Infection du PC

loloetseb Messages postés 5684 Statut Membre -
Utilisateur anonyme - 29 avr. 2009 à 18:12

Bonjour,

Je t'ai fait un petit resumé de la situation si tu as une petite idée,voici le rapport zeb

Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 22/04/2009 23:52:26
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0.7)

---\\ Processus lancés
RtHDVCpl.exe
C:\Windows\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\WR_PopUp\WarReg_PopUp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\Ati2evxx.exe
%windir%\system32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe

---\\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"
O4 - HKLM\..\policies\Explorer: [NoControlPanel] Data="0"

---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: inetcpl.cpl=no

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
---\\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: (Ati External Event Utility) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SA.DAT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SCHEDLGU.TXT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WebReg PSC 1500 series.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (atikmdag) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: ATI PCI Express (3GIO) Filter (AtiPcie) - C:\WINDOWS\system32\DRIVERS\AtiPcie.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Pilote MS IEEE-1284.4 (Dot4) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
O41 - Driver: Pilote de classe Imprimante pour IEEE-1284.4 (Dot4Print) - C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
O41 - Driver: MS Dot4USB Filter Dot4USB Filter (dot4usb) - C:\WINDOWS\system32\DRIVERS\dot4usb.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: int15 (int15) - C:\Acer\Empowering Technology\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote d’E/S du mappage de découverte de topologie de la couche de liaison (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Filtre NativeWiFi (NativeWifiP) - C:\WINDOWS\system32\DRIVERS\nwifi.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: PCTAppEvent Driver (PCTAppEvent) - C:\Windows\system32\drivers\PCTAppEvent.sys
O41 - Driver: pctgntdi (pctgntdi) - C:\Windows\System32\drivers\pctgntdi.sys
O41 - Driver: pctplfw (pctplfw) - C:\Windows\System32\drivers\pctplfw.sys
O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERS\rassstp.sys
O41 - Driver: Répondeur de découverte de topologie de la couche de liaison (rspndr) - C:\WINDOWS\system32\DRIVERS\rspndr.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: PCTools Driver (SFilter) - C:\WINDOWS\system32\DRIVERS\pctfw.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Pilote de protocole IPv6 Microsoft (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys
O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS\tunnel.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: AuralogComponentsUninstall9
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Defraggler (remove only)
O42 - Logiciel: eMule
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: HP Imaging Device Functions 8.0
O42 - Logiciel: HP Solution Center 8.0
O42 - Logiciel: HP Customer Participation Program 8.0
O42 - Logiciel: HP OCR Software 8.0
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Motamo 4.22
O42 - Logiciel: Mozilla Firefox (3.0.7)
O42 - Logiciel: nCleaner second 2.3.4.0
O42 - Logiciel: PC Tools Firewall Plus 5.0
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: scrabbleproB 1.0.11
O42 - Logiciel: Scrabble® 2003 Edition
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: UsbFix
O42 - Logiciel: VideoLAN VLC media player 0.8.6f
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: ZebHelpProcess 2.33.6
O42 - Logiciel: Google Earth
O42 - Logiciel: Java(TM) 6 Update 12
O42 - Logiciel: Free Games Offer, Desktop Shortcut
O42 - Logiciel: HP Product Assistant
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Acer Picture Slide DVD
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: NTI Backup NOW! 4.7
O42 - Logiciel: Acer ScreenSaver
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB959997)
O42 - Logiciel: Update for Office 2007 (KB946691)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB960003)
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB957242)
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB957246)
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
O42 - Logiciel: Acer Tour
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Acer Zone SoftDMA
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Adobe Reader 9 - Français
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer Zone MakeDisk
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: Acer Zone Main Page
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: 32 Bit HP CIO Components Installer
O42 - Logiciel: Acer Plug and Record
O42 - Logiciel: Acer Zone MagicDirector
O42 - Logiciel: Windows Live installer
O42 - Logiciel: HP Update

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\HP
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MicroWorld
O43 - CFD:Common File Directory - C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PC Tools
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Argument.html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\axaltocm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ControlSet.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Debug.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\eEmpty.exe -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ezsidmv.dat -->20/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ifxcardm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Interfaces.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcp80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcr80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\PathFF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Profils_FF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\rpcss.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\w32apiw.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\PCTCore.sys -->13/03/2009

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATTRIB.CFEXE-54625609.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATTRIB.EXE-A990CB86.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVCENTER.EXE-AF580B74.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGARKT-SETUP-1.1.0.42.EXE-9A2EA6CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGARKT.EXE-C9045B69.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVWSC.EXE-18A3FCA0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.CFEXE-828101DC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.EXE-FE243694.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.TMP-DAEB2D62.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CF22972.EXE-DB75C2AB.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHCP.COM-61043047.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHKNTFS.EXE-4D884E7D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXECF-C5C11419.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMBOFIX-DOWNLOAD.CFEXE-8DB4FB4F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMBOFIX.EXE-2BF42296.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CUREIT.EXE-1DFD69FF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DUMPHIVE.CFEXE-8CBB994D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ERUNT.CFEXE-6260BB41.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIND.EXE-E2237F6D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.CFEXE-2C31CDB5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAVILA.EXE-B2359925.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GETPATHS.EXE-E690506B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GMER.EXE-E170290A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-27B06C3D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-8FD53E34.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-90940013.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-A09CA6F0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GREP.CFEXE-AF5B8A31.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GREP.CFEXE-F2435294.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GRPCONV.EXE-B823222B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GSAR.CFEXE-2E30A7CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GSAR.CFEXE-7118702F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HANDLE.CFEXE-29220A7A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HANDLE.CFEXE-A31F9D47.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDEC.EXE-0F1FADFA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDEC.EXE-FFBDB5DF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-9FD56571.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HJTINSTALL.EXE-88261B04.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LBPKSXW41E.EXE-447FA942.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOPSD.EXE-5FB3A725.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-A9F8D519.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-3CA56111.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MODE.COM-DB34C082.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOVEEX.CFEXE-24ADA02F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MTEE.CFEXE-7F5BD862.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\N.COM-F61C6F88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.CFEXE-5DB93D84.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.CFEXE-E3BBAAB7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.COM-EEFEA6B0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.EXE-3196DFA3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMDC.CFEXE-0814754B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSV.EXE-44EC46BD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSV.EXE-4FE3C523.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PEV.CFEXE-CE4851CA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PEV.CFEXE-DDAA49E5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PSEXEC.CFEXE-B434A123.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PSEXESVC.EXE-7F956DAF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.CFEXE-1E6D6CAC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.CFEXE-CDA21619.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.EXE-9B0EB19F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REG.EXE-E7E8BD26.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGCLEANER.EXE-9EE303F3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGT.CFEXE-D695AEFD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ROUTE.EXE-5E3D06CB.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RSIT(3).EXE-DB20A599.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-9959F0A7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-D8870C88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.CFEXE-428C1ABF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.CFEXE-51EE12DA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.EXE-3A5D7D2E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETPATH.EXE-4749BC02.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETUP.EXE-D31D1F84.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SF.EXE-3FF21543.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SORT.EXE-99A4F778.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSUPDATE.EXE-FC6B201A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.CFEXE-57B79243.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-3B27F432.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-599818A6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-68FA10C1.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWSC.CFEXE-6CC4FA4B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWSC.EXE-BE627F88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWXCACLS.CFEXE-8A6F12E6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWXCACLS.CFEXE-FFBBFDE3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TAIL.CFEXE-024B57D5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKLIST.EXE-C6CEE193.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNZIP.CFEXE-CAB59F0C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VFIND.EXE-4E7A985D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-52CF1F0C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\XTX847J.EXE-2F20DFC6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-B4567A37.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_START.EXE-FF3D2E40.pf -->22/04/2009

---\\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

---\\ Recherche d'infection de Base de Registres (O71)
O71 - BDRI:[hklm\software\microsoft\internet explorer\main]:start page - https://www.msn.com/fr-fr

Afficher la suite

A voir également:

Infection du PC
Reinitialiser pc - Guide
Pc lent - Guide
Downloader for pc - Télécharger - Téléchargement & Transfert
Test performance pc - Guide
Double ecran pc - Guide

80 réponses

Réponse 41 / 80

loloetseb Messages postés 5684 Statut Membre 174

Ca a planté en fin d'apres midi,donc je l'ai supprimé et retelechargé et ca remarchait ,mais la replantage

message

erreur d'execution 339
le composant vbalsgrid6.ocx ou une de ses dependaces n'est pas correctement enregistré:un fichier est absent ou incorrect

Réponse 42 / 80

Utilisateur anonyme

essaie USBFix et sinon MBAM en mSE

file moi des infos sur : C:\Windows\System32\drivers\PCTCore.sys

Réponse 43 / 80

loloetseb Messages postés 5684 Statut Membre 174

J'ai lancé Sas en mode normal,mais je pensue qu'il ne detectera rien.Si je veux lancer mbam il faut que je le retelecharge a mon avis car il va planter sinon

Je regarde pour ca

C:\Windows\System32\drivers\PCTCore.sys

Réponse 44 / 80

loloetseb Messages postés 5684 Statut Membre 174

############################## [ UsbFix V3.010 ]

# User : Gavila (Administrateurs) # PC-DE-GAVILA
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 03:35:31 | 23/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# FW : PC Tools Firewall Plus[ Enabled ]4.0.0

# C:\ # Disque fixe local # 71,28 Go (43,12 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 70,94 Go (70,57 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ZebHelpProcess\ZHP2.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.msn.com/fr-fr/"
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: RtHDVCpl=RtHDVCpl.exe
HKLM_Run: Acer Empowering Technology Monitor=C:\Windows\system32\SysMonitor.exe
HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
HKLM_Run: WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
HKLM_Run: StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: 00PCTFW="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU_Run: SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

