 --------- d-----w c:\program files\TalkTalk
2008-12-15 09:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 09:31 --------- d-----w c:\program files\Common Files\SupportSoft
2008-12-07 10:00 --------- d-----w c:\users\Pascal\AppData\Roaming\CyberLink
2008-12-06 19:33 --------- d-----w c:\users\Sasha\AppData\Roaming\Gaijin Ent
2008-12-06 13:36 --------- d-----w c:\users\Sasha\AppData\Roaming\Leadertech
2008-12-05 18:11 --------- d-----w c:\users\Pascal\AppData\Roaming\Big Fish Games
2008-12-05 10:07 --------- d-----w c:\users\Lilou\AppData\Roaming\CyberLink
2008-12-05 10:05 0 ----a-w c:\users\Lilou\AppData\Roaming\wklnhst.dat
2008-12-05 09:32 --------- d-----w c:\users\Lilou\AppData\Roaming\Leadertech
2008-12-03 18:56 --------- d-----w c:\users\Maxime\AppData\Roaming\Yahoo!
2008-12-03 18:25 --------- d-----w c:\users\Sasha\AppData\Roaming\CyberLink
2008-12-03 17:41 --------- d-----w c:\users\Sasha\AppData\Roaming\iWin
2008-11-29 17:19 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 92704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-04-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-16 535336]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-29 66864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{AF9DDB76-66DA-494E-8BB5-DE8002D406FF}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2882054D-7AEA-487C-B4B0-E342DA081727}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F38869CF-E6BE-4768-9FEF-57F5F250CAB2}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AF6D6899-09F9-4E71-B536-31C6AC3EC73F}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F4C1EFB7-0BF5-4638-A59F-0E677651080A}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EC4A0E30-5706-4277-A7D6-E7ED44D5C640}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6CBEDC71-867B-49A1-98A6-54E4120FBB1C}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{D3558683-0331-4DD6-9254-4360FDFD9458}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{8A4DD6B1-95E4-4FA1-8D6E-B8E0F9109D32}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{456F9157-6424-457C-9BE3-FE071CA85BFC}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{91191CD7-AE65-4D64-8493-FF21046F166A}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{5165F6E7-1C83-40A7-A5C6-E26F134BB3D5}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{0EEA9EE3-CC24-4954-BB64-A1AE28FB24B3}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{5FD6B8EA-69B9-4C8F-A07E-D7ADB6C86D1B}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{7886E2CD-643F-4C62-9373-69AC5B126A7E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A4DADFCB-6061-4C57-AB86-2443F7E4CF7A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2F7CADF2-102A-41E0-8916-A157B085B213}"= UDP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"{56B08A5A-C64E-4870-A904-2D8A95807940}"= TCP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-16 269448]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [2007-08-02 148768]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-16 30752]
.
Contenu du dossier 'Tâches planifiées'
2009-02-03 c:\windows\Tasks\User_Feed_Synchronization-{238B6B5E-E718-45F2-9206-86E0C8C4A6CA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
2009-02-02 c:\windows\Tasks\User_Feed_Synchronization-{41E0BFB9-F757-46AB-A533-2D0111FE16AF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
2009-02-03 c:\windows\Tasks\User_Feed_Synchronization-{9A861B28-97D6-4B26-A77A-CFB625F84803}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24}
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 15:09:20
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-03 15:11:16
ComboFix-quarantined-files.txt 2009-02-03 15:11:13
Avant-CF: 31,307,378,688 bytes free
Après-CF: 31,592,337,408 bytes free
349 --- E O F --- 2008-12-16 00:22:36
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.994 [GMT 0:00]
Lancé depuis: c:\users\Pascal\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Lilou\AppData\Roaming\.#
c:\users\Lilou\AppData\Roaming\.#\MBX@1348@1E82990.###
c:\users\Lilou\AppData\Roaming\.#\MBX@1348@1E829C0.###
c:\users\Lilou\AppData\Roaming\.#\MBX@1348@1E829F0.###
c:\users\Maxime\AppData\Roaming\.#
c:\users\Maxime\AppData\Roaming\.#\MBX@137C@782990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@137C@7829C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@137C@7829F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@1380@1D52990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@1380@1D529C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@1380@1D529F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@221C@1BB2990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@221C@1BB29C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@221C@1BB29F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2858@1C02990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2858@1C029C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2858@1C029F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2948@252990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2948@2529C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@2948@2529F0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@544@382990.###
c:\users\Maxime\AppData\Roaming\.#\MBX@544@3829C0.###
c:\users\Maxime\AppData\Roaming\.#\MBX@544@3829F0.###
c:\users\Pascal\AppData\Roaming\.#
c:\users\Pascal\AppData\Roaming\.#\MBX@17B8@1BB2990.###
c:\users\Pascal\AppData\Roaming\.#\MBX@17B8@1BB29C0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@17B8@1BB29F0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@29D8@6C2990.###
c:\users\Pascal\AppData\Roaming\.#\MBX@29D8@6C29C0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@29D8@6C29F0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@5B4@1A92990.###
c:\users\Pascal\AppData\Roaming\.#\MBX@5B4@1A929C0.###
c:\users\Pascal\AppData\Roaming\.#\MBX@5B4@1A929F0.###
c:\users\Sasha\AppData\Roaming\.#
c:\users\Sasha\AppData\Roaming\.#\MBX@D84@1CA2990.###
c:\users\Sasha\AppData\Roaming\.#\MBX@D84@1CA29C0.###
c:\users\Sasha\AppData\Roaming\.#\MBX@D84@1CA29F0.###
c:\windows\system32\404Fix.exe
c:\windows\system32\AVSredirect.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msqpdxwqsctmei.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.
2009-02-03 13:55 . 2009-02-03 13:55 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-02 11:40 . 2009-02-03 08:44 <DIR> d-------- c:\program files\FindyKill
2009-02-02 10:41 . 2009-02-02 10:41 <DIR> d-------- C:\rsit
2009-02-02 09:39 . 2009-02-02 09:39 <DIR> d-------- c:\users\Lilou\AppData\Roaming\Malwarebytes
2009-02-02 08:48 . 2009-02-02 08:48 <DIR> d-------- c:\users\Pascal\AppData\Roaming\Malwarebytes
2009-02-02 08:48 . 2009-02-02 08:48 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-02 08:48 . 2009-02-02 08:48 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-02 08:48 . 2009-02-03 15:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 08:48 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-02 08:48 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-01 22:44 . 2009-02-01 22:44 691 --a------ c:\users\Pascal\AppData\Roaming\GetValue.vbs
2009-02-01 22:44 . 2009-02-01 22:44 35 --a------ c:\users\Pascal\AppData\Roaming\SetValue.bat
2009-02-01 21:30 . 2009-02-01 21:30 <DIR> d-------- c:\program files\CCleaner
2009-02-01 21:05 . 2009-02-01 21:48 <DIR> d-------- C:\ToolBar SD
2009-02-01 20:57 . 2009-02-01 20:57 <DIR> d-------- c:\program files\Trend Micro
2009-01-29 22:07 . 2007-03-12 23:34 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2009-01-29 22:07 . 2007-03-12 23:34 77,312 --a------ c:\windows\System32\ztvunace26.dll
2009-01-29 22:07 . 2007-03-12 23:34 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2009-01-24 22:11 . 2009-01-24 22:11 <DIR> d-------- c:\users\All Users\vsosdk
2009-01-24 22:11 . 2009-01-24 22:11 <DIR> d-------- c:\programdata\vsosdk
2009-01-24 21:12 . 2009-01-30 09:11 <DIR> d-------- c:\users\Lilou\AppData\Roaming\Vso
2009-01-24 20:45 . 2009-01-30 09:12 <DIR> d-------- c:\users\Pascal\AppData\Roaming\Vso
2009-01-24 20:45 . 2009-01-24 20:45 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2009-01-24 20:45 . 2009-01-30 09:12 47,360 --a------ c:\users\Pascal\AppData\Roaming\pcouffin.sys
2009-01-22 16:01 . 2009-01-22 16:01 <DIR> d-------- c:\users\Maxime\AppData\Roaming\Ace
2009-01-21 15:13 . 2009-01-21 15:13 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-19 20:35 . 2009-01-19 20:35 <DIR> d-------- c:\program files\Xvid
2009-01-19 20:35 . 2007-06-28 18:52 765,952 --a------ c:\windows\System32\xvidcore.dll
2009-01-19 20:35 . 2007-06-28 18:54 180,224 --a------ c:\windows\System32\xvidvfw.dll
2009-01-19 20:35 . 2007-06-28 18:55 77,824 --a------ c:\windows\System32\xvid.ax
2009-01-14 18:58 . 2009-01-14 18:58 <DIR> d-------- c:\users\Pascal\AppData\Roaming\OpenOffice.org
2009-01-14 10:13 . 2009-01-14 10:13 <DIR> d-------- c:\users\Lilou\AppData\Roaming\Canneverbe_Limited
2009-01-14 09:50 . 2009-01-14 09:50 <DIR> d-------- c:\users\Lilou\AppData\Roaming\OpenOffice.org
2009-01-14 09:48 . 2009-01-14 09:48 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-01-14 09:48 . 2009-01-14 09:48 <DIR> d-------- c:\program files\JRE
2009-01-14 09:47 . 2009-01-21 15:13 <DIR> d-------- c:\program files\Java
2009-01-14 09:47 . 2009-01-14 09:47 <DIR> d-------- c:\program files\Common Files\Java
2009-01-13 12:23 . 2009-01-13 12:23 <DIR> d-------- c:\users\All Users\Avira
2009-01-13 12:23 . 2009-01-13 12:23 <DIR> d-------- c:\programdata\Avira
2009-01-13 12:23 . 2009-01-13 12:23 <DIR> d-------- c:\program files\Avira
2009-01-12 13:20 . 2009-01-12 13:35 <DIR> d-------- c:\program files\PhotoFiltre
2009-01-11 20:22 . 2009-01-11 20:22 <DIR> d-------- c:\program files\Red Kawa
2009-01-11 19:33 . 2009-01-11 19:33 <DIR> d-------- c:\program files\Common Files\Sony Shared
2009-01-11 19:32 . 2009-01-11 19:32 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-11 19:32 . 2009-01-11 19:32 <DIR> d-------- c:\programdata\Apple Computer
2009-01-11 19:32 . 2009-01-11 19:33 <DIR> d-------- c:\program files\QuickTime
2009-01-11 19:32 . 2009-01-11 19:32 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\users\All Users\Apple
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\programdata\Apple
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\program files\Apple Software Update
2009-01-11 19:30 . 2009-01-11 19:30 <DIR> d-------- c:\users\All Users\Sony Corporation
2009-01-11 19:30 . 2009-01-11 19:30 <DIR> d-------- c:\programdata\Sony Corporation
2009-01-11 19:30 . 2009-01-11 19:33 <DIR> d-------- c:\program files\Sony
2009-01-11 19:27 . 2009-01-11 19:27 <DIR> d-------- c:\users\Pascal\AppData\Roaming\Sony Setup
2009-01-11 19:27 . 2009-01-11 19:27 <DIR> d-------- c:\program files\Sony Setup
2009-01-09 20:29 . 2009-01-10 22:54 <DIR> d-------- c:\users\Lilou\AppData\Roaming\uTorrent
2009-01-06 21:35 . 2009-01-18 18:24 <DIR> d-------- c:\users\All Users\Messenger Plus!
2009-01-06 21:35 . 2009-01-18 18:24 <DIR> d-------- c:\programdata\Messenger Plus!
