Pb firefox processeur à 100
Fermé
rmann31
Messages postés
5
Date d'inscription
mercredi 3 juin 2009
Statut
Membre
Dernière intervention
6 juin 2009
-
4 juin 2009 à 19:00
rmann31 Messages postés 5 Date d'inscription mercredi 3 juin 2009 Statut Membre Dernière intervention 6 juin 2009 - 6 juin 2009 à 12:46
rmann31 Messages postés 5 Date d'inscription mercredi 3 juin 2009 Statut Membre Dernière intervention 6 juin 2009 - 6 juin 2009 à 12:46
A voir également:
- Pb firefox processeur à 100
- Processeur 100 en jeu ✓ - Forum Windows 10
- Temperature processeur - Guide
- Fréquence du processeur - Guide
- Processeur a 100 degres - Forum Processeur
- Processeur a 100 en jeux ✓ - Forum Processeur
9 réponses
jlpjlp
Messages postés
51574
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 042
4 juin 2009 à 19:04
4 juin 2009 à 19:04
slt,
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
rmann31
Messages postés
5
Date d'inscription
mercredi 3 juin 2009
Statut
Membre
Dernière intervention
6 juin 2009
4 juin 2009 à 20:20
4 juin 2009 à 20:20
merci de m'aider!!
donc ça donne ça:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz )
BIOS : Default System BIOS
USER : pierre ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:13 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:698 Go (Free:73 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 04/06/2009|20:16 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\Program Files\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"SEARCH PAGE"="https://www.google.com/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip\DivXPro505Bundle.exe
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip\DAMN_DivX501_kg.exe
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 04/06/2009|20:17 - Option : [2]
-----------\\ Fin du rapport a 20:17:19,61
donc ça donne ça:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz )
BIOS : Default System BIOS
USER : pierre ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:13 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:698 Go (Free:73 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 04/06/2009|20:16 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\Program Files\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"SEARCH PAGE"="https://www.google.com/?gws_rd=ssl"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip\DivXPro505Bundle.exe
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip\DAMN_DivX501_kg.exe
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 04/06/2009|20:17 - Option : [2]
-----------\\ Fin du rapport a 20:17:19,61
jlpjlp
Messages postés
51574
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 042
4 juin 2009 à 20:28
4 juin 2009 à 20:28
ceci à virer:
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:files
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip\DivXPro505Bundle.exe
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip\DAMN_DivX501_kg.exe
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:files
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip\DivXPro505Bundle.exe
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip\DAMN_DivX501_kg.exe
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
rmann31
Messages postés
5
Date d'inscription
mercredi 3 juin 2009
Statut
Membre
Dernière intervention
6 juin 2009
4 juin 2009 à 21:10
4 juin 2009 à 21:10
bon c'est fait.
ça donne pour OTmoveit:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip moved successfully.
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip moved successfully.
File/Folder C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip\DivXPro505Bundle.exe not found.
File/Folder C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip\DAMN_DivX501_kg.exe not found.
========== COMMANDS ==========
File delete failed. C:\Users\pierre\AppData\Local\Temp\etilqs_gNLF6yJKAYDCFG2heuAq scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Temp\~DFAC96.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\conexant.cer scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile01.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile02.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile03.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile04.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile05.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile06.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile07.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile08.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile09.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile10.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile11.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile12.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile13.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile14.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile15.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile16.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile17.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile18.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile19.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\VistaSP1_InstallPerf_142855.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06042009_203206
et pour MalwareByte:
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2229
Windows 6.0.6001 Service Pack 1
04/06/2009 20:57:47
mbam-log-2009-06-04 (20-57-33).txt
Type de recherche: Examen rapide
Eléments examinés: 73359
Temps écoulé: 3 minute(s), 58 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\Sotfone (Trojan.Zlob) -> No action taken.
C:\Program Files\NetProject (Trojan.Zlob) -> No action taken.
Fichier(s) infecté(s):
c:\Users\pierre\favorites\Online Security Test.url (Rogue.Link) -> No action taken.
ça donne pour OTmoveit:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip moved successfully.
C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip moved successfully.
File/Folder C:\Users\pierre\AppData\Local\Temp\Temp1_DivX 5.05 Pro Codec with keygen.zip\DivXPro505Bundle.exe not found.
File/Folder C:\Users\pierre\AppData\Local\Temp\Temp2_DivX 5.05 Pro Codec with keygen.zip\DAMN_DivX501_kg.exe not found.