################## [ Informations ]

# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 80

loloetseb Messages postés 5684 Statut Membre 174

a-squared 4.0.0.101 2009.04.23 -
AhnLab-V3 5.0.0.2 2009.04.22 -
AntiVir 7.9.0.148 2009.04.22 -
Antiy-AVL 2.0.3.1 2009.04.22 -
Authentium 5.1.2.4 2009.04.22 -
Avast 4.8.1335.0 2009.04.22 -
AVG 8.5.0.287 2009.04.22 -
BitDefender 7.2 2009.04.23 -
CAT-QuickHeal 10.00 2009.04.22 -
ClamAV 0.94.1 2009.04.23 -
Comodo 1127 2009.04.22 -
DrWeb 4.44.0.09170 2009.04.23 -
eSafe 7.0.17.0 2009.04.21 -
eTrust-Vet 31.6.6440 2009.04.20 -
F-Prot 4.4.4.56 2009.04.22 -
F-Secure 8.0.14470.0 2009.04.23 -
Fortinet 3.117.0.0 2009.04.22 -
GData 19 2009.04.23 -
Ikarus T3.1.1.49.0 2009.04.23 -
K7AntiVirus 7.10.710 2009.04.21 -
Kaspersky 7.0.0.125 2009.04.23 -
McAfee 5592 2009.04.22 -
McAfee+Artemis 5592 2009.04.22 -
McAfee-GW-Edition 6.7.6 2009.04.22 -
Microsoft 1.4602 2009.04.22 -
NOD32 4029 2009.04.22 -
Norman 6.00.06 2009.04.22 -
nProtect 2009.1.8.0 2009.04.22 -
Panda 10.0.0.14 2009.04.23 -
PCTools 4.4.2.0 2009.04.23 -
Prevx1 V2 2009.04.23 -
Rising 21.26.24.00 2009.04.22 -
Sophos 4.40.0 2009.04.23 -
Sunbelt 3.2.1858.2 2009.04.22 -
Symantec 1.4.4.12 2009.04.23 -
TheHacker 6.3.4.0.312 2009.04.23 -
TrendMicro 8.700.0.1004 2009.04.22 -
VBA32 3.12.10.2 2009.04.23 -
ViRobot 2009.4.22.1704 2009.04.22 -
VirusBuster 4.6.5.0 2009.04.22 -
Information additionnelle

Réponse 46 / 80

Utilisateur anonyme

passe ca sur VT :

C:\Windows\System32\SysMonitor.exe

Réponse 47 / 80

loloetseb Messages postés 5684 Statut Membre 174

Bon on exite la bete,je peux plus retelecharger mbam,mdr.Je suis redirigé vers des pages error.C'est un vilaine bete qu'il doit y avoir sur le pc

Mais j'ai ma clef magique,je dois l'avoir dessus

Réponse 48 / 80

loloetseb Messages postés 5684 Statut Membre 174

Bon j'avais raison sas a rien detecté

Réponse 49 / 80

Utilisateur anonyme

passes smitfraud option 1

Réponse 50 / 80

Utilisateur anonyme

tu comptes t'incruster dans tous les topics de ccm pour poser des question stupides comme ca ?

Réponse 51 / 80

Bitpodech

Je ne mincrust pa, je donne seulemen mon avi. Ta metode ne semble pa au point.

Réponse 52 / 80

Utilisateur anonyme

d'accord alors tu preconises quoi toi ?

Réponse 53 / 80

loloetseb Messages postés 5684 Statut Membre 174

bitpodech est mal tombé sur ce topic,mdr

Réponse 54 / 80

Utilisateur anonyme

lol

Réponse 55 / 80

loloetseb Messages postés 5684 Statut Membre 174

Bon j'ai pu lancer mbam a partir de ma clef usb.Y'a le dd qui mouline en permanence.Bon j'ai lancé smitfraudfix

Réponse 56 / 80

loloetseb Messages postés 5684 Statut Membre 174

SmitFraudFix v2.412

Scan done at 4:01:26,69, 23/04/2009
Run from C:\Users\Gavila\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gavila

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gavila\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Gavila\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Generic Marvell Yukon 88E8056 based Ethernet Controller
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Réponse 57 / 80

loloetseb Messages postés 5684 Statut Membre 174

Bon ras sur vt pour sysmonitor.exe

Réponse 58 / 80

Utilisateur anonyme

jette un oeil la dessus : C:\autorun.inf

fichier ou dossier ?

Réponse 59 / 80

loloetseb Messages postés 5684 Statut Membre 174

Fichier à 0 ko,il a ete crée par usbfix quand j'ai attaqué la desinfection

Réponse 60 / 80

Utilisateur anonyme

alors regarde le rapport d 'USBFix un peu plus haut....il ne detecte pas son propre fichier !!!???

Infection du PC

80 réponses

Votre réponse

Newsletters