2009-01-06 21:35 . 2009-01-06 21:35 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-01-06 21:07 . 2009-01-07 10:09 <DIR> d-------- c:\program files\MediaCoder
2009-01-06 18:28 . 2009-01-06 18:28 <DIR> d-------- c:\users\Pascal\AppData\Roaming\AVS4YOU
2009-01-06 18:28 . 2009-01-06 18:28 <DIR> d-------- c:\users\All Users\AVS4YOU
2009-01-06 18:28 . 2009-01-06 18:28 <DIR> d-------- c:\programdata\AVS4YOU
2009-01-06 18:27 . 2009-01-12 18:47 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-01-06 18:27 . 2009-01-12 18:47 <DIR> d-------- c:\program files\AVS4YOU
2009-01-06 18:27 . 2007-02-27 18:36 974,848 --a------ c:\windows\System32\mfc70.dll
2009-01-06 18:27 . 2007-02-27 18:36 487,424 --a------ c:\windows\System32\msvcp70.dll
2009-01-06 18:27 . 2007-02-27 18:36 24,576 --a------ c:\windows\System32\msxml3a.dll
2009-01-05 16:14 . 2009-01-20 17:36 <DIR> d-------- c:\users\Maxime\AppData\Roaming\ArcSoft
2009-01-05 12:44 . 2009-01-05 14:07 <DIR> d-------- c:\users\Pascal\AppData\Roaming\ArcSoft
2009-01-05 12:11 . 2009-01-22 09:40 <DIR> d-------- c:\users\All Users\EmailNotifier
2009-01-05 12:11 . 2009-01-22 09:40 <DIR> d-------- c:\programdata\EmailNotifier
2009-01-05 12:11 . 2009-01-05 12:11 <DIR> d-------- c:\program files\Visicom Media
2009-01-05 10:37 . 2009-01-05 10:37 <DIR> d-------- c:\users\Sasha\AppData\Roaming\ArcSoft
2009-01-05 09:33 . 2009-01-06 17:48 <DIR> d-------- c:\users\Lilou\AppData\Roaming\gtk-2.0
2009-01-05 09:32 . 2009-01-05 18:47 <DIR> d-------- c:\users\Lilou\AppData\Roaming\avidemux
2009-01-04 22:53 . 2009-01-12 18:49 <DIR> d-------- c:\program files\MostFun
2009-01-04 21:42 . 2009-01-04 21:46 <DIR> d-------- c:\users\Pascal\AppData\Roaming\gtk-2.0
2009-01-04 21:41 . 2009-01-04 21:43 <DIR> d-------- c:\users\Pascal\AppData\Roaming\avidemux
2009-01-04 20:26 . 2009-01-05 10:30 <DIR> d-------- c:\users\Lilou\AppData\Roaming\ArcSoft
2009-01-04 20:25 . 2009-01-06 10:31 <DIR> d-------- c:\users\All Users\ArcSoft
2009-01-04 20:25 . 2009-01-06 10:31 <DIR> d-------- c:\programdata\ArcSoft
2009-01-04 20:25 . 2009-01-04 20:25 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-01-04 20:25 . 2009-01-04 20:25 <DIR> d-------- c:\program files\ArcSoft
2009-01-04 20:25 . 2005-04-27 16:36 245,408 --a------ c:\windows\System32\unicows.dll
2009-01-04 20:23 . 2009-01-04 20:23 <DIR> d-------- c:\users\Lilou\AppData\Roaming\InstallShield Installation Information
2009-01-04 20:23 . 2009-01-04 20:23 <DIR> d-------- c:\users\Lilou\AppData\Roaming\InstallShield
2009-01-04 20:23 . 2009-01-04 20:23 <DIR> d-------- C:\Philips
2009-01-04 10:28 . 2009-01-04 10:28 0 --a------ c:\users\Sasha\AppData\Roaming\wklnhst.dat
2009-01-03 15:44 . 2009-01-03 15:44 <DIR> d-------- c:\program files\Atari
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 14:43 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-03 13:55 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-02 08:59 --------- d-----w c:\program files\Yahoo!
2009-01-22 15:59 --------- d-----w c:\users\Sasha\AppData\Roaming\Ace
2009-01-08 20:59 --------- d-----w c:\program files\Google
2009-01-06 21:35 --------- d-----w c:\program files\Windows Live
2009-01-06 21:35 --------- d-----w c:\program files\MSN Messenger
2009-01-06 10:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 22:43 --------- d-----w c:\programdata\Driving Test Success
2009-01-02 19:19 --------- d-----w c:\programdata\eSobi
2009-01-01 17:20 --------- d-----w c:\program files\Astonsoft
2008-12-31 20:48 --------- d-----w c:\program files\eRightSoft
2008-12-31 20:48 --------- d-----w c:\program files\AviSynth 2.5
2008-12-31 14:06 --------- d-----w c:\users\Sasha\AppData\Roaming\EPSON
2008-12-30 20:38 --------- d-----w c:\program files\Common Files\Adobe
2008-12-30 13:46 --------- d-----w c:\program files\Illustrate
2008-12-30 13:44 5,052,280 ----a-w c:\windows\System32\SpoonUninstall.exe
2008-12-30 13:40 --------- d-----w c:\users\Pascal\AppData\Roaming\AccurateRip
2008-12-30 12:47 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-28 19:15 --------- d-----w c:\users\Lilou\AppData\Roaming\Template
2008-12-27 12:46 --------- d-----w c:\program files\ReflexiveArcade
2008-12-27 12:46 --------- d-----w c:\program files\Alice Greenfingers
2008-12-26 10:50 --------- d-----w c:\users\Lilou\AppData\Roaming\Ace
2008-12-26 10:14 --------- d-----w c:\users\Pascal\AppData\Roaming\Ace
2008-12-26 10:12 --------- d-----w c:\program files\THQ
2008-12-25 11:54 --------- d-----w c:\programdata\eMule
2008-12-25 11:54 --------- d-----w c:\program files\eMule
2008-12-25 11:47 --------- d-----w c:\programdata\Symantec
2008-12-24 21:17 --------- d-----w c:\users\Pascal\AppData\Roaming\DeepBurner
2008-12-23 09:27 --------- d-----w c:\program files\Micro Application
2008-12-22 11:33 --------- d-----w c:\users\Maxime\AppData\Roaming\vlc
2008-12-22 10:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-22 10:38 --------- d-----w c:\programdata\Microsoft Help
2008-12-22 10:38 --------- d-----w c:\program files\Microsoft Works
2008-12-21 13:33 --------- d-----w c:\users\Sasha\AppData\Roaming\DeepBurner
2008-12-20 20:22 --------- d-----w c:\users\Lilou\AppData\Roaming\DeepBurner
2008-12-20 20:01 --------- d-----w c:\programdata\NtiDvdCopy
2008-12-20 08:56 --------- d-----w c:\program files\Acer GameZone
2008-12-19 22:23 --------- d-----w c:\program files\Zone Labs
2008-12-19 18:55 --------- d-----w c:\programdata\Trymedia
2008-12-19 16:06 --------- d-----w c:\users\Maxime\AppData\Roaming\Zylom
2008-12-19 13:14 --------- d-----w c:\program files\Alwil Software
2008-12-19 13:11 --------- d-----w c:\programdata\CyberLink
2008-12-19 13:10 --------- d-----w c:\programdata\McAfee
2008-12-19 12:52 --------- d-----w c:\programdata\WLInstaller
2008-12-19 12:50 --------- d-----w c:\program files\Windows Installer Clean Up
2008-12-19 12:50 --------- d-----w c:\program files\MSECACHE
2008-12-18 09:04 --------- d-----w c:\users\Lilou\AppData\Roaming\vlc
2008-12-17 20:45 --------- d-----w c:\users\Sasha\AppData\Roaming\vlc
2008-12-17 19:43 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-17 18:42 --------- d-----w c:\program files\extravideo
2008-12-17 16:48 --------- d-----w c:\users\Pascal\AppData\Roaming\vlc
2008-12-17 16:45 --------- d-----w c:\program files\VideoLAN
2008-12-17 08:51 --------- d-----w c:\programdata\SiteAdvisor
2008-12-16 00:16 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-16 00:11 --------- d-----w c:\program files\MSXML 4.0
2008-12-15 19:19 --------- d---a-w c:\programdata\TEMP
2008-12-15 09:57 --------- d-----w c:\programdata\SupportSoft
2008-12-15 09:57 --------- d-----w c:\program files\TalkTalk
2008-12-15 09:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 09:31 --------- d-----w c:\program files\Common Files\SupportSoft
2008-12-07 10:00 --------- d-----w c:\users\Pascal\AppData\Roaming\CyberLink
2008-12-06 19:33 --------- d-----w c:\users\Sasha\AppData\Roaming\Gaijin Ent
2008-12-06 13:36 --------- d-----w c:\users\Sasha\AppData\Roaming\Leadertech
2008-12-05 18:11 --------- d-----w c:\users\Pascal\AppData\Roaming\Big Fish Games
2008-12-05 10:07 --------- d-----w c:\users\Lilou\AppData\Roaming\CyberLink
2008-12-05 10:05 0 ----a-w c:\users\Lilou\AppData\Roaming\wklnhst.dat
2008-12-05 09:32 --------- d-----w c:\users\Lilou\AppData\Roaming\Leadertech
2008-12-03 18:56 --------- d-----w c:\users\Maxime\AppData\Roaming\Yahoo!
2008-12-03 18:25 --------- d-----w c:\users\Sasha\AppData\Roaming\CyberLink
2008-12-03 17:41 --------- d-----w c:\users\Sasha\AppData\Roaming\iWin
2008-11-29 17:19 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 92704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-04-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-16 535336]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-29 66864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{AF9DDB76-66DA-494E-8BB5-DE8002D406FF}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2882054D-7AEA-487C-B4B0-E342DA081727}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F38869CF-E6BE-4768-9FEF-57F5F250CAB2}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AF6D6899-09F9-4E71-B536-31C6AC3EC73F}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F4C1EFB7-0BF5-4638-A59F-0E677651080A}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EC4A0E30-5706-4277-A7D6-E7ED44D5C640}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6CBEDC71-867B-49A1-98A6-54E4120FBB1C}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{D3558683-0331-4DD6-9254-4360FDFD9458}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{8A4DD6B1-95E4-4FA1-8D6E-B8E0F9109D32}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{456F9157-6424-457C-9BE3-FE071CA85BFC}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{91191CD7-AE65-4D64-8493-FF21046F166A}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{5165F6E7-1C83-40A7-A5C6-E26F134BB3D5}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{0EEA9EE3-CC24-4954-BB64-A1AE28FB24B3}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{5FD6B8EA-69B9-4C8F-A07E-D7ADB6C86D1B}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{7886E2CD-643F-4C62-9373-69AC5B126A7E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A4DADFCB-6061-4C57-AB86-2443F7E4CF7A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2F7CADF2-102A-41E0-8916-A157B085B213}"= UDP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"{56B08A5A-C64E-4870-A904-2D8A95807940}"= TCP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-16 269448]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [2007-08-02 148768]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-16 30752]
.
Contenu du dossier 'Tâches planifiées'
2009-02-03 c:\windows\Tasks\User_Feed_Synchronization-{238B6B5E-E718-45F2-9206-86E0C8C4A6CA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
2009-02-02 c:\windows\Tasks\User_Feed_Synchronization-{41E0BFB9-F757-46AB-A533-2D0111FE16AF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
2009-02-03 c:\windows\Tasks\User_Feed_Synchronization-{9A861B28-97D6-4B26-A77A-CFB625F84803}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24}
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 15:09:20
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-03 15:11:16
ComboFix-quarantined-files.txt 2009-02-03 15:11:13
Avant-CF: 31,307,378,688 bytes free
Après-CF: 31,592,337,408 bytes free
349 --- E O F --- 2008-12-16 00:22:36
Re,
* Leelooh, maintenant tu peux mettre MBAM à jour et executer un examen rapide du pc !
* A la fin du scan --> cliques sur " Afficher les resultats "
* Puis cliques sur " supprimer la selection "
--> si mbam doit redemarrer afin de finir la desinfection, acceptes!
* Postes le rapport généré + un rapport RSIT stp
* Leelooh, maintenant tu peux mettre MBAM à jour et executer un examen rapide du pc !
* A la fin du scan --> cliques sur " Afficher les resultats "
* Puis cliques sur " supprimer la selection "
--> si mbam doit redemarrer afin de finir la desinfection, acceptes!
* Postes le rapport généré + un rapport RSIT stp
Malwarebytes' Anti-Malware 1.33
Database version: 1718
Windows 6.0.6001 Service Pack 1
03/02/2009 15:24:59
mbam-log-2009-02-03 (15-24-59).txt
Scan type: Quick Scan
Objects scanned: 45561
Time elapsed: 2 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\extravideo (Trojan.DNSChanger) -> Delete on reboot.
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.198;85.255.112.176 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4b89e525-b2fe-4e02-b769-d671257bbde6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.198;85.255.112.176 -> Delete on reboot.
Folders Infected:
C:\Program Files\extravideo (Trojan.DNSChanger) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Delete on reboot.
Files Infected:
C:\Program Files\extravideo\Uninstall.exe (Trojan.DNSChanger) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\extravideo\Uninstall.lnk (Trojan.DNSChanger) -> Delete on reboot.
Je vais le redemarrer maintenant.
Database version: 1718
Windows 6.0.6001 Service Pack 1
03/02/2009 15:24:59
mbam-log-2009-02-03 (15-24-59).txt
Scan type: Quick Scan
Objects scanned: 45561
Time elapsed: 2 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\extravideo (Trojan.DNSChanger) -> Delete on reboot.
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.198;85.255.112.176 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4b89e525-b2fe-4e02-b769-d671257bbde6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.198;85.255.112.176 -> Delete on reboot.
Folders Infected:
C:\Program Files\extravideo (Trojan.DNSChanger) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Delete on reboot.
Files Infected:
C:\Program Files\extravideo\Uninstall.exe (Trojan.DNSChanger) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\extravideo\Uninstall.lnk (Trojan.DNSChanger) -> Delete on reboot.
Je vais le redemarrer maintenant.
Ok,
* aprés redemarrage --> vides la quarantaine de Malwarebytes
--> ouvres MBAM --> cliques sur Quarantaine --> supprimes tout !
* Postes un nouveau rapport RSIT stp
* aprés redemarrage --> vides la quarantaine de Malwarebytes
--> ouvres MBAM --> cliques sur Quarantaine --> supprimes tout !
* Postes un nouveau rapport RSIT stp
Re,
* Supprimes RSIT
* Telecharges ToolsCleaner sur ton bureau :
http://pc-system.fr/
* Cliques droit sur l'icone de Toolscleaner pour lancer le programme
* Cliques sur " Recherche " et patientes jusqu'à la fin de la recherche
* Cliques sur " Suppression " pour finaliser
* Postes le rapport Toolscleaner2
* Postes un nouveau rapport hijackthis !
* Supprimes RSIT
* Telecharges ToolsCleaner sur ton bureau :
http://pc-system.fr/
* Cliques droit sur l'icone de Toolscleaner pour lancer le programme
* Cliques sur " Recherche " et patientes jusqu'à la fin de la recherche
* Cliques sur " Suppression " pour finaliser
* Postes le rapport Toolscleaner2
* Postes un nouveau rapport hijackthis !
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Lilou\Desktop\HijackThis.lnk: trouvé !
C:\Users\Lilou\Desktop\HJTInstall.exe: trouvé !
C:\Users\Lilou\Desktop\SmitFraudFix.exe: trouvé !
C:\Users\Lilou\Desktop\ToolBarSD.exe: trouvé !
C:\Users\Lilou\Desktop\SmitFraudfix: trouvé !
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\Pascal\Desktop\HijackThis.lnk: trouvé !
C:\Users\Pascal\Desktop\ComboFix.exe: trouvé !
C:\Users\Pascal\Desktop\Rsit.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Lilou\Desktop\HijackThis.lnk: supprimé !
C:\Users\Lilou\Desktop\HJTInstall.exe: supprimé !
C:\Users\Lilou\Desktop\SmitFraudFix.exe: supprimé !
C:\Users\Lilou\Desktop\ToolBarSD.exe: supprimé !
C:\Users\Pascal\Desktop\HijackThis.lnk: supprimé !
C:\Users\Pascal\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\Pascal\Desktop\Rsit.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
C:\Users\Lilou\Desktop\SmitFraudfix: supprimé !
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Lilou\Desktop\HijackThis.lnk: trouvé !
C:\Users\Lilou\Desktop\HJTInstall.exe: trouvé !
C:\Users\Lilou\Desktop\SmitFraudFix.exe: trouvé !
C:\Users\Lilou\Desktop\ToolBarSD.exe: trouvé !
C:\Users\Lilou\Desktop\SmitFraudfix: trouvé !
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\Pascal\Desktop\HijackThis.lnk: trouvé !
C:\Users\Pascal\Desktop\ComboFix.exe: trouvé !
C:\Users\Pascal\Desktop\Rsit.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Lilou\Desktop\HijackThis.lnk: supprimé !
C:\Users\Lilou\Desktop\HJTInstall.exe: supprimé !
C:\Users\Lilou\Desktop\SmitFraudFix.exe: supprimé !
C:\Users\Lilou\Desktop\ToolBarSD.exe: supprimé !
C:\Users\Pascal\Desktop\HijackThis.lnk: supprimé !
C:\Users\Pascal\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\Pascal\Desktop\Rsit.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
C:\Users\Lilou\Desktop\SmitFraudfix: supprimé !
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
voila pour hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:53, on 04/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Lilou\AppData\Local\Temp\E_SEC36.tmp" /EF "HKCU" (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart (User 'Lilou')
O4 - S-1-5-21-1234953669-4025026192-179014854-1001 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Lilou')
O4 - S-1-5-21-1234953669-4025026192-179014854-1001 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Lilou')
O4 - S-1-5-21-1234953669-4025026192-179014854-1001 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Lilou')
O4 - S-1-5-21-1234953669-4025026192-179014854-1001 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Lilou')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:53, on 04/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Lilou\AppData\Local\Temp\E_SEC36.tmp" /EF "HKCU" (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart (User 'Lilou')
O4 - S-1-5-21-1234953669-4025026192-179014854-1001 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Lilou')
O4 - S-1-5-21-1234953669-4025026192-179014854-1001 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Lilou')
O4 - S-1-5-21-1234953669-4025026192-179014854-1001 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Lilou')
O4 - S-1-5-21-1234953669-4025026192-179014854-1001 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Lilou')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
bonjour,
relance hijackthis choisit do a scan only et coche les cases a gauche des lignes :
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Lilou')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
puis clic sur fix checked
ensuite
la mise a jour de tes logiciel :
via windows update
via ce site https://www.flexera.com/products/operations/software-vulnerability-management.html (clic start scan accepte l'active X)
puis
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Clique sur Continue
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront poste les 2 rapports SEPAREMENT
relance hijackthis choisit do a scan only et coche les cases a gauche des lignes :
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lilou')
O4 - HKUS\S-1-5-21-1234953669-4025026192-179014854-1001\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Lilou')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
puis clic sur fix checked
ensuite
la mise a jour de tes logiciel :
via windows update
via ce site https://www.flexera.com/products/operations/software-vulnerability-management.html (clic start scan accepte l'active X)
puis
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Clique sur Continue
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront poste les 2 rapports SEPAREMENT
re
et en + de tout sa tu feras cette manip aussi stp
Cliques sur Démarrer => Exécuter => Tape combofix /u et valide avec OK.
et en + de tout sa tu feras cette manip aussi stp
Cliques sur Démarrer => Exécuter => Tape combofix /u et valide avec OK.
Pour ton site avec "scan"
Il est fini et me demande mon adresse e-mail je lui donne ou j'arrette la ?
Il est fini et me demande mon adresse e-mail je lui donne ou j'arrette la ?
Pour RSTI ca va faire 5 fois que je vous le dis..
Il m'envoi un "AutoiT Error"
J'ai beau le mettre sur mon desktop, l'ouvrir en tant qu'administrateur il ne veut pas..
Il m'envoi un "AutoiT Error"
J'ai beau le mettre sur mon desktop, l'ouvrir en tant qu'administrateur il ne veut pas..
Ou trouves tu "Executer" ?
car je suis en Angletterre donc la configuration de mon PC est en anglais..
car je suis en Angletterre donc la configuration de mon PC est en anglais..
