Sujet Précédent Sujet Suivant

Pubs intempestives sur un autre pc (vista)

Résolu/Fermé
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009 - 8 août 2009 à 18:11
 Utilisateur anonyme - 9 août 2009 à 21:26
Bonjour,
J'ouvre un autre sujet pour le pc de mon amie.
Tout est dans le titre.
A voir également:

55 réponses

Précédent
Réponse 21 / 55
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
8 août 2009 à 21:50
Désactive L'uac pendant le travail de Ad-remover
0
Réponse 22 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
8 août 2009 à 22:25
voici le rapport Ad-Remover:

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:04:03, 08/08/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-SAB | Utilisateur actuel: Sab
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité *Desactive*
Administrateur: Sab
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
.

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.5.2 *

Nom du profil: 8rodqc92.default (Sab)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Search the web");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/webhp?hl=fr");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.2");
.
.

* Internet Explorer Version 8.0.6001.18813 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page: hxxp://fr.msn.com/?ocid=iehp

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

.
============== Processus Caches/Bloque ==============
.
PID: 1228 [LOCKED] audiodg.exe
.

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
2401 Octet(s) - C:\Ad-Report-CLEAN.log
2458 Octet(s) - C:\Ad-Report-SCAN.log
.
3 Fichier(s) - C:\Users\Sab\AppData\Local\Temp
8 Fichier(s) - C:\Windows\Temp
.
21 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 22:16:34 | 08/08/2009
.
============== E.O.F ==============
.
0
Réponse 23 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
8 août 2009 à 22:26
et le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:35, on 08/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Sab\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Kit Internet Mobile Bouygues Telecom\UIMain.exe
C:\Program Files\Kit Internet Mobile Bouygues Telecom\ejectdisk.exe
C:\Users\Sab\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB3E025-2C17-4FEE-ADB6-FD3F68D56F78}: NameServer = 62.201.129.99 62.201.159.99
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB3E025-2C17-4FEE-ADB6-FD3F68D56F78}: NameServer = 62.201.129.99 62.201.159.99
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Service SFR Gestionnaire Connexion (ServiceSFRABCD) - SFR & Celliance - C:\Program Files\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 24 / 55
Utilisateur anonyme
8 août 2009 à 22:28
Salut Je te propose d'installer Spybot fait un scan et supprime les menaces (si détécté) et si sa persiste (99% de chance que sa marche) fait signe...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 55
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
8 août 2009 à 22:30
Maintenant fait ceci :

Coche cette lignes

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

~~~~~~~~~~~~~~> Malwarebytes <~~~~~~~~~~~~~~~~~~~


- Télécharger Malwarebytes
- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes

- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre

- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller

0
Réponse 26 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
8 août 2009 à 22:53
je coche la ligne puis je fais fix checked, ou je coche la ligne simplement ?
0
Réponse 27 / 55
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
8 août 2009 à 23:20
Tu fait Fix cheked
0
Réponse 28 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
8 août 2009 à 23:50
ok,
voici le rapport :
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2581
Windows 6.0.6001 Service Pack 1

08/08/2009 23:45:45
mbam-log-2009-08-08 (23-45-45).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 211788
Temps écoulé: 45 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 29 / 55
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
9 août 2009 à 00:04
Bon ben je pense que ton pc est clean .

Dit moi si tu as encore des soucis avec .
0
Réponse 30 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
9 août 2009 à 00:07
ok je te donne des news si le problème revient.
Merci pour ton aide XaTon.
0
Réponse 31 / 55
XaTon Messages postés 2041 Date d'inscription lundi 6 juillet 2009 Statut Membre Dernière intervention 22 janvier 2015 208
9 août 2009 à 00:08
De rien et bonne continuation
0
Réponse 32 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
9 août 2009 à 01:15
voici le rapport, en revanche le fond d'écran de mon bureau à disparu et c'est un fond bleu à la place!

SmitFraudFix v2.423

Scan done at 1:04:31,97, 09/08/2009
Run from C:\Users\Sab\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A3A6FEE5-B8E5-4119-B485-19B12567B1BE}: DhcpNameServer=86.64.145.148 84.103.237.148
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A3A6FEE5-B8E5-4119-B485-19B12567B1BE}: DhcpNameServer=86.64.145.148 84.103.237.148
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A3A6FEE5-B8E5-4119-B485-19B12567B1BE}: DhcpNameServer=86.64.145.147 84.103.237.147
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=86.64.145.148 84.103.237.148
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=86.64.145.148 84.103.237.148
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=86.64.145.147 84.103.237.147


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 33 / 55
Utilisateur anonyme
9 août 2009 à 02:02
bonsoir pourquoi as-tu utilisé smitfraudfix ?

le fond 'ecrn bleu est normal pres l'utilisation de smitfraudfix

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) = BHO de windows live messenger non dangereuse

ainsi que la 045 qui appartient à Microsoft
0
Réponse 34 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
9 août 2009 à 02:16
Après avoir mis le marqué le topic comme résolu, spybot a trouvé des choses... voici les échanges de messages privés (pas du tout privé, et je pense que XaTon ne va pas m'en vouloir.) qui m'ont menés à utiliser smitfraudfix :

candyexe :
"C'est peut être pas finit!
j'ai téléchargé spybot comme colombo38 me l'avait conseillé et spybot a trouvé des vilaines choses, je te poste le rapport ici; dis moi si je ré-ouvre le sujet?


--- Search result list ---
Live-Player: [SBI $D5D3C6DF] Réglages (Clé du Registre, nothing done)
HKEY_USERS\S-1-5-21-1909320246-1988262612-3646594847-1000\So­ftware\Live-Player

Live-Player: [SBI $EE6E3A99] Réglages (Clé du Registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Live-Player

QuadRegistryCleaner: [SBI $5B22DD52] Dossier Programme (Répertoire, nothing done)
C:\Program Files\QUAD Utilities\

QuadRegistryCleaner: [SBI $82FD1943] Dossier Programme (Répertoire, nothing done)
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\

Zedo: Cookie traceur (Internet Explorer: Sab) (Cookie, nothing done)


BlueStreak: Cookie traceur (Internet Explorer: Sab) (Cookie, nothing done)


FastClick: Cookie traceur (Internet Explorer: Sab) (Cookie, nothing done)


Right Media: Cookie traceur (Internet Explorer: Sab) (Cookie, nothing done)


Tradedoubler: Cookie traceur (Internet Explorer: Sab) (Cookie, nothing done)


DoubleClick: Cookie traceur (Internet Explorer: Sab) (Cookie, nothing done)


WebTrends live: Cookie traceur (Internet Explorer: Sab) (Cookie, nothing done)


MediaPlex: Cookie traceur (Internet Explorer: Sab) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-07-30 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-04 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-07-14 Includes\Malware.sbi (*)
2009-08-05 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-04 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-04 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-22 Includes\Trojans.sbi (*)
2009-08-05 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, ArcadeDeluxeAgent
command: "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
file: C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
size: 147456
MD5: FA666331B4FC17B539784EEBCE78B3E2

Located: HK_LM:Run, BkupTray
command: "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
file: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
size: 28672
MD5: D7EE83A9257D508656172A2B9DD3C317

Located: HK_LM:Run, CLMLServer
command: "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
file: C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
size: 167936
MD5: 71C806672E1E8FFDB7A620584011B4DA

Located: HK_LM:Run, eAudio
command: "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
file: C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
size: 544768
MD5: 41A33F0C9A269A9E04D8593396216D4E

Located: HK_LM:Run, eDataSecurity Loader
command: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
file: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
size: 526896
MD5: 15A33EF5C43C5ADBABECA6B216D839B5

Located: HK_LM:Run, ePower_DMC
command: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
file: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
size: 405504
MD5: 03726930815B2F8369C733315A298658

Located: HK_LM:Run, eRecoveryService
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 24064
MD5: 6FD7F370817F16B5E1F08B91BADAA2EE

Located: HK_LM:Run, LManager
command: C:\PROGRA~1\LAUNCH~1\LManager.exe
file: C:\PROGRA~1\LAUNCH~1\LManager.exe
size: 875016
MD5: 91DB2A15CA7A73412EB6E21D34AC0D3A

Located: HK_LM:Run, lxdxamon
command: "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
file: C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe
size: 16040
MD5: F3455B9139F246021B51EE91FB8C799C

Located: HK_LM:Run, lxdxmon.exe
command: "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
file: C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
size: 668328
MD5: C2C910A77828A48C572F64B664D05CCD

Located: HK_LM:Run, mcagent_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 641208
MD5: 5AB0C4B2BF41A973A48A56E28A2DE3CF

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13605408
MD5: 29302DCA2E72C1DD1EB9D85270539719

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: 21AE79BBEE377159DD4192212DE2A8BE

Located: HK_LM:Run, PlayMovie
command: "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
file: C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
size: 167936
MD5: C000017ECE6727AAFABF9734FC048A1A

Located: HK_LM:Run, PLFSetI
command: C:\Windows\PLFSetI.exe
file: C:\Windows\PLFSetI.exe
size: 200704
MD5: 2F2DF068BED6E62E4C007DF7446B4F19

Located: HK_LM:Run, RtHDVCpl
command: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
file: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 6957600
MD5: 38BE5B5B3781B0E9210E47118A93F821

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1037608
MD5: 78BE2C080AA7F6EB7289EA505D3D8D57

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
size: 419088
MD5: A10CE6B09F11EE3BACD97DF2FE7D7715

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-1909320246-1988262612-3646594847-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-1909320246-1988262612-3646594847-1000...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 35B9FA77B73358D9063CD61AA3D83EE8

Located: HK_CU:Run, Shareaza
where: S-1-5-21-1909320246-1988262612-3646594847-1000...
command: "C:\Program Files\Shareaza\Shareaza.exe" -tray
file: C:\Program Files\Shareaza\Shareaza.exe
size: 5723136
MD5: E3654D1DACFCE75C86ACFEBD5867D3BF

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1909320246-1988262612-3646594847-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-1909320246-1988262612-3646594847-1000...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-1909320246-1988262612-3646594847-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D

Located: Démarrage (tous utilisateurs), Acer VCM.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Acer\Acer VCM\AcerVCM.exe
file: C:\Program Files\Acer\Acer VCM\AcerVCM.exe
size: 1216512
MD5: 9FBCFEACAC0CAE33976706184AB8C6EF

Located: Démarrage (tous utilisateurs), BTTray.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 727592
MD5: 9375FFBE0D5DF03B4740CF42D79D2E48



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27/02/2009 12:07:26
Date (last access): 27/07/2009 09:43:08
Date (last write): 27/02/2009 12:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{27B4851A-3207-45A2-B947-BE8AFE6163AB} (McAfee Phishing Filter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: McAfee Phishing Filter
CLSID name: McAfee Phishing Filter
Path: c:\PROGRA~1\mcafee\msk\
Long name: mskapbho.dll
Short name:
Date (created): 25/06/2009 19:14:38
Date (last access): 23/10/2008 10:05:18
Date (last write): 23/10/2008 10:05:18
Filesize: 247312
Attributes: archive
MD5: 0DC2A4DDF979BF762459E9497DFF4185
CRC32: 50881D8F
Version: 10.1.110.0

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan\
Long name: scriptsn.dll
Short name:
Date (created): 11/01/2009 19:52:28
Date (last access): 26/09/2008 21:00:40
Date (last write): 26/09/2008 21:00:40
Filesize: 58688
Attributes: archive
MD5: 5DA340C6DDF9B3D3912E162A8F99DE95
CRC32: B4F08B1E
Version: 14.0.0.393

{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} (ShowBarObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: ShowBarObj Class
Path: C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\
Long name: ActiveToolBand.dll
Short name: ACTIVE~1.DLL
Date (created): 29/07/2008 18:51:50
Date (last access): 11/01/2009 20:03:38
Date (last write): 29/07/2008 18:51:50
Filesize: 312880
Attributes: archive
MD5: FD87DE0220BF7004C38AE21754436F39
CRC32: 79E63476
Version: 3.0.4.0

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/01/2009 15:41:30
Date (last access): 29/06/2009 00:35:32
Date (last write): 22/01/2009 15:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://www.google.com/intl/fr/toolbar/ie/index.html
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 11/06/2009 20:29:26
Date (last access): 11/06/2009 20:29:26
Date (last write): 11/06/2009 20:29:26
Filesize: 2583352
Attributes: readonly archive
MD5: 1CC10053E1FAA2C68428D9CE43B32245
CRC32: D83E78AD
Version: 4.0.1602.12068

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\
Long name: swg.dll
Short name:
Date (created): 11/06/2009 20:30:58
Date (last access): 11/06/2009 20:30:58
Date (last write): 11/06/2009 20:30:58
Filesize: 736240
Attributes: archive
MD5: 08B7FFE2E84949B7DF49FFEEAB61DFC9
CRC32: F6555903
Version: 3.1.415.1646

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: c:\PROGRA~1\mcafee\SITEAD~1\
Long name: McIEPlg.dll
Short name:
Date (created): 11/01/2009 19:55:18
Date (last access): 13/02/2009 12:44:56
Date (last write): 13/02/2009 12:44:56
Filesize: 150032
Attributes: archive
MD5: 4428FA80C5AC5D0C8F764207E651B65E
CRC32: 2025B4F6
Version: 1.0.2.158



--- ActiveX list ---
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\macromed\download\
Long name: Download.dll
Short name:
Date (created): 15/09/2008 13:22:00
Date (last access): 15/09/2008 13:22:00
Date (last write): 15/09/2008 13:22:00
Filesize: 112016
Attributes: archive
MD5: 8FAFACAF5FCB8B630348E6F1FD1272A1
CRC32: 31E61EF5
Version: 1.0.0.29



--- Process list ---
PID: 3160 ( 908) C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 641208
MD5: 5AB0C4B2BF41A973A48A56E28A2DE3CF
PID: 796 (1100) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 732 (1120) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 2844 (1488) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 6957600
MD5: 38BE5B5B3781B0E9210E47118A93F821
PID: 3116 (1488) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 24064
MD5: 6FD7F370817F16B5E1F08B91BADAA2EE
PID: 2900 (1488) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
size: 405504
MD5: 03726930815B2F8369C733315A298658
PID: 876 (1488) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
size: 526896
MD5: 15A33EF5C43C5ADBABECA6B216D839B5
PID: 940 (1488) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
size: 544768
MD5: 41A33F0C9A269A9E04D8593396216D4E
PID: 3464 (1488) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
size: 28672
MD5: D7EE83A9257D508656172A2B9DD3C317
PID: 3252 (1488) C:\Program Files\Launch Manager\LManager.exe
size: 875016
MD5: 91DB2A15CA7A73412EB6E21D34AC0D3A
PID: 1880 (1488) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1037608
MD5: 78BE2C080AA7F6EB7289EA505D3D8D57
PID: 3756 (1488) C:\Windows\PLFSetI.exe
size: 200704
MD5: 2F2DF068BED6E62E4C007DF7446B4F19
PID: 3064 (1488) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
size: 147456
MD5: FA666331B4FC17B539784EEBCE78B3E2
PID: 1700 (1488) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
size: 167936
MD5: 71C806672E1E8FFDB7A620584011B4DA
PID: 3896 (1488) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
size: 167936
MD5: C000017ECE6727AAFABF9734FC048A1A
PID: 1656 (1488) C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
size: 668328
MD5: C2C910A77828A48C572F64B664D05CCD
PID: 916 (1488) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 1008 (1488) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 1184 (1488) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
size: 1216512
MD5: 9FBCFEACAC0CAE33976706184AB8C6EF
PID: 3920 (1488) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 727592
MD5: 9375FFBE0D5DF03B4740CF42D79D2E48
PID: 320 (2788) C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
size: 25256
MD5: 0E237DC64EF3C77BF4BD843B9894B9F1
PID: 2876 ( 908) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 4340 ( 908) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 4484 (3116) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 24064
MD5: 6FD7F370817F16B5E1F08B91BADAA2EE
PID: 4504 (2844) C:\Users\Sab\AppData\Local\Temp\RtkBtMnt.exe
size: 204800
MD5: B2994EC6452DBD04E57828EEFEDFB93C
PID: 5332 (1184) C:\Program Files\Acer\Acer VCM\acp2HID.exe
size: 196608
MD5: 4A5E2BC7708A580AFB096CA0C488F7E5
PID: 5512 (1880) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 95528
MD5: 6D70A8A4C20346F63570F0C2DF6BC11C
PID: 5348 ( 908) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 2468 (5820) C:\Windows\explorer.exe
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 1848 ( 300) C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
size: 380928
MD5: FBF4BACA102AFE30BCCE0C4C02BE5988
PID: 4988 (2468) C:\Windows\system32\NOTEPAD.EXE
size: 151040
MD5: DAF60E13E96ECB67F0EDAA89C6B01B8D
PID: 1360 (2468) C:\Program Files\Kit Internet Mobile Bouygues Telecom\UIMain.exe
size: 6153216
MD5: C45CED8CFFAC5E6E8C6C225CF1E1CE04
PID: 3592 (1208) C:\Windows\system32\conime.exe
size: 69120
MD5: F96EBC5A624349D81DCC7600A3C5DC43
PID: 3708 (5932) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 5024 (2468) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 0AF842F82CB567E79D065C12E029560C
PID: 196 (2468) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3840 ( 908) C:\Windows\system32\DllHost.exe
size: 7168
MD5: BE01E566D1F569AAB32D0335613E1EEA
PID: 3404 (2680) C:\Windows\system32\SearchFilterHost.exe
size: 87552
MD5: 87889A983C015080FA813D7E32910D1E
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 460 ( 4) smss.exe
size: 64000
PID: 628 ( 616) csrss.exe
size: 6144
PID: 688 ( 616) wininit.exe
size: 96768
PID: 696 ( 680) csrss.exe
size: 6144
PID: 736 ( 688) services.exe
size: 279040
PID: 748 ( 688) lsass.exe
size: 9728
PID: 756 ( 688) lsm.exe
size: 229888
PID: 908 ( 736) svchost.exe
size: 21504
PID: 952 ( 736) nvvsvc.exe
size: 203296
PID: 980 ( 736) svchost.exe
size: 21504
PID: 1072 ( 736) svchost.exe
size: 21504
PID: 1100 ( 736) svchost.exe
size: 21504
PID: 1120 ( 736) svchost.exe
size: 21504
PID: 1192 ( 680) winlogon.exe
size: 314880
PID: 1228 (1072) audiodg.exe
size: 88064
PID: 1248 ( 736) svchost.exe
size: 21504
PID: 1264 ( 736) SLsvc.exe
size: 2623488
PID: 1308 ( 736) svchost.exe
size: 21504
PID: 1416 ( 736) svchost.exe
size: 21504
PID: 1608 ( 736) spoolsv.exe
size: 125952
PID: 1632 ( 736) svchost.exe
size: 21504
PID: 1916 ( 736) svchost.exe
size: 21504
PID: 1944 ( 736) Agentsvc.exe
PID: 1964 ( 736) CLHNService.exe
PID: 1992 ( 736) eDSService.exe
PID: 300 ( 736) ETService.exe
PID: 608 ( 736) LSSrvc.exe
PID: 900 ( 736) lxdxserv.exe
PID: 964 ( 736) lxdxcoms.exe
size: 594600
PID: 684 ( 736) McSACore.exe
PID: 1256 ( 736) McProxy.exe
PID: 1428 ( 736) Mcshield.exe
PID: 728 ( 736) MobilityService.exe
PID: 2128 ( 736) MpfSrv.exe
PID: 2184 ( 736) msksrver.exe
PID: 2208 ( 736) BackupSvc.exe
PID: 2236 ( 736) SchedulerSvc.exe
PID: 2276 ( 736) svchost.exe
size: 21504
PID: 2324 ( 736) RichVideo.exe
PID: 2360 ( 736) RS_Service.exe
PID: 2380 ( 736) SFRABCdService.exe
PID: 2444 ( 736) svchost.exe
size: 21504
PID: 2616 ( 736) svchost.exe
size: 21504
PID: 2680 ( 736) SearchIndexer.exe
size: 439808
PID: 2804 ( 736) XAudio.exe
PID: 2932 (1100) WUDFHost.exe
size: 142336
PID: 3100 (1120) taskeng.exe
size: 169472
PID: 3240 ( 736) mcmscsvc.exe
PID: 3408 ( 908) WmiPrvSE.exe
PID: 4040 ( 736) wmpnetwk.exe
PID: 4604 ( 736) McNASvc.exe
PID: 2880 ( 736) mcsysmon.exe
PID: 5720 (1120) taskeng.exe
size: 169472
PID: 5084 (2680) SearchProtocolHost.exe
size: 184832


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 09/08/2009 00:17:34

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.bing.com/spresults.aspx
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.msn.com/fr-fr
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


--- Winsock Layered Service Provider list ---
Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:



--- Uninstall list ---
Package de pilotes Windows - ENE (enecir) HIDClass (11/19/2008 2.7.0.2) 11/19/2008 2.7.0.2 (4EFD6E835D0DD6220DB8126E6447DF7E798781BE)
uninstall cmd: C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_e8d2a495\enecir.inf
publisher: ENE

Acer GameZone Console 2.0.1.1 (Acer GameZone Console_is1)
install date: 20090111
install location: C:\Program Files\Acer GameZone\GameConsole\
uninstall cmd: "C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
publisher: Oberon Media, Inc.
help link: https://www.iplay.com/welcome/browser

Ad-remover (Ad-remover)
uninstall cmd: C:\Program Files\Ad-remover\Uninstall ADR.exe

(AddressBook)

Adobe Flash Player ActiveX 9.0.124.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: https://helpx.adobe.com/flash-player.html

Adobe Flash Player 10 Plugin 10.0.22.87 (Adobe Flash Player Plugin)
uninstall cmd: C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
publisher: Piriform

HDAUDIO Soft Data Fax Modem with SmartCP 7.73.00.52 (CNXT_MODEM_HDA_HSF)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
publisher: Conexant Systems

(Connection Manager)

(DirectDrawEx)

(DXM_Runtime)

(Fontcore)

Gestionnaire de Connexion SFR 2009.03 (Gestionnaire de Connexion SFR_is1)
install date: 20090805
install location: C:\Program Files\SFR\Gestionnaire de Connexion SFR\
uninstall cmd: "C:\Program Files\SFR\Gestionnaire de Connexion SFR\unins000.exe"

Google Desktop 5.7.0808.07150 (Google Desktop)
uninstall cmd: C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
publisher: Google
help link: http://desktop.google.com/help.html?hl=fr

Acer GridVista 2.72.317 (GridVista)
uninstall cmd: C:\Windows\GVUni.exe GridV.UNI

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Users\Sab\Desktop\HijackThis.exe" /uninstall
publisher: TrendMicro

Microsoft Office Home and Student 2007 12.0.6425.1000 (HOMESTUDENTR)
install location: C:\Program Files\Microsoft Office
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

NTI Backup Now 5 5.1.2.606 (InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403})
version: 83951618
version (major): 5
version (minor): 1
estimated size: 29906
install date: 20090111
install location: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\
install source: C:\Users\Administrator\AppData\Local\Downloaded Installations\{064D0295-5ABC-4C3C-957D-8FBAC31570B2}\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
publisher: NewTech Infosystems

eSobi v2 2.0.3.000201 (InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA})
version: 33554435
version (major): 2
estimated size: 16980
install date: 20090111
install location: C:\Program Files\eSobi\eSobi2\
install source: C:\Users\ADMINI~1\AppData\Local\Temp\{16D2AEAE-D88B-4013-AB61-41D90D344191}\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x040c
publisher: esobi Inc.

NTI Media Maker 8 8.0.2.6329 (InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC})
version: 134217730
version (major): 8
estimated size: 212495
install date: 20090111
install location: C:\Program Files\NewTech Infosystems\NTI Media Maker 8\
install source: C:\ACER\Preload\Autorun\APP\NTI Media Maker\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
publisher: NewTech Infosystems
contact: Technical Support Department
help link: http://www.nticorp.com/support.html

Acer Arcade Deluxe 2.0.5817 (InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761})
version: 33554432
version (major): 2
estimated size: 83288
install date: 20090324
install location: C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\
install source: C:\ACER\Preload\Autorun\APP\Arcade Deluxe\PCinema\
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: https://www.cyberlink.com/support/index.html
help telephone: +886-2-86671298

CyberLink PowerDirector 6.5.3023d (InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1})
version: 103940096
version (major): 6
version (minor): 50
estimated size: 203540
install date: 20090111
install location: C:\Program Files\Cyberlink\PowerDirector\
install source: C:\ACER\Preload\Autorun\APP\Power Director (trial)\
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: https://www.cyberlink.com/support/index.html
help telephone: +886-2-86671298

K-Lite Codec Pack 4.9.5 (Full) 4.9.5 (KLiteCodecPack_is1)
install date: 20090706
install location: C:\Program Files\K-Lite Codec Pack\
uninstall cmd: "C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lexmark 3600-4600 Series (Lexmark 3600-4600 Series)
uninstall cmd: C:\Program Files\Lexmark 3600-4600 Series\Install\x86\Uninst.exe
publisher: Lexmark International, Inc.