========== COMMANDS ==========
File delete failed. C:\Users\pierre\AppData\Local\Temp\etilqs_gNLF6yJKAYDCFG2heuAq scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Temp\~DFAC96.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\conexant.cer scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile01.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile02.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile03.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile04.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile05.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile06.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile07.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile08.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile09.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile10.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile11.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile12.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile13.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile14.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile15.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile16.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile17.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile18.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile19.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\VistaSP1_InstallPerf_142855.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\pierre\AppData\Local\Mozilla\Firefox\Profiles\ithw7q1b.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06042009_203206
et pour MalwareByte:
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2229
Windows 6.0.6001 Service Pack 1
04/06/2009 20:57:47
mbam-log-2009-06-04 (20-57-33).txt
Type de recherche: Examen rapide
Eléments examinés: 73359
Temps écoulé: 3 minute(s), 58 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\Sotfone (Trojan.Zlob) -> No action taken.
C:\Program Files\NetProject (Trojan.Zlob) -> No action taken.
Fichier(s) infecté(s):
c:\Users\pierre\favorites\Online Security Test.url (Rogue.Link) -> No action taken.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51574
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 042
4 juin 2009 à 21:11
4 juin 2009 à 21:11
vire ce qui a été trouvé par malwarebyte
puis
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
puis
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
rmann31
Messages postés
5
Date d'inscription
mercredi 3 juin 2009
Statut
Membre
Dernière intervention
6 juin 2009
5 juin 2009 à 00:50
5 juin 2009 à 00:50
ah bah c'était long....
ça donne ça:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-06-05 00:48:04
PROTECTIONS: 5
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 8.0.0.506 Yes Yes
Norton Internet Security 2007 Yes No
Windows Defender 1.1.1505.0 No Yes
Kaspersky Anti-Virus 8.0.0.506 No Yes
Norton Internet Security 2007 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@atdmt[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@bluestreak[2].txt
00620810 Adware/MediaAdvantage Adware No 0 Yes No C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location �!���M�9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �!���M�9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
ça donne ça:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-06-05 00:48:04
PROTECTIONS: 5
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 8.0.0.506 Yes Yes
Norton Internet Security 2007 Yes No
Windows Defender 1.1.1505.0 No Yes
Kaspersky Anti-Virus 8.0.0.506 No Yes
Norton Internet Security 2007 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@atdmt[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@bluestreak[2].txt
00620810 Adware/MediaAdvantage Adware No 0 Yes No C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location �!���M�9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �!���M�9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
5 juin 2009 à 02:40
5 juin 2009 à 02:40
pour suivre
jlpjlp
Messages postés
51574
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 042
5 juin 2009 à 22:46
5 juin 2009 à 22:46
slt
totobetourne!!!
vire l'extension MeMedia en allant dans firefox puis OUTILS puis modules complémentaires
C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
si impossible initialise firefox: http://www.commentcamarche.net/faq/sujet 9525 reinitialiser firefox reset
_______________
finis de virer norton comme ceci:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
_________________
encore des soucis? remets un rapport RSIt
a plus
totobetourne!!!
vire l'extension MeMedia en allant dans firefox puis OUTILS puis modules complémentaires
C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
si impossible initialise firefox: http://www.commentcamarche.net/faq/sujet 9525 reinitialiser firefox reset
_______________
finis de virer norton comme ceci:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
_________________
encore des soucis? remets un rapport RSIt
a plus
rmann31
Messages postés
5
Date d'inscription
mercredi 3 juin 2009
Statut
Membre
Dernière intervention
6 juin 2009
6 juin 2009 à 12:46
6 juin 2009 à 12:46
argh, damned, ça rame toujours....
RSIt m'a donné 2 rapports:
log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by pierre at 2009-06-06 01:09:44
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 23 GB (32%) free of 71 GB
Total RAM: 2037 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:08, on 06/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\pierre\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\pierre\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\eMule\emule.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Users\pierre\Downloads\RSIT.exe
C:\Program Files\trend micro\pierre.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\ProtectionConue\bm.exe" dm=http://protectionconue.com ad=http://protectionconue.com sd=http://gregistre.protectionconue.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionConue\ptask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProtectionConue] C:\Program Files\ProtectionConue\pgs.exe /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\pierre\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD9D0930-DA2A-4446-A393-40D7A8D70791}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS4\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS5\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS6\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS7\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS8\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS9\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS10\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS11\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
RSIt m'a donné 2 rapports:
log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by pierre at 2009-06-06 01:09:44
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 23 GB (32%) free of 71 GB
Total RAM: 2037 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:08, on 06/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\pierre\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\pierre\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\eMule\emule.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Users\pierre\Downloads\RSIT.exe
C:\Program Files\trend micro\pierre.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\ProtectionConue\bm.exe" dm=http://protectionconue.com ad=http://protectionconue.com sd=http://gregistre.protectionconue.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionConue\ptask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProtectionConue] C:\Program Files\ProtectionConue\pgs.exe /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\pierre\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD9D0930-DA2A-4446-A393-40D7A8D70791}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS4\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS5\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS6\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS7\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS8\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS9\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS10\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS11\Services\Tcpip\..\{16B8C993-FC52-4DB8-BC23-BCB4264B97BC}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe