Infection du PC

Question

Bonjour,


Je t'ai fait un petit resumé de la situation si tu as une petite idée,voici le rapport zeb

Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 22/04/2009 23:52:26
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0.7)

---\ Processus lancés
RtHDVCpl.exe
C:\Windows\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\WR_PopUp\WarReg_PopUp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\Ati2evxx.exe
%windir%\system32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe

---\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

---\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"
O4 - HKLM\..\policies\Explorer: [NoControlPanel] Data="0"

---\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: inetcpl.cpl=no

---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

---\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
---\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service:  (Ati External Event Utility) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

---\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SA.DAT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SCHEDLGU.TXT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WebReg PSC 1500 series.job

---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32egsvr32.exe /s /n /i:/UserInstall C:\Windows\system32	hemeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (atikmdag) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: ATI PCI Express (3GIO) Filter (AtiPcie) - C:\WINDOWS\system32\DRIVERS\AtiPcie.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Pilote MS IEEE-1284.4 (Dot4) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
O41 - Driver: Pilote de classe Imprimante pour IEEE-1284.4 (Dot4Print) - C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
O41 - Driver: MS Dot4USB Filter Dot4USB Filter (dot4usb) - C:\WINDOWS\system32\DRIVERS\dot4usb.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: int15 (int15) - C:\Acer\Empowering Technology\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote d’E/S du mappage de découverte de topologie de la couche de liaison (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Filtre NativeWiFi (NativeWifiP) - C:\WINDOWS\system32\DRIVERS
wifi.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS
distapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS
disuio.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS
diswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS
etbios.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS
wlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS
wlnkfwd.sys
O41 - Driver: PCTAppEvent Driver (PCTAppEvent) - C:\Windows\system32\drivers\PCTAppEvent.sys
O41 - Driver: pctgntdi (pctgntdi) - C:\Windows\System32\drivers\pctgntdi.sys
O41 - Driver: pctplfw (pctplfw) - C:\Windows\System32\drivers\pctplfw.sys
O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERSaspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERSasacd.sys
O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERSasl2tp.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERSaspppoe.sys
O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERSassstp.sys
O41 - Driver: Répondeur de découverte de topologie de la couche de liaison (rspndr) - C:\WINDOWS\system32\DRIVERSspndr.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: PCTools Driver (SFilter) - C:\WINDOWS\system32\DRIVERS\pctfw.sys
O41 - Driver: @%SystemRoot%\system32	cpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Pilote de protocole IPv6 Microsoft (Tcpip6) - C:\WINDOWS\system32\DRIVERS	cpip.sys
O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS	unmp.sys
O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS	unnel.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys

---\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: AuralogComponentsUninstall9
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Defraggler (remove only)
O42 - Logiciel: eMule
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: HP Imaging Device Functions 8.0
O42 - Logiciel: HP Solution Center 8.0
O42 - Logiciel: HP Customer Participation Program 8.0
O42 - Logiciel: HP OCR Software 8.0
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Motamo 4.22
O42 - Logiciel: Mozilla Firefox (3.0.7)
O42 - Logiciel: nCleaner second 2.3.4.0
O42 - Logiciel: PC Tools Firewall Plus 5.0
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: scrabbleproB 1.0.11
O42 - Logiciel: Scrabble® 2003 Edition
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: UsbFix
O42 - Logiciel: VideoLAN VLC media player 0.8.6f
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: ZebHelpProcess 2.33.6
O42 - Logiciel: Google Earth
O42 - Logiciel: Java(TM) 6 Update 12
O42 - Logiciel: Free Games Offer, Desktop Shortcut
O42 - Logiciel: HP Product Assistant
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Acer Picture Slide DVD
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: NTI Backup NOW! 4.7
O42 - Logiciel: Acer ScreenSaver
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB959997)
O42 - Logiciel: Update for Office 2007 (KB946691)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB960003)
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB957242)
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB957246)
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
O42 - Logiciel: Acer Tour
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Acer Zone SoftDMA
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Adobe Reader 9 - Français
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer Zone MakeDisk
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: Acer Zone Main Page
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: 32 Bit HP CIO Components Installer
O42 - Logiciel: Acer Plug and Record
O42 - Logiciel: Acer Zone MagicDirector
O42 - Logiciel: Windows Live installer
O42 - Logiciel: HP Update

---\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\HP
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MicroWorld
O43 - CFD:Common File Directory - C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PC Tools
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Argument.html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\axaltocm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ControlSet.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Debug.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\eEmpty.exe -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ezsidmv.dat -->20/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ifxcardm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Interfaces.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcp80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcr80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32
tkrnlpa.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32
toskrnl.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\PathFF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Profils_FF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32pcss.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\w32apiw.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\PCTCore.sys -->13/03/2009

---\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATTRIB.CFEXE-54625609.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATTRIB.EXE-A990CB86.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVCENTER.EXE-AF580B74.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGARKT-SETUP-1.1.0.42.EXE-9A2EA6CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGARKT.EXE-C9045B69.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVWSC.EXE-18A3FCA0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.CFEXE-828101DC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.EXE-FE243694.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.TMP-DAEB2D62.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CF22972.EXE-DB75C2AB.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHCP.COM-61043047.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHKNTFS.EXE-4D884E7D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXECF-C5C11419.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMBOFIX-DOWNLOAD.CFEXE-8DB4FB4F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMBOFIX.EXE-2BF42296.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CUREIT.EXE-1DFD69FF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DUMPHIVE.CFEXE-8CBB994D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ERUNT.CFEXE-6260BB41.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIND.EXE-E2237F6D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.CFEXE-2C31CDB5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAVILA.EXE-B2359925.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GETPATHS.EXE-E690506B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GMER.EXE-E170290A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-27B06C3D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-8FD53E34.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-90940013.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-A09CA6F0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GREP.CFEXE-AF5B8A31.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GREP.CFEXE-F2435294.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GRPCONV.EXE-B823222B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GSAR.CFEXE-2E30A7CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GSAR.CFEXE-7118702F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HANDLE.CFEXE-29220A7A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HANDLE.CFEXE-A31F9D47.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDEC.EXE-0F1FADFA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDEC.EXE-FFBDB5DF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-9FD56571.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HJTINSTALL.EXE-88261B04.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LBPKSXW41E.EXE-447FA942.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOPSD.EXE-5FB3A725.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-A9F8D519.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-3CA56111.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MODE.COM-DB34C082.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOVEEX.CFEXE-24ADA02F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MTEE.CFEXE-7F5BD862.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\N.COM-F61C6F88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.CFEXE-5DB93D84.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.CFEXE-E3BBAAB7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.COM-EEFEA6B0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.EXE-3196DFA3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMDC.CFEXE-0814754B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSV.EXE-44EC46BD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSV.EXE-4FE3C523.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PEV.CFEXE-CE4851CA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PEV.CFEXE-DDAA49E5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PSEXEC.CFEXE-B434A123.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PSEXESVC.EXE-7F956DAF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.CFEXE-1E6D6CAC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.CFEXE-CDA21619.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.EXE-9B0EB19F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REG.EXE-E7E8BD26.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGCLEANER.EXE-9EE303F3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGT.CFEXE-D695AEFD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ROUTE.EXE-5E3D06CB.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RSIT(3).EXE-DB20A599.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-9959F0A7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-D8870C88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.CFEXE-428C1ABF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.CFEXE-51EE12DA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.EXE-3A5D7D2E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETPATH.EXE-4749BC02.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETUP.EXE-D31D1F84.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SF.EXE-3FF21543.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SORT.EXE-99A4F778.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSUPDATE.EXE-FC6B201A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.CFEXE-57B79243.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-3B27F432.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-599818A6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-68FA10C1.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWSC.CFEXE-6CC4FA4B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWSC.EXE-BE627F88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWXCACLS.CFEXE-8A6F12E6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWXCACLS.CFEXE-FFBBFDE3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TAIL.CFEXE-024B57D5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKLIST.EXE-C6CEE193.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNZIP.CFEXE-CAB59F0C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VFIND.EXE-4E7A985D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-52CF1F0C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\XTX847J.EXE-2F20DFC6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-B4567A37.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_START.EXE-FF3D2E40.pf -->22/04/2009

---\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

---\ Recherche d'infection de Base de Registres (O71)
O71 - BDRI:[hklm\software\microsoft\internet explorer\main]:start page - https://www.msn.com/fr-fr

loloetseb · Answer

Rapport hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:32, on 22/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\ZebHelpProcess\ZHP2.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecofree.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://www.tellmemorecampus.com
O15 - Trusted Zone: http://www.tellmemorecampus.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

loloetseb · Answer

Rapport combofix 1

ComboFix 09-04-22.A23 - Gavila 22/04/2009 17:37.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.33.1036.18.894.284 [GMT 2:00]
Lancé depuis: c:\users\Gavila\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\1.txt
c:\windows\system32	mp.reg
c:\windows\system32\w32apiw.dll

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-03-22 au 2009-04-22  ))))))))))))))))))))))))))))))))))))
.