help link: http://support.lexmark.com/index?page=productSelection&channel=supportAndDownloads&locale=en&userlocale=EN_US

Launch Manager (LManager)
uninstall cmd: C:\Windows\UnInst32.exe LManager.UNI

Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20090808
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: https://www.malwarebytes.com/

Module linguistique Microsoft .NET Framework 3.5 SP1- fra (Microsoft .NET Framework 3.5 Language Pack SP1 - fra)
install location: c:\Windows\Microsoft.NET\Framework\v3.5\
uninstall cmd: c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
publisher: Microsoft Corporation
help link: https://www.microsoft.com/fr-fr/

Microsoft .NET Framework 3.5 SP1 (Microsoft .NET Framework 3.5 SP1)
install location: C:\Windows\Microsoft.NET\Framework\v3.5\
uninstall cmd: C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
publisher: Microsoft Corporation
help link: https://www.microsoft.com/fr-fr/

(MobileOptionPack)

Mozilla Firefox (3.5.2) 3.5.2 (fr) (Mozilla Firefox (3.5.2))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

McAfee SecurityCenter (MSC)
install location: C:\Program Files\McAfee
uninstall cmd: C:\Program Files\McAfee\MSC\mcuninst.exe
publisher: McAfee, Inc.

NVIDIA Drivers (NVIDIA Drivers)
install location: C:\Windows\system32
uninstall cmd: C:\Windows\system32\nvuninst.exe UninstallGUI
publisher: NVIDIA Corporation

(SchedulingAgent)

Shareaza 2.4.0.0 2.4.0.0 (Shareaza_is1)
install date: 20090802
install location: C:\Program Files\Shareaza\
uninstall cmd: "C:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://shareaza.sourceforge.net/?id=support

9.0.124.0 (ShockwaveFlash)

Synaptics Pointing Device Driver 11.0.2.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
publisher: Synaptics

VLC media player 0.9.9 0.9.9 (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

(WIC)

Installation Windows Live 14.0.8064.0206 (WinLiveSuite_Wave3)
install location: C:\Program Files\Windows Live\
uninstall cmd: C:\Program Files\Windows Live\Installer\wlarp.exe
publisher: Microsoft Corporation

WIDCOMM Bluetooth Software 6.0.1.6400 6.0.1.6400 ({03D1988F-469F-4843-8E6E-E5FE9D17889D})
version: 100663297
version (major): 6
estimated size: 36394
install date: 20090324
install source: C:\ACER\Preload\Autorun\DRV\Foxconn Bluetooth BT 2.0\Win32\
uninstall cmd: MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
publisher: Broadcom Corporation
help link:
help telephone:

Acer VCM 3.2.3002 ({047F790A-7A2A-4B6A-AD02-38092BA63DAC})
version: 50465722
install date: 20090324
install location: C:\Program Files\Acer\Acer VCM
install source: C:\ACER\Preload\Autorun\APP\VCM (H264)\AcerVCM Setup.exe
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x40c -removeonly
publisher: Acer Incorporated

Windows Live Messenger 14.0.8064.0206 ({059C042E-796A-4ACC-A81A-ECC2010BB78C})
version: 234889088
version (major): 14
estimated size: 40112
install date: 20090629
install source: C:\Program Files\Common Files\Windows Live\.cache\d75bede01c9f83f\
uninstall cmd: MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
publisher: Microsoft Corporation

Acer Mobility Center Plug-In 3.0.3000 ({11316260-6666-467B-AC34-183FCB5D4335})
version: 50334648
install date: 20090111
install location: C:\Acer\Mobility Center\
install source: C:\ACER\Preload\Autorun\APP\Acer Mobility Center add-on\MobilityCenter_v3.0.3000_20071206_0456.exe
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
publisher: Acer Inc.

NTI Backup Now Standard 5.1.2.606 ({12EFA1A4-AC3B-443C-8143-237EDE760403})
version: 83951618
version (major): 5
version (minor): 1
estimated size: 29906
install date: 20090111
install location: C:\Program Files\NewTech Infosystems\NTI Backup Now 5\
install source: C:\Users\Administrator\AppData\Local\Downloaded Installations\{064D0295-5ABC-4C3C-957D-8FBAC31570B2}\
publisher: NewTech Infosystems

Acer eSettings Management 3.0.3007 ({13D85C14-2B85-419F-AC41-C7F21E68B25D})
version: 50334655
install date: 20090111
install location: C:\Program Files\Acer\Empowering Technology\eSettings
install source: C:\ACER\Preload\Autorun\APP\eSettings Management\eSettings_v3.0.3007_20080526_1443.exe
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x040c -removeonly
publisher: Acer Incorporated

eSobi v2 2.0.3.000201 ({15D967B5-A4BE-42AE-9E84-64CD062B25AA})
version: 33554435
version (major): 2
estimated size: 16980
install date: 20090111
install location: C:\Program Files\eSobi\eSobi2\
install source: C:\Users\ADMINI~1\AppData\Local\Temp\{16D2AEAE-D88B-4013-AB61-41D90D344191}\
publisher: esobi Inc.

Outil de téléchargement Windows Live 14.0.8014.1029 ({205C6BDD-7B73-42DE-8505-9A093F35A238})
version: 234889038
version (major): 14
estimated size: 225
install date: 20090111
install source: C:\Program Files\Common Files\Windows Live\.cache\27886ab81c97417\
uninstall cmd: MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
publisher: Microsoft Corporation
help link: https://skydrive.live.com/

Windows Live Writer 14.0.8064.0206 ({2231CE39-B963-4B9D-823A-F412ECA637B1})
version: 234889088
version (major): 14
estimated size: 15752
install date: 20090629
install source: C:\Program Files\Common Files\Windows Live\.cache\831e24e01c9f840\
uninstall cmd: MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
publisher: Microsoft Corporation

MSVCRT 14.0.1468.721 ({22B775E7-6C42-4FC5-8E10-9A5E3257BD94})
version: 234882492
version (major): 14
estimated size: 1856
install date: 20090111
install source: C:\Program Files\Common Files\Windows Live\.cache\25602bb81c97417\
uninstall cmd: MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
publisher: Microsoft

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

NTI Media Maker 8 8.0.2.6329 ({2413930C-8309-47A6-BC61-5EF27A4222BC})
version: 134217730
version (major): 8
estimated size: 212495
install date: 20090111
install location: C:\Program Files\NewTech Infosystems\NTI Media Maker 8\
install source: C:\ACER\Preload\Autorun\APP\NTI Media Maker\
publisher: NewTech Infosystems
contact: Technical Support Department
help link: http://www.nticorp.com/support.html

Acer Arcade Deluxe 2.0.5817 ({2637C347-9DAD-11D6-9EA2-00055D0CA761})
version: 33554432
version (major): 2
estimated size: 83288
install date: 20090324
install location: C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\
install source: C:\ACER\Preload\Autorun\APP\Arcade Deluxe\PCinema\
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: https://www.cyberlink.com/support/index.html
help telephone: +886-2-86671298

JMicron JMB38X Flash Media Controller Driver 1.00.21.02 ({26604C7E-A313-4D12-867F-7C6E7820BE4C})
uninstall cmd: "C:\Windows\JMCR_DIR\setup.exe" delpkg
publisher: JMicron Technology Corp.

Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver 1.0.0.38 ({3108C217-BE83-42E4-AE9E-A56A2A92E549})
version: 16777216
install date: 20090111
install location: C:\Program Files\Atheros Communications Inc.\Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
install source: C:\ACER\Preload\Autorun\DRV\Atheros Lan AR8121\
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly
publisher: Atheros Communications Inc.

Windows Live Communications Platform 14.0.8064.206 ({3B4E636E-9D65-4D67-BA61-189800823F52})
version: 234889088
version (major): 14
estimated size: 1945
install date: 20090629
install source: C:\Program Files\Common Files\Windows Live\.cache\262a80981c97417\
uninstall cmd: MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
publisher: Microsoft Corporation

Microsoft .NET Framework 3.5 Language Pack SP1 - fra 3.5.30729 ({3E31821C-7917-367E-938E-E65FC413EA31})
version: 50690057
version (major): 3
version (minor): 5
estimated size: 9011
install date: 20090715
install source: c:\5a6a2e82a3bf0346597f03\
uninstall cmd: MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
publisher: Microsoft Corporation

Galerie de photos Windows Live 14.0.8064.206 ({44E54A81-9D91-4AA1-9417-80AFF134F5FF})
version: 234889088
version (major): 14
estimated size: 32202
install date: 20090629
install source: C:\Program Files\Common Files\Windows Live\.cache\5d88af201c9f840\
uninstall cmd: MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/windows/windows-essentials-2707b879-5004-4349-c4a4-e5900945f2a9

Junk Mail filter update 14.0.8064.206 ({4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3})
version: 234889088
version (major): 14
estimated size: 3512
install date: 20090629
install source: C:\Program Files\Common Files\Windows Live\.cache\2c4d8c181c97417\
uninstall cmd: MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
publisher: Microsoft Corporation

Acer eAudio Management 3.0.3009 ({57265292-228A-41FA-9AEC-4620CBCC2739})
version (major): 3
install location: C:\Program Files\Acer\Empowering Technology\eAudio
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
publisher: CyberLink Corp.

Tom Clancy's Rainbow Six Vegas 1.00.000 ({5731C0A8-B266-451A-8D3F-8066AA21836F})
version: 16777216
install date: 20090802
install location: C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas
install source: F:\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x040c -removeonly
publisher: Ubisoft
readme: C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\ReadMe.txt

Microsoft Office Live Add-in 1.3 2.0.2313.0 ({57F0ED40-8F11-41AA-B926-4A66D0D1A9CC})
version: 33556745
version (major): 2
estimated size: 493
install date: 20090629
install source: C:\Program Files\Common Files\Windows Live\.cache\9086a3a01c9f840\
uninstall cmd: MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
publisher: Microsoft Corporation

Acer ePower Management 3.0.3014 ({58E5844B-7CE2-413D-83D1-99294BF6C74F})
version: 50334662
install date: 20090111
install location: C:\Program Files\Acer\Empowering Technology\ePower
install source: C:\ACER\Preload\Autorun\APP\ePower Management\setup.exe
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x040c -removeonly
publisher: Acer Incorporated
help link: https://www.acer.com/ac/fr/FR/content/home

Orion 2.0.1 ({5B63A470-9334-44D1-AF61-6CE2DB565AE9})
version: 33554433
version (major): 2
estimated size: 12527
install date: 20090111
install source: C:\ACER\Preload\Autorun\APP\Orion\
uninstall cmd: MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
publisher: Convesoft
contact: Convesoft

Windows Live Mail 14.0.8064.0206 ({63DC2DA0-2A6C-4C38-9249-B75395458657})
version: 234889088
version (major): 14
estimated size: 31952
install date: 20090629
install source: C:\Program Files\Common Files\Windows Live\.cache\c7afd401c9f840\
uninstall cmd: MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
publisher: Microsoft Corporation

Microsoft Works 08.05.0822 ({6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C})
version: 134546230
version (major): 8
version (minor): 5
estimated size: 274474
install date: 20090629
install source: c:\acersw\office\cd2\
uninstall cmd: MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
publisher: Microsoft Corporation
comments: Microsoft Works 8.0 installation.
help link: https://support.microsoft.com/ph/1188
help telephone:

Ma-Config.com 3.1.197 ({6C4D4FC0-467B-4BD7-8D11-50E49B2770D2})
version: 50397381
version (major): 3
version (minor): 1
estimated size: 5490
install date: 20090701
install source: C:\Users\Sab\AppData\Local\Temp\testnsis\
uninstall cmd: MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
publisher: Cybelsoft

({6CD40625-E6A7-4C02-B281-3A4CB0D94AA9})

Microsoft Visual C++ 2005 Redistributable 8.0.56336 ({7299052b-02a4-4627-81f2-1818da5d550d})
version: 134274064
version (major): 8
estimated size: 422
install date: 20090111
install source: C:\Users\ADMINI~1\AppData\Local\Temp\IXP001.TMP\
uninstall cmd: MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
publisher: Microsoft Corporation

Installation Windows Live 14.0.8064.206 ({7370DF47-B4F9-4279-BFC3-3F09919F720D})
version: 234889088
version (major): 14
estimated size: 1259
install date: 20090629
install source: C:\Program Files\Common Files\Windows Live\.cache\d520a3e01c9f83f\
uninstall cmd: MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
publisher: Microsoft Corporation
help link: http://support.live.com/

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 8.0.50727.4053 ({770657D0-A123-3C07-8E44-1C83EC895118})
version: 134268455
version (major): 8
estimated size: 251
install date: 20090730
install source: c:\78f80e0c291058256e\
uninstall cmd: MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
publisher: Microsoft Corporation

Acer ScreenSaver 1.01.1007 ({79DD56FC-DB8B-47F5-9C80-78B62E05F9BC})
version: 16843759
install date: 20090324
install location: C:\Program Files\Acer Incorporated\Acer ScreenSaver
install source: C:\ACER\Preload\Autorun\SET\Screen saver\AS_1366_1007.exe
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -runfromtemp -l0x0009 -removeonly
publisher: Acer Incorporated

Acer eRecovery Management 3.0.3014 ({7F811A54-5A09-4579-90E1-C93498E230D9})
version: 50334662
install date: 20090324
install location: C:\Program Files\Acer\Empowering Technology\eRecovery
install source: C:\ACER\Preload\Autorun\APP\eRecovery Management\ery.exe
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x040c -removeonly
publisher: Acer Incorporated
comments: Acer eRecovery Management
contact: www.acer.com
help link: number nwParam, nlParam;

Zuma Deluxe ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Zuma Deluxe
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"
publisher: Oberon Media

Bricks of Egypt ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Bricks of Egypt
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
publisher: Oberon Media

Big Kahuna Reef ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Big Kahuna Reef
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
publisher: Oberon Media

Mystery Case Files - Huntsville ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
publisher: Oberon Media

Cake Mania ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Cake Mania
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
publisher: Oberon Media

Mahjong Escape Ancient China ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Mahjong Escape Ancient China
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
publisher: Oberon Media

Kick N Rush ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Kick N Rush
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
publisher: Oberon Media

Backspin Billiards ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Backspin Billiards
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
publisher: Oberon Media

Mahjongg Artifacts ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Mahjongg Artifacts
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
publisher: Oberon Media

Jewel Quest Solitaire ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Jewel Quest Solitaire
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
publisher: Oberon Media

Mystery Solitaire - Secret Island ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363})
install date: 01/11/2009
install location: C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island
install source: C:\Users\Administrator\AppData\Local\Temp
uninstall cmd: "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log&qu

Réponse de XaTon,:
"Normalement il a supprimé tout ca .
Il y a des traces d'un rogue .

Fait ceci :

~~~~~~~~~~~~~~> SmitFraudfix <~~~~~~~~~~~~~~~~~~~

Telecharger SmitFraudfix sur ce lien :

> http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

* Place le sur le bureau tu obtiens alors une icône SmitFraudfix avec un triangle jaune.
* Double-cliquez sur l'icone, un nouveau dossier est alors créé.

* Clic sur l'icône SmitFraudfix
* Effectuer l'option 1 ( Recherche )

Note
Une fois, l'option 1 lancée.
Une fenêtre sur fond bleu s'ouvre alors... un message d'informations s'ouvre, appuyez sur une touche pour passer à l'étape suivante.

/!\ Laisse l'analyse ce terminer /!\

_ Une fois le scan terminé, un rapport va s'ouvrir sur le Bloc-Note.
* Clique sur le menu Édition puis Sélectionner tout.
* Puis poste moi le rapport

­ ←« XaŦoи »→ ™

candyexe:
"
SmitFraudFix v2.423

Scan done at 0:47:47,33, 09/08/2009
Run from C:\Users\Sab\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\sy
0
Réponse 35 / 55
Utilisateur anonyme
9 août 2009 à 02:29
une desinfection ne se fait pas en MP

et si ton pc avait planté , personne n'aurait été là pour rattrapert le coup ! c'est malin :

XaTon , tu n'est pas assez qualifié pour te permettre de faire des choses comme ca !!

candyexe :

Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".
0
Réponse 36 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
9 août 2009 à 03:03
Merci gen-hackman !! ^^

http://www.cijoint.fr/cjlink.php?file=cj200908/cijykrP8DM.txt

http://www.cijoint.fr/cjlink.php?file=cj200908/cijrZ4e1iO.txt
0
Réponse 37 / 55
Utilisateur anonyme
9 août 2009 à 03:23
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶- Vas dans "Démarrer" puis Panneau de configuration.

▶- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.

▶- Clique sur Continuer.

▶- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.

▶- Valide par OK et redémarre.

Tuto

ensuite :

▶ Télécharge HostXpert sur ton Bureau :

▶ Décompresse-le (Clic droit >> Extraire ici)

▶ Double-clique sur HostsXpert pour le lancer

▶ clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

▶ s'il est fermé , clique dessus :)

ensuite :

▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.

▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.

▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe

▶- Coche la case devant :sites de confiance

▶- Ne coche aucune autre case

▶-Clique sur Restaurer

▶-Redémarre ton PC

ensuite :

▶ Telecharge et install UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 38 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
9 août 2009 à 03:46
############################## | UsbFix V6.014 |

User : Sab (Administrateurs) # PC-DE-SAB
Update on 04/08/09 by Chiquitine29 & C_XX
Start at: 03:41:26 | 09/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 109,94 Go (54,05 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 106,4 Go (12,8 Go free) [DATA] # NTFS
E:\ -> Disque amovible
F:\ -> Disque CD-ROM # 4,82 Go (0 Mo free) [R6VEGAS] # CDFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Users\Sab\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Kit Internet Mobile Bouygues Telecom\UIMain.exe
C:\Program Files\Kit Internet Mobile Bouygues Telecom\ejectdisk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conime.exe

################## | Fichiers # Dossiers infectieux |

Présent ! F:\Setup.exe
Présent ! F:\autorun.inf

################## | Other | https://www.virustotal.com/gui/ |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\G
shell\AutoRun\command =G:\Install.exe

HKCU\..\..\Explorer\MountPoints2\{15ce113b-5c4e-11de-b804-00242ce89449}
shell\AutoRun\command =E:\SFR.exe

HKCU\..\..\Explorer\MountPoints2\{2f1fbf6f-81ec-11de-9625-00a0c6000000}
shell\AutoRun\command =G:\SFR.exe

HKCU\..\..\Explorer\MountPoints2\{42da229b-18b0-11de-b090-806e6f6e6963}
shell\AutoRun\command =F:\launcher.exe

HKCU\..\..\Explorer\MountPoints2\{c9120014-7eac-11de-832b-00242ce89449}
shell\Auto\command =E:\launcher.exe
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\launcher.exe

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.014 ! |
0
Réponse 39 / 55
Utilisateur anonyme
9 août 2009 à 04:00
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 40 / 55
candyexe Messages postés 69 Date d'inscription mardi 4 août 2009 Statut Membre Dernière intervention 14 août 2009
9 août 2009 à 04:14
Pfiouuu!! Pas facile tout ça quand on est novice... le tout c'est de ne pas s' emmêler les pinceaux .
Merci d'être aussi clair. En attendant que l'autre pc se repose, je te fais parvenir le nouveau rapport:


############################## | UsbFix V6.014 |

User : Sab (Administrateurs) # PC-DE-SAB
Update on 04/08/09 by Chiquitine29 & C_XX
Start at: 04:05:06 | 09/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 109,94 Go (54 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 106,4 Go (12,8 Go free) [DATA] # NTFS
E:\ -> Disque amovible
F:\ -> Disque CD-ROM # 4,82 Go (0 Mo free) [R6VEGAS] # CDFS
G:\ -> Unknown drive type

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\runonce.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

(!) Non supprimé ! F:\Setup.exe
(!) Non supprimé ! F:\autorun.inf

################## | Other |


################## | Suspect ... | https://www.virustotal.com/gui/ |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{15ce113b-5c4e-11de-b804-00242ce89449}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2f1fbf6f-81ec-11de-9625-00a0c6000000}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{42da229b-18b0-11de-b090-806e6f6e6963}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c9120014-7eac-11de-832b-00242ce89449}\Shell\Auto\Command

################## | Listing des fichiers présent |

[08/08/2009 22:16|--a------|2753] -> C:\Ad-Report-CLEAN.log
[08/08/2009 21:34|--a------|2458] -> C:\Ad-Report-SCAN.log
[18/09/2006 23:43|--a------|24] -> C:\autoexec.bat
[21/01/2008 04:24|-rahs----|333203] -> C:\bootmgr
[12/01/2009 02:45|-ra-s----|8192] -> C:\BOOTSECT.BAK
[08/08/2009 19:52|--a------|1600] -> C:\cleannavi.txt
[18/09/2006 23:43|--a------|10] -> C:\config.sys
[?|?|?] -> C:\hiberfil.sys
[24/03/2009 22:38|--a------|20] -> C:\Medion.ini
[29/02/2004 17:44|--a------|52576] -> C:\orange.bmp
[?|?|?] -> C:\pagefile.sys
[24/03/2009 22:31|--a------|60] -> C:\Partition.txt
[09/08/2009 01:06|--a------|2575] -> C:\rapport.txt
[24/03/2009 22:18|--a------|1843] -> C:\RHDSetup.log
[09/08/2009 04:09|--a------|4796] -> C:\UsbFix.txt
[17/05/2006 18:21|-r-------|373680] -> F:\_setup.dll
[01/12/2006 07:20|-r-------|9662] -> F:\autorun.ico
[01/12/2006 07:20|-r-------|48] -> F:\autorun.inf
[01/12/2006 21:22|-r-------|1043489] -> F:\data1.cab
[01/12/2006 21:22|-r-------|398117] -> F:\data1.hdr
[01/12/2006 21:24|-r-------|898314240] -> F:\data2.cab
[01/12/2006 21:26|-r-------|431718400] -> F:\data3.cab
[01/12/2006 21:28|-r-------|943718400] -> F:\data4.cab
[01/12/2006 21:30|-r-------|943718400] -> F:\data5.cab
[01/12/2006 21:33|-r-------|943718400] -> F:\data6.cab
[01/12/2006 21:35|-r-------|721850378] -> F:\data7.cab
[01/12/2006 21:21|-r-------|552214] -> F:\ISSetup.dll
[01/12/2006 07:20|-r-------|126976] -> F:\launcher.exe
[01/12/2006 07:20|-r-------|395] -> F:\launcher.ini
[01/12/2006 21:35|-r-------|1155] -> F:\layout.bin
[24/05/2006 19:10|-r-------|455600] -> F:\setup.exe
[01/12/2006 07:20|-r-------|25849] -> F:\setup.gif
[01/12/2006 21:21|-r-------|574] -> F:\setup.ini
[01/12/2006 05:49|-r-------|239832] -> F:\setup.inx
[07/11/2006 20:38|-r-------|7355679] -> F:\setup.isn
[01/12/2006 21:55|-r-------|1] -> F:\SI.bin

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.014 ! |
0