2009-04-22 15:30 . 2009-04-22 15:30	168	----a-w	c:\windows\system32\Uninstall.html
2009-04-22 15:30 . 2009-04-22 15:30	134	----a-w	c:\windows\system32\Argument.html
2009-04-22 15:30 . 2009-04-22 15:30	1149	----a-w	c:\windows\system32\GenProc[].html
2009-04-22 15:09 . 2009-04-22 15:09	17677729	----a-w	C:\upload_moi_PC-de-Gavila.tar.gz
2009-04-22 15:02 . 2009-04-22 15:14	--------	d-----w	C:\FindyKill
2009-04-22 14:56 . 2009-04-22 14:56	--------	d---a-w	c:\windows\system32unouce.exe
2009-04-22 13:53 . 2009-04-22 14:56	52	----a-w	c:\windows\Lic.xxx
2009-04-22 13:52 . 2009-04-22 13:52	626688	----a-w	c:\windows\system32\msvcr80.dll
2009-04-22 13:52 . 2009-04-22 13:52	548864	----a-w	c:\windows\system32\msvcp80.dll
2009-04-22 13:52 . 2009-04-22 13:52	28672	----a-w	c:\windows\system32\eEmpty.exe
2009-04-22 13:52 . 2005-09-22 21:22	522	----a-w	c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-04-22 13:51 . 2009-04-22 13:51	--------	d-----w	c:\users\All Users\MicroWorld
2009-04-22 13:51 . 2009-04-22 13:51	--------	d-----w	c:\progra~2\MicroWorld
2009-04-22 12:03 . 2009-04-22 12:06	--------	d-----w	C:\Rooter$
2009-04-22 12:01 . 2009-04-22 12:02	--------	d-----w	C:\Rustbfix
2009-04-22 12:00 . 2009-04-22 12:00	--------	d-----w	C:\GenProc
2009-04-22 11:53 . 2009-04-22 13:05	--------	d---a-w	C:\autorun.inf
2009-04-22 11:45 . 2009-04-22 12:00	--------	d-----w	C:\UsbFix
2009-04-22 11:26 . 2009-04-22 11:26	--------	d-----w	C:sit
2009-04-17 19:07 . 2008-04-12 03:32	784896	----a-w	c:\windows\system32pcrt4.dll
2009-04-17 11:34 . 2009-04-17 11:34	0	---ha-w	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 11:25 . 2009-04-17 11:25	--------	d-----w	C:\PerfLogs
2009-04-16 06:29 . 2008-12-06 04:42	376832	----a-w	c:\windows\system32\winhttp.dll
2009-04-16 06:29 . 2008-06-06 03:27	38912	----a-w	c:\windows\system32\xolehlp.dll
2009-04-16 06:29 . 2008-06-06 03:27	562176	----a-w	c:\windows\system32\msdtcprx.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 15:19 . 2006-11-02 15:48	669328	----a-w	c:\windows\System32\perfh00C.dat
2009-04-22 15:19 . 2006-11-02 15:48	123350	----a-w	c:\windows\System32\perfc00C.dat
2009-04-22 15:15 . 2009-01-29 21:04	--------	d---a-w	c:\progra~2\TEMP
2009-04-22 15:14 . 2009-04-22 15:13	2150	----a-w	C:\FindyKill.txt
2009-04-22 15:12 . 2009-04-22 15:11	733	----a-w	C:apport_clean.txt
2009-04-22 15:12 . 2009-02-20 18:28	636	----a-w	C:esultat_clean.txt
2009-04-22 15:08 . 2009-02-20 13:51	--------	d-----w	c:\program files\Trend Micro
2009-04-22 15:07 . 2009-04-22 13:49	2264	----a-w	C:apport.txt
2009-04-22 13:52 . 2009-04-22 13:52	--------	d-----w	c:\program files\Common Files\MicroWorld
2009-04-22 13:47 . 2009-02-20 16:17	13030	----a-w	C:\PDOXUSRS.NET
2009-04-22 12:51 . 2009-04-22 12:08	3026	----a-w	C:\fixnavi.txt
2009-04-22 12:51 . 2009-04-22 12:07	--------	d-----w	c:\program files\Navilog1
2009-04-22 12:36 . 2009-04-22 12:23	--------	d-----w	c:\program files\Ad-remover
2009-04-22 12:34 . 2009-04-22 12:29	3212	----a-w	C:\Ad-Report-Clean-22.04.2009.log
2009-04-22 12:28 . 2009-04-22 12:23	2493	----a-w	C:\Ad-Report-Scan-22.04.2009.log
2009-04-22 12:22 . 2009-04-22 12:21	458	----a-w	C:\JavaRa.log
2009-04-22 11:25 . 2009-03-07 14:23	--------	d-----w	c:\program files\ZebHelpProcess
2009-04-22 06:54 . 2008-01-30 23:22	--------	d-----w	c:\program files\scrabbleproB1.0.7
2009-04-17 11:37 . 2006-11-02 12:50	174	--sha-w	c:\program files\desktop.ini
2009-04-17 11:32 . 2006-11-02 10:25	86016	----a-w	c:\windows\Inf\infstrng.dat
2009-04-17 11:32 . 2006-11-02 10:25	86016	----a-w	c:\windows\Inf\infstor.dat
2009-04-17 11:32 . 2006-11-02 10:25	51200	----a-w	c:\windows\Inf\infpub.dat
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Sidebar
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Calendar
2009-04-17 11:28 . 2006-11-02 11:18	--------	d-----w	c:\program files\Windows Mail
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Photo Gallery
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Journal
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Collaboration
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Defender
2009-04-17 11:25 . 2006-11-02 10:25	665600	----a-w	c:\windows\Inf\drvindex.dat
2009-04-17 07:22 . 2006-11-02 10:32	101888	----a-w	c:\windows\System32\ifxcardm.dll
2009-04-17 07:22 . 2006-11-02 10:32	82432	----a-w	c:\windows\System32\axaltocm.dll
2009-04-17 05:41 . 2008-05-01 12:29	--------	d-----w	c:\progra~2\Microsoft Help
2009-03-29 13:00 . 2009-02-20 16:04	--------	d-----w	c:\program files\SUPERAntiSpyware
2009-03-24 10:14 . 2009-03-24 10:14	--------	d-----w	c:\program files\Motamo
2009-03-17 07:56 . 2009-03-07 18:31	--------	d-----w	c:\program files\PC Tools Firewall Plus
2009-03-17 03:38 . 2009-04-16 06:28	40960	----a-w	c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 06:28	13824	----a-w	c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 06:28	24064	----a-w	c:\windows\System32\amxread.dll
2009-03-13 07:24 . 2009-03-13 07:24	130424	----a-w	c:\windows\system32\drivers\PCTCore.sys
2009-03-12 20:59 . 2009-01-24 01:39	--------	d-----w	c:\progra~2\Zylom
2009-03-07 18:32 . 2009-01-29 21:07	--------	d-----w	c:\program files\Common Files\PC Tools
2009-03-07 16:42 . 2009-02-20 16:45	3428	----a-w	C:\TCleaner.txt
2009-03-07 16:10 . 2008-01-20 20:43	--------	d-----w	c:\program files\Windows Live
2009-03-07 15:52 . 2009-03-07 15:52	--------	d-----w	c:\program files\RegCleaner
2009-03-07 15:45 . 2009-03-07 15:44	--------	d-----w	c:\program files\Common Files\Adobe
2009-03-07 15:10 . 2009-03-07 15:10	--------	d-----w	c:\program files\NKProds
2009-03-07 13:58 . 2008-01-25 23:53	--------	d-----w	c:\program files\Java
2009-03-07 13:57 . 2009-02-20 13:47	410984	----a-w	c:\windows\System32\deploytk.dll
2009-03-06 23:40 . 2009-03-06 23:40	268	---ha-w	C:\sqmdata12.sqm
2009-03-06 23:40 . 2009-03-06 23:40	244	---ha-w	C:\sqmnoopt12.sqm
2009-03-06 09:29 . 2009-03-06 09:29	268	---ha-w	C:\sqmdata11.sqm
2009-03-06 09:29 . 2009-03-06 09:29	244	---ha-w	C:\sqmnoopt11.sqm
2009-03-06 00:44 . 2009-03-06 00:44	268	---ha-w	C:\sqmdata10.sqm
2009-03-06 00:44 . 2009-03-06 00:44	244	---ha-w	C:\sqmnoopt10.sqm
2009-03-05 07:16 . 2009-03-05 07:16	268	---ha-w	C:\sqmdata09.sqm
2009-03-05 07:16 . 2009-03-05 07:16	244	---ha-w	C:\sqmnoopt09.sqm
2009-03-04 22:39 . 2009-03-04 22:39	268	---ha-w	C:\sqmdata08.sqm
2009-03-04 22:39 . 2009-03-04 22:39	244	---ha-w	C:\sqmnoopt08.sqm
2009-03-04 05:30 . 2009-03-04 05:30	268	---ha-w	C:\sqmdata07.sqm
2009-03-04 05:30 . 2009-03-04 05:30	244	---ha-w	C:\sqmnoopt07.sqm
2009-03-03 04:46 . 2009-04-16 06:28	3599328	----a-w	c:\windows\System32
tkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 06:28	3547632	----a-w	c:\windows\System32
toskrnl.exe
2009-03-03 04:40 . 2009-04-16 06:28	827392	----a-w	c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 06:28	183296	----a-w	c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 06:28	551424	----a-w	c:\windows\System32pcss.dll
2009-03-03 04:39 . 2009-04-16 06:28	26112	----a-w	c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 06:28	78336	----a-w	c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 06:28	98304	----a-w	c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 06:28	44032	----a-w	c:\windows\System32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 06:28	54784	----a-w	c:\windows\System32\iasads.dll
2009-03-03 03:04 . 2009-04-16 06:28	666624	----a-w	c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 06:28	17408	----a-w	c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 06:28	26624	----a-w	c:\windows\System32\ieUnatt.exe
2009-02-27 14:54 . 2009-02-27 14:54	--------	d-----w	c:\progra~2\HP Product Assistant
2009-02-24 22:09 . 2009-02-24 22:09	268	---ha-w	C:\sqmdata06.sqm
2009-02-24 22:09 . 2009-02-24 22:09	244	---ha-w	C:\sqmnoopt06.sqm
2009-02-23 22:28 . 2009-02-23 22:28	268	---ha-w	C:\sqmdata05.sqm
2009-02-23 22:28 . 2009-02-23 22:28	244	---ha-w	C:\sqmnoopt05.sqm
2009-02-22 13:36 . 2009-02-22 13:36	244	---ha-w	C:\sqmnoopt04.sqm
2009-02-22 13:36 . 2009-02-22 13:36	232	---ha-w	C:\sqmdata04.sqm
2009-02-22 13:35 . 2009-02-22 13:35	244	---ha-w	C:\sqmnoopt03.sqm
2009-02-22 13:35 . 2009-02-22 13:35	232	---ha-w	C:\sqmdata03.sqm
2009-02-20 18:21 . 2009-02-20 18:21	268	---ha-w	C:\sqmdata02.sqm
2009-02-20 18:21 . 2009-02-20 18:21	244	---ha-w	C:\sqmnoopt02.sqm
2009-02-20 15:50 . 2009-02-20 15:50	268	---ha-w	C:\sqmdata01.sqm
2009-02-20 15:50 . 2009-02-20 15:50	244	---ha-w	C:\sqmnoopt01.sqm
2009-02-20 15:29 . 2009-02-20 15:29	268	---ha-w	C:\sqmdata00.sqm
2009-02-20 15:29 . 2009-02-20 15:29	244	---ha-w	C:\sqmnoopt00.sqm
2009-02-13 08:49 . 2009-04-16 06:28	72704	----a-w	c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 06:28	1255936	----a-w	c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 07:44	2033152	----a-w	c:\windows\System32\win32k.sys
2009-01-27 00:06 . 2009-01-23 09:37	164345	----a-w	c:\windows\hpoins19.dat
2008-02-24 09:35 . 2008-02-24 09:35	16384	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-24 09:35 . 2008-02-24 09:35	32768	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-24 09:35 . 2008-02-24 09:35	16384	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\!SASWinLogon]
2008-12-22 10:05	356352	----a-w	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{A241450E-810E-4B10-8253-B1F7C675FB0E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{20C638C9-FD40-4D84-94E4-65ED66B03426}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{97AFC5DF-E008-4027-9C83-56B55E6160FC}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{413118EA-CABB-4F22-9776-5A85C036DD48}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{D4327A3E-F484-4F7D-822A-13E2504F147E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{623B3D23-0A70-4B73-95E0-490CC7B10EE3}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{2DF05712-50D8-4A89-B9DC-6180CBAA70A1}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5EDD989F-D444-46A9-B3B2-4B8FFEF6E4B5}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BF4BBAE4-2B77-4D5A-B24A-9A980BE8EB3A}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-29 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-18 73840]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-21 95640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf1f81a1-a7ea-11dd-a752-0019db575879}]
\shell\EmDesk\command - J:\EmDesk.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ecofree.org/
mWindow Title = 
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: tellmemorecampus.com\www
Trusted Zone: tellmemorecampus.com\www
FF - ProfilePath - c:\users\Gavila\AppData\Roaming\Mozilla\Firefox\Profiles\v7838o5s.default\
FF - plugin: c:\users\Gavila\AppData\Roaming\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 17:40
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 


c:\users\Gavila\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1984)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
.
Heure de fin: 2009-04-22 17:42
ComboFix-quarantined-files.txt  2009-04-22 15:42
ComboFix2.txt  2009-04-22 13:19

Avant-CF: 48 178 585 600 octets libres
Après-CF: 48 059 187 200 octets libres

250	--- E O F ---	2009-04-18 01:02

loloetseb · Answer

J'ai refais combo,ceci est revenu et a ete encore supprimé

c:\windows\system32\w32apiw.dll

Rapport otview it avant plantage

OTViewIt logfile created on: 23/04/2009 00:27:06 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0     Folder = C:\Users\Gavila\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
893,77 Mb Total Physical Memory | 295,73 Mb Available Physical Memory | 33,09% Memory free
2,01 Gb Paging File | 1,01 Gb Available in Paging File | 50,53% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 43,94 Gb Free Space | 61,65% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 70,57 Gb Free Space | 99,49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-DE-GAVILA
Current User Name: Gavila
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[color=orange]========== Processes ==========[/color]
 
[2008/01/19 09:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 09:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/01/22 22:38:19 | 00,643,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/01/19 09:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/01/22 22:38:19 | 00,643,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/01/19 09:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/19 09:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32	askeng.exe
[2008/10/15 14:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2006/12/18 14:27:12 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
[2008/10/15 14:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2006/10/19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2008/12/11 17:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
[2005/01/21 13:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2008/05/27 07:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/01/19 09:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2006/12/14 16:38:46 | 00,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
[2006/11/09 04:57:00 | 03,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2006/11/23 16:24:54 | 00,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
[2006/11/17 09:26:58 | 00,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
[2008/06/12 14:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2009/02/23 11:49:16 | 02,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
[2008/01/19 09:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2009/03/29 15:00:56 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[2007/01/02 22:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2006/12/10 22:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
[2008/01/19 09:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32	askeng.exe
[2009/02/20 05:09:23 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/09/16 21:17:12 | 00,968,704 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
[2009/04/22 23:05:12 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[2008/01/19 09:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32	askeng.exe
[2008/05/27 07:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/05/27 07:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/04/22 22:55:18 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Gavila\Desktop\OTViewIt.exe
 
[color=orange]========== (O23) Win32 Services ==========[/color]
 
[2006/12/18 14:27:12 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
File not found --  -- (AntiVirScheduler [Auto | Running])
File not found --  -- (AntiVirService [Auto | Running])
[2008/01/22 22:38:19 | 00,643,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
File not found --  -- (CertPropSvc [Unknown | Running])
[2008/07/27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found --  -- (DcomLaunch [Unknown | Running])
[2008/01/19 09:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/19 09:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/19 09:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/12/14 16:38:46 | 00,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
[2008/01/05 13:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/01/19 09:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
File not found --  -- (LightScribeService [Auto | Running])
[2006/11/02 15:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/05 13:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found --  -- (odserv [On_Demand | Stopped])
File not found --  -- (ose [On_Demand | Stopped])
File not found --  -- (PCToolsFirewallPlus [Auto | Running])
File not found --  -- (RichVideo [Auto | Running])
[2008/01/19 09:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found --  -- (Schedule [Unknown | Running])
File not found --  -- (SCPolicySvc [Unknown | Stopped])
[2008/01/19 09:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 11:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found --  -- (Steam Client Service [On_Demand | Stopped])
[2008/01/19 09:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/19 09:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found --  -- (WdiServiceHost [Unknown | Stopped])
File not found --  -- (WdiSystemHost [Unknown | Running])
File not found --  -- (WLSetupSvc [On_Demand | Stopped])
[2008/05/27 07:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
 
[color=orange]========== Driver Services ==========[/color]
 
[2006/11/02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 11:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 11:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 11:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 10:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/01/22 23:39:48 | 03,482,112 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2006/10/30 17:22:26 | 00,008,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie [Boot | Running])
File not found --  -- (avgio [System | Running])
File not found --  -- (avgntflt [On_Demand | Running])
[2008/10/30 11:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2008/01/19 07:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 10:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 10:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/19 09:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 11:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 11:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/19 07:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/01/19 07:49:12 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4 [On_Demand | Stopped])
[2008/01/19 07:49:09 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2008/01/19 07:49:10 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2008/08/02 03:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 09:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/19 07:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/19 09:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/19 07:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 11:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 09:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/19 06:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 10:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 10:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/12/07 19:12:02 | 00,076,584 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15 [Auto | Running])
[2006/11/08 13:09:00 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 10:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/19 09:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 10:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/01/19 07:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 07:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/19 07:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 11:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/19 07:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/27 03:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/19 07:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 11:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 11:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/19 09:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/19 09:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/20 04:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers
wifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers
frd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/19 07:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers
siproxy.sys -- (nsiproxy [System | Running])
[2006/12/13 11:34:05 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[2006/11/02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers
trigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 11:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers
vraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers
vstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 11:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2008/12/18 13:16:56 | 00,073,840 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent [Auto | Running])
[2008/12/11 09:38:22 | 00,159,600 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi [System | Running])
[2009/01/21 11:38:32 | 00,095,640 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw [On_Demand | Running])
[2006/11/02 11:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/05 03:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/11/10 16:10:50 | 00,010,624 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\psdfilter.sys -- (PSDFilter [Boot | Running])
[2006/11/10 16:21:16 | 00,007,936 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ [Boot | Running])
[2006/11/08 17:11:30 | 00,053,760 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\psdvdisk.sys -- (psdvdisk [Boot | Running])
[2006/11/02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/19 07:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/22 23:39:48 | 03,482,112 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008/01/19 07:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driversassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/19 08:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/19 07:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driversspndr.sys -- (rspndr [Auto | Running])
File not found --  -- (SASDIFSV [System | Running])
File not found --  -- (SASENUM [On_Demand | Running])
File not found --  -- (SASKUTIL [System | Running])
[2006/11/02 11:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 07:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 10:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 10:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 10:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/09/22 13:29:18 | 00,097,408 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter [On_Demand | Running])
[2006/11/02 11:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 11:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/19 07:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/19 09:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/19 07:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/19 07:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/11/08 19:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2006/11/02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/19 07:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers	cpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/19 07:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers	dx.sys -- (tdx [System | Running])
[2008/01/19 08:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers	ssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2008/01/19 07:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/19 07:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers	unnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 11:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/08/29 04:30:04 | 00,013,952 | ---- | M] () -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
[2006/11/02 11:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/19 07:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 10:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 10:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 10:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 11:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 09:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/19 09:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 10:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 11:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/19 09:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 10:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/19 07:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006/11/09 03:52:32 | 00,194,560 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])
 
[color=orange]========== (R ) Internet Explorer ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=https://www.google.com/?gws_rd=ssl
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SYSTEM32\blank.htm
"Search Page"=https://www.google.com/?gws_rd=ssl
"Security Risk Page"=about:SecurityRisk
"Start Page"=https://www.msn.com/fr-fr
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.google.com/toolbar/ie8/sidebar.html
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_search_url"=https://www.google.com/?gws_rd=ssl
"Default_Secondary_Page_URL"=
"Local Page"=C:\Windows\SYSTEM32\blank.htm
"SEARCH PAGE"=https://www.google.com/?gws_rd=ssl
"Start Page"=https://www.msn.com/fr-fr/
"StartPageCache"=
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
 
[color=orange]========== (O1) Hosts File ==========[/color]
 
HOSTS File = (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1       localhost
 
[color=orange]========== (O2) BHO's ==========[/color]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Programmes\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Programmes\Java\jre6\bin\jp2ssv.dll File not found
 
[color=orange]========== (O3) Toolbars ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" (HKLM) -- C:\Windows\System32\eDStoolbar.dll (HiTRUST)
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" (HKLM) -- C:\Windows\System32\eDStoolbar.dll (HiTRUST)
 
[color=orange]========== (O4) Run Keys ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s File not found
"Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe ()
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min File not found
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File not found
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
 
[color=orange]========== (O6 & O7) Current Version Policies ==========[/color]
 
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"HomePage"=0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
"NoLogOff"=0
"NoControlPanel"=0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"EnableUIADesktopToggle"=0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWinKeys"=0
"NoDriveAutoRun"=FF FF FF FF  [binary data]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
 
[color=orange]========== (O8) IE Context Menu Extensions ==========[/color]
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Programmes\Microsoft Office\Office12\EXCEL.EXE File not found
 
[color=orange]========== (O9) IE Extensions ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %SystemDrive%\Programmes\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\Programmes\Microsoft Office\Office12\REFIEBAR.DLL File not found
 
[color=orange]========== (O12) Internet Explorer Plugins ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" =  Microsoft ActiveX Gallery
 
[color=orange]========== (O13) Default Prefixes ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
 
[color=orange]========== (O15) Trusted Sites ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
tellmemorecampus.com\www: http in Computer
1 domain(s) and sub-domain(s) not assigned to a zone.
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
mks.com.pl: https in Sites de confiance
tellmemorecampus.com\www: http in Computer
1 domain(s) and sub-domain(s) not assigned to a zone.
 
[color=orange]========== (O16) DPF ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab -- Java Plug-in 1.6.0_12
 
[color=orange]========== (O17) DNS Name Servers ==========[/color]
 
{33417D56-5BD1-4033-BD59-4783FF91B01D} (Servers:  | Description: Generic Marvell Yukon 88E8056 based Ethernet Controller)
 
[color=orange]========== (O20) Winlogon Notify Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Programmes\SUPERAntiSpyware\SASWINLO.dll File not found
 
[color=orange]========== HKLM *SecurityProviders* ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 09:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
 
[color=orange]========== LSA *Security Packages* ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 09:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll
 
[color=orange]========== Safeboot Options ==========[/color]
 
"AlternateShell"=cmd.exe
 
[color=orange]========== CDRom AutoRun Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
 
[color=orange]========== Autorun Files on Drives ==========[/color]
 
autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 23:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]
 
autorun.inf []
[2009/04/22 15:05:10 | 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]
 
autorun.inf []
[2009/04/22 13:53:17 | 00,000,000 | RHSD | M] -- D:\autorun.inf -- [ NTFS ]
 
[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[1 C:\Windows\System32\*.tmp files]
[2009/04/22 23:29:53 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/04/22 22:48:04 | 00,000,000 | ---D | C] -- C:sit
[2009/04/22 22:45:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/22 22:45:57 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/22 22:45:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/22 22:45:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/22 22:19:27 | 93,794,3040 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/22 20:38:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\w32apiw.dll
[2009/04/22 19:51:28 | 12,736,0296 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/04/22 19:33:29 | 00,000,026 | ---- | C] () -- C:\23990098.$$$
[2009/04/22 19:15:48 | 13,117,471 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\zts2.exe
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\vcmgcd32.dll
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\systems.txt
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\iifgfgf.dll
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windowsundll16.exe
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windowsundl132.dll
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2009/04/22 17:40:44 | 00,000,000 | ---D | C] -- C:\Windows	emp
[2009/04/22 17:30:34 | 00,000,168 | ---- | C] () -- C:\Windows\System32\Uninstall.html
[2009/04/22 17:30:34 | 00,000,134 | ---- | C] () -- C:\Windows\System32\Argument.html
[2009/04/22 17:30:33 | 00,001,149 | ---- | C] () -- C:\Windows\System32\GenProc[].html
[2009/04/22 17:09:49 | 17,677,729 | ---- | C] () -- C:\upload_moi_PC-de-Gavila.tar.gz
[2009/04/22 16:56:16 | 00,000,000 | ---D | C] -- C:\Windows\System32unouce.exe
[2009/04/22 15:53:22 | 00,000,052 | ---- | C] () -- C:\Windows\Lic.xxx
[2009/04/22 15:52:32 | 00,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2009/04/22 15:52:31 | 00,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2009/04/22 15:52:30 | 00,028,672 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2009/04/22 15:52:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2009/04/22 15:51:57 | 00,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2009/04/22 15:15:03 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/04/22 15:15:03 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/04/22 15:13:14 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/22 14:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\Ad-remover
[2009/04/22 14:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/04/22 14:03:37 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/22 13:53:17 | 00,000,000 | ---D | C] -- C:\autorun.inf
[2009/04/19 12:13:34 | 00,000,294 | ---- | C] () -- C:\Windows	asks\WebReg PSC 1500 series.job
[2009/04/18 03:01:51 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/18 03:01:51 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/04/18 03:01:51 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/18 03:01:51 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/04/18 03:01:49 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/04/18 03:01:49 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32	hawbrkr.dll
[2009/04/18 03:01:49 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/04/18 03:01:49 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/04/18 03:01:49 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/04/18 03:01:49 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/04/18 03:01:49 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/04/18 03:01:49 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/04/18 03:01:48 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/04/18 03:01:48 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/04/18 03:01:48 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/04/18 03:01:48 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/04/18 03:01:48 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32
lhtml.dll
[2009/04/18 03:01:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/04/18 03:01:48 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/04/18 03:01:48 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32tffilt.dll
[2009/04/18 03:01:48 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/04/18 03:01:47 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/04/18 03:01:47 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/04/18 03:01:47 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32	query.dll
[2009/04/18 03:01:47 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/04/18 03:01:47 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/04/18 03:01:46 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/04/18 03:01:46 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/04/18 03:01:46 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/04/18 03:01:46 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/04/17 21:07:43 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32pcrt4.dll
[2009/04/17 21:07:41 | 00,891,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers	cpip.sys
[2009/04/17 21:07:41 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/04/17 21:07:41 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/04/17 21:07:40 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/04/17 21:07:40 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/04/17 21:07:39 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/04/17 21:07:39 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/04/17 21:07:39 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers
wifi.sys
[2009/04/17 21:07:39 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/04/17 21:07:39 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/04/17 21:07:38 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/04/17 21:07:38 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/04/17 21:07:38 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/04/17 21:07:38 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/04/17 21:07:38 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/04/17 21:07:38 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/04/17 21:07:38 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/04/17 21:07:38 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/04/17 13:34:09 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/04/17 13:25:49 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2009/04/16 08:29:09 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 08:29:07 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 08:29:07 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 08:28:58 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 08:28:58 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32pcss.dll
[2009/04/16 08:28:58 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 08:28:58 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/16 08:28:57 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32
tkrnlpa.exe
[2009/04/16 08:28:56 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32
toskrnl.exe
[2009/04/16 08:28:56 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 08:28:56 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 08:28:55 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 08:28:55 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 08:28:52 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 08:28:52 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 08:28:52 | 00,441,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/04/16 08:28:52 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 08:28:51 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 08:28:51 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/16 08:28:51 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/04/16 08:28:47 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/16 08:28:47 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/16 08:28:45 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/16 08:28:45 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/16 08:28:44 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/16 08:28:44 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/16 08:28:44 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/16 08:28:44 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/16 08:28:44 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/16 08:28:43 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/16 08:28:43 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/16 08:28:43 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/04/16 08:28:43 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/16 08:28:42 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/16 08:28:42 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/16 08:28:42 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/24 12:14:29 | 00,000,732 | ---- | C] () -- C:\Users\Public\Desktop\Motamo.lnk
[2009/03/24 12:14:29 | 00,000,000 | ---D | C] -- C:\Program Files\Motamo
 
[color=orange]========== Files - Modified Within 30 Days ==========[/color]
 
[1 C:\Windows\System32\*.tmp files]
[2009/04/23 00:24:35 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/04/22 23:55:33 | 01,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/22 23:55:33 | 00,669,328 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/04/22 23:55:33 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/22 23:55:33 | 00,123,350 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/04/22 23:55:33 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/22 23:50:08 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/22 23:50:07 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/22 23:50:06 | 00,371,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/22 23:49:58 | 00,000,006 | -H-- | M] () -- C:\Windows	asks\SA.DAT
[2009/04/22 23:49:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/22 23:49:44 | 93,794,3040 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/22 22:45:57 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/22 21:20:28 | 00,000,052 | ---- | M] () -- C:\Windows\Lic.xxx
[2009/04/22 20:40:37 | 00,000,000 | ---- | M] () -- C:\Windows\System32\w32apiw.dll
[2009/04/22 19:51:49 | 12,736,0296 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/04/22 19:33:29 | 00,000,026 | ---- | M] () -- C:\23990098.$$$
[2009/04/22 19:17:12 | 13,117,471 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2009/04/22 18:51:25 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/04/22 17:40:52 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/04/22 17:30:34 | 00,001,149 | ---- | M] () -- C:\Windows\System32\GenProc[].html
[2009/04/22 17:30:34 | 00,000,168 | ---- | M] () -- C:\Windows\System32\Uninstall.html
[2009/04/22 17:30:34 | 00,000,134 | ---- | M] () -- C:\Windows\System32\Argument.html
[2009/04/22 17:09:49 | 17,677,729 | ---- | M] () -- C:\upload_moi_PC-de-Gavila.tar.gz
[2009/04/22 15:52:31 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2009/04/22 15:52:30 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2009/04/22 15:52:29 | 00,028,672 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2009/04/21 09:58:08 | 00,109,568 | ---- | M] () -- C:\Windows\VFIND.exe
[2009/04/19 12:13:35 | 00,000,294 | ---- | M] () -- C:\Windows	asks\WebReg PSC 1500 series.job
[2009/04/17 13:37:37 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2009/04/17 13:37:37 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/04/17 13:37:37 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/17 13:34:09 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/04/17 09:22:33 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2009/04/17 09:22:26 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2009/04/06 16:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/24 12:14:29 | 00,000,732 | ---- | M] () -- C:\Users\Public\Desktop\Motamo.lnk
< End of report >

loloetseb · Answer

Rapport ot de 3 clefs de registre verrolés que j'ai viré

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key hklm\software\microsoft\internet explorer\extension compatibility\{43d9e6f0-1776-4897-ae14-ecedecbafec0}\ deleted successfully.
Registry key hklm\software\microsoft\internet explorer\extension compatibility\{5a074b29-f830-49de-a31b-5bb9d7f6b407}\ deleted successfully.
Registry key hklm\software\microsoft\internet explorer\extension compatibility\{5a074b21-f830-49de-a31b-5bb9d7f6b407}\ deleted successfully.
Registry key hklm\software\microsoft\shared tools\msconfig\startupreg\skype\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF862C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04222009_234758

Files moved on Reboot...
C:\Users\Gavila\AppData\Local\Temp\~DF862C.tmp moved successfully.

loloetseb · Answer

Re scan escan en mode normal,retour des meme infection qu'en debut d'apres midi

Objet "Backdoor (IRCBot) Trojans Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
Objet "Spyware.ExpressKeylog Corrupted Adware/Spyware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
Objet "DiskKnight Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
Objet "AntiSpyware Pro XP Corrupted Adware/Spyware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
Entrée "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" se réfère à l'objet invalide ".tmp". Mesure prise : Entrées supprimées.

gen-hackman · Answer

desinstalle navilog et AD-R ensuite : __________________________________________________________ =>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<= =>il est fort déconseillé de le transposer sur un autre ordinateur !<=====| --------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) • Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- File:: c:\windows\system32\eEmpty.exe c:\windows\Lic.xxx c:\windows\system32\runouce.exe C:\autorun.inf ------------------------------------------------------------------ • Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt • Quitte le Bloc Notes • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. • Une fois le scan achevé, un rapport va s'afficher: poste son contenu. • Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

loloetseb · Answer

Tiens le detail des infections qu'a detecté  escan.Y'a des clefs du root mais qui revienne donc faut trouver plus haut

23 avr. 2009 01:19:46 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB})! Action taken: Entrées supprimées.
23 avr. 2009 01:19:46 - Objet "Parentis Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:53 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67})! Action taken: Entrées supprimées.
23 avr. 2009 01:19:53 - Objet "Parentis Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:54 - Offending Key found: HKCU\Software\Kazaa !!!
23 avr. 2009 01:19:54 - Deleting Registry Key: HKCU\Software\Kazaa
23 avr. 2009 01:19:54 - Objet "kazaa Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
23 avr. 2009 01:19:56 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "Backdoor (IRCBot) Trojans Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
23 avr. 2009 01:19:56 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "Backdoor (IRCBot) Trojans Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
23 avr. 2009 01:19:56 - System found infected with Spyware.ExpressKeylog Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "Spyware.ExpressKeylog Corrupted Adware/Spyware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKLM\SOFTWARE\Knight
23 avr. 2009 01:19:56 - System found infected with DiskKnight Adware (HKLM\SOFTWARE\Knight)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "DiskKnight Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
23 avr. 2009 01:19:56 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "AntiSpyware Pro XP Corrupted Adware/Spyware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

gen-hackman · Answer

ok j'attends le resultat du post 6

loloetseb · Answer

ComboFix 09-04-23.02 - Gavila 23/04/2009  1:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.33.1036.18.894.395 [GMT 2:00]
Lancé depuis: c:\users\Gavila\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Gavila\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
 * Un nouveau point de restauration a été créé

FILE ::
C:\autorun.inf
c:\windows\Lic.xxx
c:\windows\system32\eEmpty.exe
c:\windows\system32unouce.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Lic.xxx
c:\windows\system32\eEmpty.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-03-23 au 2009-04-23  ))))))))))))))))))))))))))))))))))))
.

2009-04-22 22:43 . 2009-04-22 22:43	--------	d-----w	C:\ToolBar SD
2009-04-22 21:29 . 2009-04-22 21:29	--------	d-----w	C:\_OTMoveIt
2009-04-22 20:48 . 2009-04-22 20:48	--------	d-----w	C:sit
2009-04-22 20:45 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-22 20:45 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 17:51 . 2009-04-22 17:51	127360296	----a-w	c:\windows\MEMORY.DMP
2009-04-22 17:33 . 2009-04-22 23:20	26	----a-w	C:\23990098.$$$
2009-04-22 17:15 . 2009-04-22 17:17	13117471	----a-w	c:\windows\REGBK00.ZIP
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\zts2.exe
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\system32\vcmgcd32.dll
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\system32\systems.txt
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\system32\iifgfgf.dll
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windowsundll16.exe
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windowsundl132.dll
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\logo1_.exe
2009-04-22 15:30 . 2009-04-22 15:30	168	----a-w	c:\windows\system32\Uninstall.html
2009-04-22 15:30 . 2009-04-22 15:30	134	----a-w	c:\windows\system32\Argument.html
2009-04-22 15:30 . 2009-04-22 15:30	1149	----a-w	c:\windows\system32\GenProc[].html
2009-04-22 15:09 . 2009-04-22 15:09	17677729	----a-w	C:\upload_moi_PC-de-Gavila.tar.gz
2009-04-22 14:56 . 2009-04-22 14:56	--------	d---a-w	c:\windows\system32unouce.exe
2009-04-22 13:52 . 2009-04-22 13:52	626688	----a-w	c:\windows\system32\msvcr80.dll
2009-04-22 13:52 . 2009-04-22 13:52	548864	----a-w	c:\windows\system32\msvcp80.dll
2009-04-22 13:52 . 2005-09-22 21:22	522	----a-w	c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-04-22 13:51 . 2009-04-22 13:51	--------	d-----w	c:\users\All Users\MicroWorld
2009-04-22 13:51 . 2009-04-22 13:51	--------	d-----w	c:\progra~2\MicroWorld
2009-04-22 12:03 . 2009-04-22 12:06	--------	d-----w	C:\Rooter$
2009-04-22 11:53 . 2009-04-22 13:05	--------	d---a-w	C:\autorun.inf
2009-04-17 19:07 . 2008-04-12 03:32	784896	----a-w	c:\windows\system32pcrt4.dll
2009-04-17 11:34 . 2009-04-17 11:34	0	---ha-w	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 11:25 . 2009-04-17 11:25	--------	d-----w	C:\PerfLogs
2009-04-16 06:29 . 2008-12-06 04:42	376832	----a-w	c:\windows\system32\winhttp.dll
2009-04-16 06:29 . 2008-06-06 03:27	38912	----a-w	c:\windows\system32\xolehlp.dll
2009-04-16 06:29 . 2008-06-06 03:27	562176	----a-w	c:\windows\system32\msdtcprx.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 23:19 . 2009-04-22 20:45	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-22 22:43 . 2009-04-22 17:08	1475	----a-w	C:\TB.txt
2009-04-22 22:37 . 2006-11-02 15:48	669328	----a-w	c:\windows\System32\perfh00C.dat
2009-04-22 22:37 . 2006-11-02 15:48	123350	----a-w	c:\windows\System32\perfc00C.dat
2009-04-22 22:33 . 2009-01-29 21:04	--------	d---a-w	c:\progra~2\TEMP
2009-04-22 22:24 . 2009-02-20 16:17	13030	----a-w	C:\PDOXUSRS.NET
2009-04-22 20:50 . 2009-03-07 14:23	--------	d-----w	c:\program files\ZebHelpProcess
2009-04-22 18:29 . 2009-04-22 12:08	1726	----a-w	C:\fixnavi.txt
2009-04-22 17:04 . 2009-04-22 16:46	9186	----a-w	C:\lopR.txt
2009-04-22 17:03 . 2009-04-22 17:01	5177	----a-w	C:\UsbFix.txt
2009-04-22 16:17 . 2009-02-20 13:51	--------	d-----w	c:\program files\Trend Micro
2009-04-22 15:12 . 2009-04-22 15:11	733	----a-w	C:apport_clean.txt
2009-04-22 15:12 . 2009-02-20 18:28	636	----a-w	C:esultat_clean.txt
2009-04-22 15:07 . 2009-04-22 13:49	2264	----a-w	C:apport.txt
2009-04-22 13:52 . 2009-04-22 13:52	--------	d-----w	c:\program files\Common Files\MicroWorld
2009-04-22 12:34 . 2009-04-22 12:29	3212	----a-w	C:\Ad-Report-Clean-22.04.2009.log
2009-04-22 12:28 . 2009-04-22 12:23	2493	----a-w	C:\Ad-Report-Scan-22.04.2009.log
2009-04-22 12:22 . 2009-04-22 12:21	458	----a-w	C:\JavaRa.log
2009-04-22 06:54 . 2008-01-30 23:22	--------	d-----w	c:\program files\scrabbleproB1.0.7
2009-04-17 11:37 . 2006-11-02 12:50	174	--sha-w	c:\program files\desktop.ini
2009-04-17 11:32 . 2006-11-02 10:25	86016	----a-w	c:\windows\Inf\infstrng.dat
2009-04-17 11:32 . 2006-11-02 10:25	86016	----a-w	c:\windows\Inf\infstor.dat
2009-04-17 11:32 . 2006-11-02 10:25	51200	----a-w	c:\windows\Inf\infpub.dat
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Sidebar
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Calendar
2009-04-17 11:28 . 2006-11-02 11:18	--------	d-----w	c:\program files\Windows Mail
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Photo Gallery
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Journal
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Collaboration
2009-04-17 11:28 . 2006-11-02 12:37	--------	d-----w	c:\program files\Windows Defender
2009-04-17 11:25 . 2006-11-02 10:25	665600	----a-w	c:\windows\Inf\drvindex.dat
2009-04-17 07:22 . 2006-11-02 10:32	101888	----a-w	c:\windows\System32\ifxcardm.dll
2009-04-17 07:22 . 2006-11-02 10:32	82432	----a-w	c:\windows\System32\axaltocm.dll
2009-04-17 05:41 . 2008-05-01 12:29	--------	d-----w	c:\progra~2\Microsoft Help
2009-03-29 13:00 . 2009-02-20 16:04	--------	d-----w	c:\program files\SUPERAntiSpyware
2009-03-24 10:14 . 2009-03-24 10:14	--------	d-----w	c:\program files\Motamo
2009-03-17 07:56 . 2009-03-07 18:31	--------	d-----w	c:\program files\PC Tools Firewall Plus
2009-03-17 03:38 . 2009-04-16 06:28	40960	----a-w	c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 06:28	13824	----a-w	c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 06:28	24064	----a-w	c:\windows\System32\amxread.dll
2009-03-13 07:24 . 2009-03-13 07:24	130424	----a-w	c:\windows\system32\drivers\PCTCore.sys
2009-03-12 20:59 . 2009-01-24 01:39	--------	d-----w	c:\progra~2\Zylom
2009-03-07 18:32 . 2009-01-29 21:07	--------	d-----w	c:\program files\Common Files\PC Tools
2009-03-07 16:42 . 2009-02-20 16:45	3428	----a-w	C:\TCleaner.txt
2009-03-07 16:10 . 2008-01-20 20:43	--------	d-----w	c:\program files\Windows Live
2009-03-07 15:52 . 2009-03-07 15:52	--------	d-----w	c:\program files\RegCleaner
2009-03-07 15:45 . 2009-03-07 15:44	--------	d-----w	c:\program files\Common Files\Adobe
2009-03-07 15:10 . 2009-03-07 15:10	--------	d-----w	c:\program files\NKProds
2009-03-07 13:58 . 2008-01-25 23:53	--------	d-----w	c:\program files\Java
2009-03-07 13:57 . 2009-02-20 13:47	410984	----a-w	c:\windows\System32\deploytk.dll
2009-03-06 23:40 . 2009-03-06 23:40	268	---ha-w	C:\sqmdata12.sqm
2009-03-06 23:40 . 2009-03-06 23:40	244	---ha-w	C:\sqmnoopt12.sqm
2009-03-06 09:29 . 2009-03-06 09:29	268	---ha-w	C:\sqmdata11.sqm
2009-03-06 09:29 . 2009-03-06 09:29	244	---ha-w	C:\sqmnoopt11.sqm
2009-03-06 00:44 . 2009-03-06 00:44	268	---ha-w	C:\sqmdata10.sqm
2009-03-06 00:44 . 2009-03-06 00:44	244	---ha-w	C:\sqmnoopt10.sqm
2009-03-05 07:16 . 2009-03-05 07:16	268	---ha-w	C:\sqmdata09.sqm
2009-03-05 07:16 . 2009-03-05 07:16	244	---ha-w	C:\sqmnoopt09.sqm
2009-03-04 22:39 . 2009-03-04 22:39	268	---ha-w	C:\sqmdata08.sqm
2009-03-04 22:39 . 2009-03-04 22:39	244	---ha-w	C:\sqmnoopt08.sqm
2009-03-04 05:30 . 2009-03-04 05:30	268	---ha-w	C:\sqmdata07.sqm
2009-03-04 05:30 . 2009-03-04 05:30	244	---ha-w	C:\sqmnoopt07.sqm
2009-03-03 04:46 . 2009-04-16 06:28	3599328	----a-w	c:\windows\System32
tkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 06:28	3547632	----a-w	c:\windows\System32
toskrnl.exe
2009-03-03 04:40 . 2009-04-16 06:28	827392	----a-w	c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 06:28	183296	----a-w	c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 06:28	551424	----a-w	c:\windows\System32pcss.dll
2009-03-03 04:39 . 2009-04-16 06:28	26112	----a-w	c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 06:28	78336	----a-w	c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 06:28	98304	----a-w	c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 06:28	44032	----a-w	c:\windows\System32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 06:28	54784	----a-w	c:\windows\System32\iasads.dll
2009-03-03 03:04 . 2009-04-16 06:28	666624	----a-w	c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 06:28	17408	----a-w	c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 06:28	26624	----a-w	c:\windows\System32\ieUnatt.exe
2009-02-27 14:54 . 2009-02-27 14:54	--------	d-----w	c:\progra~2\HP Product Assistant
2009-02-24 22:09 . 2009-02-24 22:09	268	---ha-w	C:\sqmdata06.sqm
2009-02-24 22:09 . 2009-02-24 22:09	244	---ha-w	C:\sqmnoopt06.sqm
2009-02-23 22:28 . 2009-02-23 22:28	268	---ha-w	C:\sqmdata05.sqm
2009-02-23 22:28 . 2009-02-23 22:28	244	---ha-w	C:\sqmnoopt05.sqm
2009-02-22 13:36 . 2009-02-22 13:36	244	---ha-w	C:\sqmnoopt04.sqm
2009-02-22 13:36 . 2009-02-22 13:36	232	---ha-w	C:\sqmdata04.sqm
2009-02-22 13:35 . 2009-02-22 13:35	244	---ha-w	C:\sqmnoopt03.sqm
2009-02-22 13:35 . 2009-02-22 13:35	232	---ha-w	C:\sqmdata03.sqm
2009-02-20 18:21 . 2009-02-20 18:21	268	---ha-w	C:\sqmdata02.sqm
2009-02-20 18:21 . 2009-02-20 18:21	244	---ha-w	C:\sqmnoopt02.sqm
2009-02-20 15:50 . 2009-02-20 15:50	268	---ha-w	C:\sqmdata01.sqm
2009-02-20 15:50 . 2009-02-20 15:50	244	---ha-w	C:\sqmnoopt01.sqm
2009-02-20 15:29 . 2009-02-20 15:29	268	---ha-w	C:\sqmdata00.sqm
2009-02-20 15:29 . 2009-02-20 15:29	244	---ha-w	C:\sqmnoopt00.sqm
2009-02-13 08:49 . 2009-04-16 06:28	72704	----a-w	c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 06:28	1255936	----a-w	c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 07:44	2033152	----a-w	c:\windows\System32\win32k.sys
2009-01-27 00:06 . 2009-01-23 09:37	164345	----a-w	c:\windows\hpoins19.dat
2008-02-24 09:35 . 2008-02-24 09:35	16384	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-24 09:35 . 2008-02-24 09:35	32768	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-24 09:35 . 2008-02-24 09:35	16384	--sha-w	c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\!SASWinLogon]
2008-12-22 10:05	356352	----a-w	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{A241450E-810E-4B10-8253-B1F7C675FB0E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{20C638C9-FD40-4D84-94E4-65ED66B03426}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{97AFC5DF-E008-4027-9C83-56B55E6160FC}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{413118EA-CABB-4F22-9776-5A85C036DD48}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{D4327A3E-F484-4F7D-822A-13E2504F147E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{623B3D23-0A70-4B73-95E0-490CC7B10EE3}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{2DF05712-50D8-4A89-B9DC-6180CBAA70A1}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5EDD989F-D444-46A9-B3B2-4B8FFEF6E4B5}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BF4BBAE4-2B77-4D5A-B24A-9A980BE8EB3A}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-29 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-18 73840]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-21 95640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uDefault_search_url = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: mks.com.pl
Trusted Zone: tellmemorecampus.com\www
Trusted Zone: tellmemorecampus.com\www
FF - ProfilePath - c:\users\Gavila\AppData\Roaming\Mozilla\Firefox\Profiles\v7838o5s.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 01:51
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(480)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
.
Heure de fin: 2009-04-22  1:52
ComboFix-quarantined-files.txt  2009-04-22 23:52
ComboFix2.txt  2009-04-22 22:53
ComboFix3.txt  2009-04-22 15:42
ComboFix4.txt  2009-04-22 13:19

Avant-CF: 46 507 356 160 octets libres
Après-CF: 46 347 419 648 octets libres

259	--- E O F ---	2009-04-18 01:02

loloetseb · Answer

Ca mouline grave la,tu as du le toucher,bon ca parait pas terrible ca sur le rapport comboscript


2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\zts2.exe 
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\system32\systems.txt 
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\system32\iifgfgf.dll 
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\rundll16.exe 
2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\rundl132.dll

gen-hackman · Answer

norton tres mal desinstallé

essaie de voir si DrWeb tourne ca sent le virut ton histoire

loloetseb · Answer

Oui dr web tourne.Pas eu de detection,a part de degommer les fix qu'on utilise

Je pense pas que ca soit du virut,il n'y a pas de crack ,keygens ou telechargement illicite sur le pc.

Les problemes ont demarré ,il y a quelques mois avec surement un clic sur un lien msn.Il y avait un 04 ??????? et deux prog chinois qui se lancait au demarrage,impossible a virer,donc je leur est viré msn et les lignes n'apparaissent plus.Je pense que depuis il doit y avoir pas mal de merdouille en plus

Le pc a tourné un an sans antivirus,donc faut pas s'etonner!!,mdr

Je fais sauter avec ot les lignes que je t"ai noté,ou tu en vois d'autres.J'arrive toujours pas a lancer Rsit,ca nous aiderait bien

loloetseb · Answer

Ce cas à l'air assez proche

https://forum.malekal.com/viewtopic.php?f=3&t=13929

Je sais pas ce qui s'est passé a 17h15,mais j'ai du exiter les merdouilles

2009-04-22 17:33 . 2009-04-22 23:20	26	----a-w	C:\23990098.$$$     
 2009-04-22 17:15 . 2009-04-22 17:17	13117471	----a-w	c:\windows\REGBK00.ZIP     
 2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\zts2.exe 
 2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\system32\vcmgcd32.dll     
 2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\system32\systems.txt 
 2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\system32\iifgfgf.dll 
 2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\rundll16.exe 
 2009-04-22 17:15 . 2009-04-22 17:15	--------	d---a-w	c:\windows\rundl132.dll

gen-hackman · Answer

en mse non plus pour rsit ?

tiens pour ot :

:processes
explorer.exe

:files
C:\23990098.$$$
c:\windows\REGBK00.ZIP
c:\windows\zts2.exe
c:\windows\system32\vcmgcd32.dll
c:\windows\system32\systems.txt
c:\windows\system32\iifgfgf.dll
c:\windows\rundll16.exe
c:\windows\rundl132.dll
c:\windows\logo1_.exe
c:\windows\system32\Uninstall.html
c:\windows\system32\Argument.html
c:\windows\system32\GenProc[].html
C:\upload_moi_PC-de-Gavila.tar.gz
c:\windows\system32\runouce.exe

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

:commands
[purity] 
[emptytemp] 
[start explorer] 
[reboot]

loloetseb · Answer

Non j'arrive pas non plus en mse pour le rsit,mais bon on va arriver a debloquer bientot la situation.Je pense qu'il y a aussi du navipromo mais meme navilog ne se lance pas,mdr.J'ai viré zylom deja .

Bon je lance OT

gen-hackman · Answer

ok :)

a ton retour fais tourner ccleaner en cochant tout

loloetseb · Answer

Le rapport Ot.Tu vas rire meme le tool remover de norton a planté.J'ai lancé la procedure ot et pendant la procedure,j'ai eu un message comme quoi norton.exe etait utilisé par un programme et qu'il serait decompressé apres la procedure.A mon avis meme les traces du norton desinstallé sont patchés

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\23990098.$$$ moved successfully.
c:\windows\REGBK00.ZIP moved successfully.
c:\windows\zts2.exe moved successfully.
c:\windows\system32\vcmgcd32.dll moved successfully.
c:\windows\system32\systems.txt moved successfully.
c:\windows\system32\iifgfgf.dll moved successfully.
c:\windowsundll16.exe moved successfully.
c:\windowsundl132.dll moved successfully.
c:\windows\logo1_.exe moved successfully.
c:\windows\system32\Uninstall.html moved successfully.
c:\windows\system32\Argument.html moved successfully.
c:\windows\system32\GenProc[].html moved successfully.
C:\upload_moi_PC-de-Gavila.tar.gz moved successfully.
c:\windows\system32unouce.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\"UacDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\"InternetSettingsDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\"AutoUpdateDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_zEwKynfibfwbXoMBcQS1 scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\INMEM000.REM scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF7DC7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_022404

Files moved on Reboot...
File C:\Users\Gavila\AppData\Local\Temp\etilqs_zEwKynfibfwbXoMBcQS1 not found!
File C:\Users\Gavila\AppData\Local\Temp\INMEM000.REM not found!
File C:\Users\Gavila\AppData\Local\Temp\~DF7DC7.tmp not found!

gen-hackman · Answer

fais tourner ncleaner

loloetseb · Answer

C'est bon pour ncleaner

loloetseb · Answer

Bon rsit veut toujours pas marcher

gen-hackman · Answer

ok verifie dans ce dossier s'il reste quelque chose sinon tu vires tout et tu redemarres puis tu retentes rsit :

C:\Windows\Prefetch

loloetseb · Answer

D'accord,bon otview it veut toujours pas non plus

gen-hackman · Answer

t'as viré l'UAC ?

loloetseb · Answer

Il y a un dossier dans prefetch readyboot a 0ko ,comme par hasard,je vire?

loloetseb · Answer

Oui j'ai viré l'uac

gen-hackman · Answer

oui vire tout

loloetseb · Answer

C'est bon c'est viré

gen-hackman · Answer

ok redemarre et retente rsit et si marche pas hijackthis

Destrio5 · Answer

Salut à vous deux ;)

gen-hackman · Answer

bonsoir aussi à vous

loloetseb · Answer

Bon ben y'a du monde ce soir.Bon le rsit marche toujours pas,je te poste l'hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:56:31, on 23/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://www.tellmemorecampus.com
O15 - Trusted Zone: http://www.tellmemorecampus.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

gen-hackman · Answer

ok vire les deux 015 , redemarre et retente usbfix

loloetseb · Answer

Le rapport zeb,les lignes verrolés apparaissent.On a viré,une des deux F2 et 1 des 3 lignes en 04.Y'a la ligne en 05 qui est bizarre,et 3 lignes en 023 bizarre aussi

Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 23/04/2009 02:59:25
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0.9)

---\ Processus lancés
RtHDVCpl.exe
C:\Windows\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\WR_PopUp\WarReg_PopUp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\Ati2evxx.exe
%windir%\system32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe

---\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

---\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

---\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"

---\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: inetcpl.cpl=no

---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

---\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
---\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service:  (Ati External Event Utility) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

---\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SA.DAT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SCHEDLGU.TXT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WebReg PSC 1500 series.job

---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32egsvr32.exe /s /n /i:/UserInstall C:\Windows\system32	hemeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (atikmdag) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: ATI PCI Express (3GIO) Filter (AtiPcie) - C:\WINDOWS\system32\DRIVERS\AtiPcie.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Pilote MS IEEE-1284.4 (Dot4) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
O41 - Driver: Pilote de classe Imprimante pour IEEE-1284.4 (Dot4Print) - C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
O41 - Driver: MS Dot4USB Filter Dot4USB Filter (dot4usb) - C:\WINDOWS\system32\DRIVERS\dot4usb.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: int15 (int15) - C:\Acer\Empowering Technology\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote d’E/S du mappage de découverte de topologie de la couche de liaison (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Filtre NativeWiFi (NativeWifiP) - C:\WINDOWS\system32\DRIVERS
wifi.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS
distapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS
disuio.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS
diswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS
etbios.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS
wlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS
wlnkfwd.sys
O41 - Driver: PCTAppEvent Driver (PCTAppEvent) - C:\Windows\system32\drivers\PCTAppEvent.sys
O41 - Driver: pctgntdi (pctgntdi) - C:\Windows\System32\drivers\pctgntdi.sys
O41 - Driver: pctplfw (pctplfw) - C:\Windows\System32\drivers\pctplfw.sys
O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERSaspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERSasacd.sys
O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERSasl2tp.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERSaspppoe.sys
O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERSassstp.sys
O41 - Driver: Répondeur de découverte de topologie de la couche de liaison (rspndr) - C:\WINDOWS\system32\DRIVERSspndr.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: PCTools Driver (SFilter) - C:\WINDOWS\system32\DRIVERS\pctfw.sys
O41 - Driver: @%SystemRoot%\system32	cpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Pilote de protocole IPv6 Microsoft (Tcpip6) - C:\WINDOWS\system32\DRIVERS	cpip.sys
O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS	unmp.sys
O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS	unnel.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys

---\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: AuralogComponentsUninstall9
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Defraggler (remove only)
O42 - Logiciel: eMule
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: HP Imaging Device Functions 8.0
O42 - Logiciel: HP Solution Center 8.0
O42 - Logiciel: HP Customer Participation Program 8.0
O42 - Logiciel: HP OCR Software 8.0
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Motamo 4.22
O42 - Logiciel: Mozilla Firefox (3.0.9)
O42 - Logiciel: nCleaner second 2.3.4.0
O42 - Logiciel: PC Tools Firewall Plus 5.0
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: scrabbleproB 1.0.11
O42 - Logiciel: Scrabble® 2003 Edition
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: VideoLAN VLC media player 0.8.6f
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: ZebHelpProcess 2.33.6
O42 - Logiciel: Google Earth
O42 - Logiciel: Java(TM) 6 Update 12
O42 - Logiciel: Free Games Offer, Desktop Shortcut
O42 - Logiciel: HP Product Assistant
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Acer Picture Slide DVD
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: NTI Backup NOW! 4.7
O42 - Logiciel: Acer ScreenSaver
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB959997)
O42 - Logiciel: Update for Office 2007 (KB946691)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB960003)
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB957242)
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB957246)
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
O42 - Logiciel: Acer Tour
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Acer Zone SoftDMA
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Adobe Reader 9 - Français
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer Zone MakeDisk
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: Acer Zone Main Page
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: 32 Bit HP CIO Components Installer
O42 - Logiciel: Acer Plug and Record
O42 - Logiciel: Acer Zone MagicDirector
O42 - Logiciel: Windows Live installer
O42 - Logiciel: HP Update

---\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\HP
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MicroWorld
O43 - CFD:Common File Directory - C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PC Tools
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\axaltocm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ControlSet.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Debug.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ezsidmv.dat -->20/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ifxcardm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Interfaces.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcp80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcr80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32
tkrnlpa.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32
toskrnl.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\PathFF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Profils_FF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32pcss.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\w32apiw.dll -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\PCTCore.sys -->13/03/2009

---\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVWSC.EXE-18A3FCA0.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6BCB9FAA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FWSERVICE.EXE-868C0AE2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAVILA.EXE-BEA03353.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-9FD56571.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LSSRVC.EXE-0D95A0DF.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RICHVIDEO.EXE-4FA35CCC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RSIT(3).EXE-DB20A599.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSUPDATE.EXE-FC6B201A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-3AB35CA7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-B4567A37.pf -->23/04/2009

---\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

---\ Recherche d'infection de Base de Registres (O71)
O71 - BDRI:[hklm\software\microsoft\internet explorer\main]:start page - https://www.msn.com/fr-fr

loloetseb · Answer

Regardes le rapport zeb .C'est delirant des lignes sont presentes dans des lignes communes alors qu'elles n'apparaissent pas sur hijack this

loloetseb · Answer

Ces lignes la n'apparaissent pas sur hijack this

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, 
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

loloetseb · Answer

Bon y'a mbam qui replante encore,je l'avais resinstallé mais y'a encore un message d'erreur.Heureusement que sas fonctionne

gen-hackman · Answer

vire les deux 04 (DATA) et la 05

gen-hackman · Answer

c est quoi le message d errruer ?

loloetseb · Answer

Pas possible de fixer,elle n'apparaissent pas sur hijack this,mdr,uniquement sur zeb

loloetseb · Answer

Ca a planté en fin d'apres midi,donc je l'ai supprimé et retelechargé et ca remarchait ,mais la replantage

message

erreur d'execution 339
le composant vbalsgrid6.ocx ou une de ses dependaces n'est pas correctement enregistré:un fichier est absent ou incorrect

gen-hackman · Answer

essaie USBFix et sinon MBAM en mSE

file moi des infos sur : C:\Windows\System32\drivers\PCTCore.sys

loloetseb · Answer

J'ai lancé Sas en mode normal,mais je pensue qu'il ne detectera rien.Si je veux lancer mbam il faut que je le retelecharge a mon avis car il va planter sinon

Je regarde pour ca

C:\Windows\System32\drivers\PCTCore.sys

loloetseb · Answer

############################## [ UsbFix V3.010 ] 

# User : Gavila (Administrateurs) # PC-DE-GAVILA
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 03:35:31 | 23/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Core(TM)2 CPU          4300  @ 1.80GHz
# Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# FW : PC Tools Firewall Plus[ Enabled ]4.0.0

# C:\ # Disque fixe local # 71,28 Go (43,12 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 70,94 Go (70,57 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
 
############################## [ Processus actifs ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ZebHelpProcess\ZHP2.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [  Registre # Startup ] 

HKCU_Main:  "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:  "Start Page"="https://www.msn.com/fr-fr/" 
HKLM_logon: "Userinit"="C:\Windows\system32\userinit.exe," 
HKLM_logon: "DefaultUserName"="" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    RtHDVCpl=RtHDVCpl.exe 
HKLM_Run:    Acer Empowering Technology Monitor=C:\Windows\system32\SysMonitor.exe 
HKLM_Run:    eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 
HKLM_Run:    WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe 
HKLM_Run:    StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" 
HKLM_Run:    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
HKLM_Run:    00PCTFW="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun  
HKCU_Run:    SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe  

################## [ Informations ] 
 
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 

################## [ Fichiers # Dossiers infectieux ] 

 
################## [ Registre # Clés Run infectieuses ] 
 
# -> Not Found !  
 
################## [ Registre # Mountpoints2 ] 
 
# -> Not Found !  

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

loloetseb · Answer

a-squared	4.0.0.101	2009.04.23	-
AhnLab-V3	5.0.0.2	2009.04.22	-
AntiVir	7.9.0.148	2009.04.22	-
Antiy-AVL	2.0.3.1	2009.04.22	-
Authentium	5.1.2.4	2009.04.22	-
Avast	4.8.1335.0	2009.04.22	-
AVG	8.5.0.287	2009.04.22	-
BitDefender	7.2	2009.04.23	-
CAT-QuickHeal	10.00	2009.04.22	-
ClamAV	0.94.1	2009.04.23	-
Comodo	1127	2009.04.22	-
DrWeb	4.44.0.09170	2009.04.23	-
eSafe	7.0.17.0	2009.04.21	-
eTrust-Vet	31.6.6440	2009.04.20	-
F-Prot	4.4.4.56	2009.04.22	-
F-Secure	8.0.14470.0	2009.04.23	-
Fortinet	3.117.0.0	2009.04.22	-
GData	19	2009.04.23	-
Ikarus	T3.1.1.49.0	2009.04.23	-
K7AntiVirus	7.10.710	2009.04.21	-
Kaspersky	7.0.0.125	2009.04.23	-
McAfee	5592	2009.04.22	-
McAfee+Artemis	5592	2009.04.22	-
McAfee-GW-Edition	6.7.6	2009.04.22	-
Microsoft	1.4602	2009.04.22	-
NOD32	4029	2009.04.22	-
Norman	6.00.06	2009.04.22	-
nProtect	2009.1.8.0	2009.04.22	-
Panda	10.0.0.14	2009.04.23	-
PCTools	4.4.2.0	2009.04.23	-
Prevx1	V2	2009.04.23	-
Rising	21.26.24.00	2009.04.22	-
Sophos	4.40.0	2009.04.23	-
Sunbelt	3.2.1858.2	2009.04.22	-
Symantec	1.4.4.12	2009.04.23	-
TheHacker	6.3.4.0.312	2009.04.23	-
TrendMicro	8.700.0.1004	2009.04.22	-
VBA32	3.12.10.2	2009.04.23	-
ViRobot	2009.4.22.1704	2009.04.22	-
VirusBuster	4.6.5.0	2009.04.22	-
Information additionnelle

gen-hackman · Answer

passe ca sur VT :

C:\Windows\System32\SysMonitor.exe

loloetseb · Answer

Bon on exite la bete,je peux plus retelecharger mbam,mdr.Je suis redirigé vers des pages error.C'est un vilaine bete qu'il doit y avoir sur le pc

Mais j'ai ma clef magique,je dois l'avoir dessus

loloetseb · Answer

Bon j'avais  raison sas a rien detecté

gen-hackman · Answer

passes smitfraud option 1

Bitpodech · Answer

Tu compte lui fère utilisé tous les tools 1 par 1 ?

gen-hackman · Answer

tu comptes t'incruster dans tous les topics de ccm pour poser des question stupides comme ca ?

Bitpodech · Answer

Je ne mincrust pa, je donne seulemen mon avi. Ta metode ne semble pa au point.

gen-hackman · Answer

d'accord alors tu preconises quoi toi ?

loloetseb · Answer

bitpodech est mal tombé sur ce topic,mdr

gen-hackman · Answer

lol

loloetseb · Answer

Bon j'ai pu lancer mbam a partir de ma clef usb.Y'a le dd qui mouline en permanence.Bon j'ai lancé smitfraudfix

loloetseb · Answer

SmitFraudFix v2.412

Scan done at  4:01:26,69, 23/04/2009
Run from C:\Users\Gavila\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32	askeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gavila


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gavila\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gavila\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» 


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Generic Marvell Yukon 88E8056 based Ethernet Controller
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

loloetseb · Answer

Bon ras sur vt pour sysmonitor.exe

gen-hackman · Answer

jette un oeil la dessus : C:\autorun.inf 

fichier ou dossier  ?

loloetseb · Answer

Fichier à 0 ko,il a ete crée par usbfix quand j'ai attaqué la desinfection

gen-hackman · Answer

alors regarde le rapport d 'USBFix un peu plus haut....il ne detecte pas son propre fichier !!!???

loloetseb · Answer

Je sais,j'ai vu,y'a tout de bizarre sur ce pc.Je serais curieux de savoir ce qui se cache dessous ,c'est assez puissant,j'ai jamais vu ca.

Bon je relance le 2 d'usbfix,mais il va pas le faire sauter

loloetseb · Answer

Tiens les tmp reg et txt sont revenus et ont ete de nouveau supprimé par usb


############################## [ UsbFix V3.010 ] 

# User : Gavila (Administrateurs) # PC-DE-GAVILA
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 04:15:40 | 23/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Core(TM)2 CPU          4300  @ 1.80GHz
# Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# FW : PC Tools Firewall Plus[ Enabled ]4.0.0

# C:\ # Disque fixe local # 71,28 Go (42,99 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 70,94 Go (70,57 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible # 124,01 Mo (57,63 Mo free) # FAT32
 
############################## [ Processus actifs ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32unonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe

################## [ Fichiers # Dossiers infectieux ] 

Deleted ! C:\Windows\system32	mp.reg    
Deleted ! C:\Windows\system32	mp.txt    
 
################## [ Registre # Clés Run infectieuses ] 
 
# -> Not Found !  

################## [  Registre # Startup ] 

HKCU_Main:  "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" 
HKCU_Main:  "Window Title"="" 
HKLM_logon: "Userinit"="C:\Windows\system32\userinit.exe," 
HKLM_logon: "DefaultUserName"="" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    RtHDVCpl=RtHDVCpl.exe 
HKLM_Run:    Acer Empowering Technology Monitor=C:\Windows\system32\SysMonitor.exe 
HKLM_Run:    eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 
HKLM_Run:    WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe 
HKLM_Run:    StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" 
HKLM_Run:    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
HKLM_Run:    00PCTFW="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun  
HKCU_Run:    SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe  
 
################## [ Registre # Mountpoints2 ] 
 
# -> Not Found !  
 
################## [ Listing des fichiers présent ] 

C:\autoexec.bat  
C:\autorun.inf  
D:\autorun.inf  
J:\7z465.exe  
J:\cureit.exe  
J:evosetup.exe  
J:\ZHPL 2.33.7.exe  
J:\RegCleaner.exe  
J:\mbam-setup.exe  
J:\RSIT(2).exe  
J:\autorun.inf  

################## [ Vaccination ] 
 
# D:\autorun.inf -> Folder created by UsbFix.  
# J:\autorun.inf -> Folder created by UsbFix.  

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

gen-hackman · Answer

que dit MBAM ?

loloetseb · Answer

Ben il s'est arretté dans le redemarrage,mais y'avait rien de detecté jusqu'au redemmarage.Bon ,je vais aller faire dodo,je suis pas chez moi,faut que je rentre en voiture la,gag

A demain

loloetseb · Answer

Bon je l'ai relancé avant de partir,on verra bien mais je suis assez pessimiste sur les detections de mbam la

Bonne fin de soirée

gen-hackman · Answer

ok tu retenteras DrWeb demain moi aussi je vais y aller c'est l'heure des critiqueurs

Cruch · Answer

La bone réponce es déjà donné et plussoyé une vingtène de foix.

Tête de delco 

:) lol

loloetseb · Answer

C'est crunch le chocolat qui croustille,mdr

loloetseb · Answer

;)

loloetseb · Answer

1 -
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2031
Windows 6.0.6001 Service Pack 1

23/04/2009 18:06:02
mbam-log-2009-04-23 (18-06-02).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 152864
Temps écoulé: 40 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\systems.txt (Trojan.Vundo) -> Delete on reboot.
C:\Windows\logo1_.exe (Worm.Viking) -> Delete on reboot.



2 - 

23/04/2009 18:06:02
mbam-log-2009-04-23 (18-06-02).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 152864
Temps écoulé: 40 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\systems.txt (Trojan.Vundo) -> Delete on reboot.
C:\Windows\logo1_.exe (Worm.Viking) -> Delete on reboot.

loloetseb · Answer

:processes 
explorer.exe



:files 
C:\Windows\rundll16.exe 
C:\Windows\System32\vcmgcd32.dll 
C:\Windows\System32\systems.txt 
C:\Windows\logo1_.exe 




:commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot]

loloetseb · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
Folder move failed. C:\Windows\rundll16.exe scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\vcmgcd32.dll scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\systems.txt scheduled to be moved on reboot.
Folder move failed. C:\Windows\logo1_.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_DNDuhvjV994ZzJyigCcQ scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4 scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4-journal scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF816A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF8EE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_184346

Files moved on Reboot...
File C:\Windows\rundll16.exe not found!
File C:\Windows\System32\vcmgcd32.dll not found!
File C:\Windows\System32\systems.txt not found!
File C:\Windows\logo1_.exe not found!
File C:\Users\Gavila\AppData\Local\Temp\etilqs_DNDuhvjV994ZzJyigCcQ not found!
File C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4 not found!
File C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4-journal not found!
C:\Users\Gavila\AppData\Local\Temp\~DF816A.tmp moved successfully.
C:\Users\Gavila\AppData\Local\Temp\~DF8EE.tmp moved successfully.

loloetseb · Answer

;)

loloetseb · Answer

Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 23/04/2009 22:00:46
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0.9)

---\ Processus lancés
RtHDVCpl.exe
C:\Windows\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\WR_PopUp\WarReg_PopUp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\Ati2evxx.exe
%windir%\system32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe

---\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

---\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"
O4 - HKLM\..\policies\Explorer: [NoControlPanel] Data="0"

---\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: inetcpl.cpl=no

---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

---\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
---\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service:  (Ati External Event Utility) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

gen-hackman · Answer

bonsoir le rapport est incomplet il faut le deposer sur ce site et renvoyer le lien obtenu 

http://www.cijoint.fr/

loloetseb · Answer

--\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SA.DAT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SCHEDLGU.TXT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WebReg PSC 1500 series.job

---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32egsvr32.exe /s /n /i:/UserInstall C:\Windows\system32	hemeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (atikmdag) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: ATI PCI Express (3GIO) Filter (AtiPcie) - C:\WINDOWS\system32\DRIVERS\AtiPcie.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Pilote MS IEEE-1284.4 (Dot4) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
O41 - Driver: Pilote de classe Imprimante pour IEEE-1284.4 (Dot4Print) - C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
O41 - Driver: MS Dot4USB Filter Dot4USB Filter (dot4usb) - C:\WINDOWS\system32\DRIVERS\dot4usb.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: int15 (int15) - C:\Acer\Empowering Technology\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote d’E/S du mappage de découverte de topologie de la couche de liaison (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: MBAMSwissArmy (MBAMSwissArmy) - C:\Windows\system32\drivers\mbamswissarmy.sys
O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Filtre NativeWiFi (NativeWifiP) - C:\WINDOWS\system32\DRIVERS
wifi.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS
distapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS
disuio.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS
diswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS
etbios.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS
wlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS
wlnkfwd.sys
O41 - Driver: PCTAppEvent Driver (PCTAppEvent) - C:\Windows\system32\drivers\PCTAppEvent.sys
O41 - Driver: pctgntdi (pctgntdi) - C:\Windows\System32\drivers\pctgntdi.sys
O41 - Driver: pctplfw (pctplfw) - C:\Windows\System32\drivers\pctplfw.sys
O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERSaspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERSasacd.sys
O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERSasl2tp.sys
O41 - Driver: @%systemroot%\system32ascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERSaspppoe.sys
O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERSassstp.sys
O41 - Driver: Répondeur de découverte de topologie de la couche de liaison (rspndr) - C:\WINDOWS\system32\DRIVERSspndr.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: PCTools Driver (SFilter) - C:\WINDOWS\system32\DRIVERS\pctfw.sys
O41 - Driver: @%SystemRoot%\system32	cpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Pilote de protocole IPv6 Microsoft (Tcpip6) - C:\WINDOWS\system32\DRIVERS	cpip.sys
O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS	unmp.sys
O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS	unnel.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys

---\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: AuralogComponentsUninstall9
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Defraggler (remove only)
O42 - Logiciel: eMule
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: HP Imaging Device Functions 8.0
O42 - Logiciel: HP Solution Center 8.0
O42 - Logiciel: HP Customer Participation Program 8.0
O42 - Logiciel: HP OCR Software 8.0
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Motamo 4.22
O42 - Logiciel: Mozilla Firefox (3.0.9)
O42 - Logiciel: nCleaner second 2.3.4.0
O42 - Logiciel: PC Tools Firewall Plus 5.0
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: scrabbleproB 1.0.11
O42 - Logiciel: Scrabble® 2003 Edition
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: VideoLAN VLC media player 0.8.6f
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: ZebHelpProcess 2.33.6
O42 - Logiciel: Google Earth
O42 - Logiciel: Java(TM) 6 Update 12
O42 - Logiciel: Free Games Offer, Desktop Shortcut
O42 - Logiciel: HP Product Assistant
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Acer Picture Slide DVD
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: NTI Backup NOW! 4.7
O42 - Logiciel: Acer ScreenSaver
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB959997)
O42 - Logiciel: Update for Office 2007 (KB946691)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB960003)
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB957242)
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB957246)
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
O42 - Logiciel: Acer Tour
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Acer Zone SoftDMA
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Adobe Reader 9 - Français
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer Zone MakeDisk
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: Acer Zone Main Page
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: 32 Bit HP CIO Components Installer
O42 - Logiciel: Acer Plug and Record
O42 - Logiciel: Acer Zone MagicDirector
O42 - Logiciel: Windows Live installer
O42 - Logiciel: HP Update

---\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\HP
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MicroWorld
O43 - CFD:Common File Directory - C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PC Tools
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\axaltocm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ControlSet.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Debug.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\eEmpty.exe -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ezsidmv.dat -->20/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ifxcardm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Interfaces.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcp80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcr80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32
tkrnlpa.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32
toskrnl.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\PathFF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Profils_FF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32pcss.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\w32apiw.dll -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\PCTCore.sys -->13/03/2009

---\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\404FIX.EXE-E9F29DA8.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db.trx -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AGENT.OMZ.FIX.EXE-855EC73D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4073331961-3280358938-1957956153-1000.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4073331961-3280358938-1957956153-1000.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVCENTER.EXE-AF580B74.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVWSC.EXE-18A3FCA0.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CACLS.EXE-D332D70E.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHKNTFS.EXE-4D884E7D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CUREIT.EXE-1DFD69FF.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6A473D35.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6BCB9FAA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DOWNLOAD.EXE-9E65F675.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DUMPHIVE.EXE-3C570D97.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ESCAN_VIRUS_CLEANER.EXE-88DC0E02.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIND.EXE-E2237F6D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FWSERVICE.EXE-868C0AE2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAVILA.EXE-BEA03353.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-9FD56571.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HPQSTE08.EXE-8FA26316.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEDFIX.C.EXE-D93680C7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEDFIX.EXE-DA71DC22.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\Layout.ini -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LSSRVC.EXE-0D95A0DF.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-DOR.EXE-547CF556.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-069937A7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-5EF0C92C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-A9F8D519.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-2130A912.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-634A7E33.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-9F22BB2B.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-BB88652A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-CF6A6DE8.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-FFE097D4.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MEXE.COM-5DEF9C99.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MODE.COM-DB34C082.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOM.EXE-3B2B5194.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MWAVL.EXE-8456F8D0.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-86E0E9B9.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTVDM.EXE-F6564EE5.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\O4PATCH.EXE-28E081AC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OTMOVEIT3.EXE-23DD293D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\POLICIES.EXE-620F90ED.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PROCESS.EXE-05032E94.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.EXE-530A0D5F.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGCLEANER.EXE-9EE303F3.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RICHVIDEO.EXE-4FA35CCC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RSIT(3).EXE-DB20A599.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-5931CA67.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-6D2968F1.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-6E88E69C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SCANNINGPROCESS.EXE-7B9EA74D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETUP.EXE-D31D1F84.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SHUTDOWN.EXE-E7D5C9CC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SMITFRAUDFIX.EXE-8E367461.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SRCHSTS.EXE-9DE5594F.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSUPDATE.EXE-FC6B201A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSVAGENT.EXE-D0A26E22.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUPERANTISPYWARE.EXE-D7978FB2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-3AB35CA7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-32F02E35.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-9CC507F0.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-BE5D1A81.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNINS000.EXE-A34E4C84.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNINSTAL.EXE-09AB5A46.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNREGX.EXE-E62DDEEA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UPDATE.EXE-DB15A2AB.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\USBFIX.EXE-D7AED5B8.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VACFIX.EXE-F0807E1A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-52CF1F0C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-B4567A37.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_IU14D2N.TMP-331FCD1E.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_START.EXE-FF3D2E40.pf -->23/04/2009

---\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network
siproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Networkdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

---\ Recherche d'infection de Base de Registres (O71)
O71 - BDRI:[hklm\software\microsoft\internet explorer\main]:start page - https://www.msn.com/fr-fr

gen-hackman · Answer

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort. 

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau : 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes 
explorer.exe

:files 
C:\Windows\System32\w32apiw.dll
C:\Windows\System32\Uninstall.txt
C:\Windows\System32\Profils_FF.txt
C:\Windows\System32\PathFF.txt
C:\Windows\System32\Interfaces.txt
C:\Windows\System32\GenProc[].txt
C:\Windows\System32\ezsidmv.dat
C:\Windows\System32\eEmpty.exe
C:\Windows\System32\Debug.txt
C:\Windows\System32\ControlSet.txt

:commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot] 





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

loloetseb · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
LoadLibrary failed for C:\Windows\System32\w32apiw.dll
C:\Windows\System32\w32apiw.dll NOT unregistered.
C:\Windows\System32\w32apiw.dll moved successfully.
C:\Windows\System32\Uninstall.txt moved successfully.
C:\Windows\System32\Profils_FF.txt moved successfully.
C:\Windows\System32\PathFF.txt moved successfully.
C:\Windows\System32\Interfaces.txt moved successfully.
C:\Windows\System32\GenProc[].txt moved successfully.
C:\Windows\System32\ezsidmv.dat moved successfully.
C:\Windows\System32\eEmpty.exe moved successfully.
C:\Windows\System32\Debug.txt moved successfully.
C:\Windows\System32\ControlSet.txt moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF3D13.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_225337

Files moved on Reboot...
C:\Users\Gavila\AppData\Local\Temp\~DF3D13.tmp moved successfully.

loloetseb · Answer

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-26 19:54:14
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwAllocateVirtualMemory [0x97506B94]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwAlpcConnectPort [0x97506516]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwAssignProcessToJobObject [0x97506586]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwConnectPort [0x975065DA]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwCreateFile [0x97506640]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwCreateProcess [0x9750672E]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwCreateProcessEx [0x975067BA]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwCreateThread [0x9750684A]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwDebugActiveProcess [0x97506980]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwDuplicateObject [0x975069D4]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwLoadDriver [0x97506A3A]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwOpenKey [0x97506A8C]
SSDT            885E97B0                                                                                             ZwOpenProcess
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwOpenSection [0x97506AE4]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwOpenThread [0x97506B3C]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwProtectVirtualMemory [0x97506BFA]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwRestoreKey [0x97506C58]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwResumeThread [0x97506CB6]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwSecureConnectPort [0x97506D74]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwSetValueKey [0x97506D08]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwSuspendProcess [0x97506DDE]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwSystemDebugControl [0x97506E30]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys                                                   ZwTerminateProcess [0x8C8BFF20]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwWriteVirtualMemory [0x97506EF4]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwCreateThreadEx [0x975068EC]
SSDT            \??\C:\Windows\system32\drivers\PCTAppEvent.sys                                                      ZwCreateUserProcess [0x975066BE]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 364                                                                      81CEE928 4 Bytes  [94, 6B, 50, 97]
.text           ntkrnlpa.exe!KeSetTimerEx + 370                                                                      81CEE934 4 Bytes  [16, 65, 50, 97]
.text           ntkrnlpa.exe!KeSetTimerEx + 3C4                                                                      81CEE988 4 Bytes  CALL D234700E 
.text           ntkrnlpa.exe!KeSetTimerEx + 3F4                                                                      81CEE9B8 4 Bytes  CALL D234C43E 
.text           ntkrnlpa.exe!KeSetTimerEx + 40C                                                                      81CEE9D0 4 Bytes  [40, 66, 50, 97] {INC EAX; PUSH AX; XCHG EDI, EAX}
.text           ...                                                                                                  
?               system32\DRIVERS\44500278.sys                                                                        Le chemin d'accès spécifié est introuvable. !
?               C:\Windows\system32\Drivers\PROCEXP90.SYS                                                            Le fichier spécifié est introuvable. !
?               C:\Users\Gavila\AppData\Local\Temp\catchme.sys                                                       Le fichier spécifié est introuvable. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                [74D07BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                 [74D498C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]             [74D0D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]       [74CFF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                 [74D07599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]              [74CFE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74D3B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]     [74D0D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]             [74D0012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]              [74D00095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]               [74CF71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]       [74D8D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile]          [74D275E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]             [74CFDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                       [74CF668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                      [74CF66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]         [74D01E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver	dx \Device\Tcp                                                                              pctgntdi.sys
AttachedDevice  \Driver	dx \Device\Udp                                                                              pctgntdi.sys
AttachedDevice  \Driver	dx \Device\RawIp                                                                            pctgntdi.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\Users\Gavila\AppData\Local\Temp\FtpTemp\base601c.avc                                              0 bytes
File            C:\Windows\System32\drivers\fidbox.dat                                                               (size mismatch) 4278304/3491872 bytes
File            C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl                                                      (size mismatch) 16384/12288 bytes
File            C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002                                               (size mismatch) 557056/475136 bytes

---- EOF - GMER 1.0.15 ----

gen-hackman · Answer

le rsit ne fonctionne toujours pas ?

Infection du PC

80 réponses

Votre réponse

Newsletters