Rlvknlg.exe a cesser de fonctionner
T0in0u
Messages postés
41
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Depuis Une Petite semaine Au Démarrage De mon PC une fenêtre de Vista s'affiche et me dit que : "rlvknlg.exe a cessé de fonctionner" j'ai regarder sur les autres forums et j'ai vu que c'était un virus. On y disait d'aller dans "msconfig" et démarrage pour desactiver le fichier sauf que je ne le trouve pas et je n'arrive pas a m'en débarasser.
Comment Faire ???!
Merci de Vos réponses ;)
Depuis Une Petite semaine Au Démarrage De mon PC une fenêtre de Vista s'affiche et me dit que : "rlvknlg.exe a cessé de fonctionner" j'ai regarder sur les autres forums et j'ai vu que c'était un virus. On y disait d'aller dans "msconfig" et démarrage pour desactiver le fichier sauf que je ne le trouve pas et je n'arrive pas a m'en débarasser.
Comment Faire ???!
Merci de Vos réponses ;)
A voir également:
- Rlvknlg.exe a cesser de fonctionner
- Comment faire fonctionner le chromecast - Guide
- Main a cessé de fonctionner autocom ✓ - Forum C
- Tvapi a cessé de fonctionner fermer l'appli que faire - Forum TV & Vidéo
- Problème Delphi -Bug- ✓ - Forum Delphi
- Votre messagerie gmail cessera de fonctionner - Guide
26 réponses
salut :
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
Merci Beaucoup de Ta réponse ! =D
Alors Voila Le Premier Lien : http://www.cijoint.fr/cjlink.php?file=cj200912/cijMzjiRPZ.txt
Le Deuxième : http://www.cijoint.fr/cjlink.php?file=cj200912/cijTrD0o5D.txt
Voila ;)
Alors Voila Le Premier Lien : http://www.cijoint.fr/cjlink.php?file=cj200912/cijMzjiRPZ.txt
Le Deuxième : http://www.cijoint.fr/cjlink.php?file=cj200912/cijTrD0o5D.txt
Voila ;)
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
▶ Télécharge List&Kill'em.scr et enregistre le sur ton bureau
▶ dezippe-le , (clic droit/ extraire.....)
Il ne necessite pas d'installation
▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant
▶ Poste le contenu du rapport qui s'ouvre
(si le premier lien ne fonctionne pas : List_Kill'em.bat )
▶ Télécharge List&Kill'em.scr et enregistre le sur ton bureau
▶ dezippe-le , (clic droit/ extraire.....)
Il ne necessite pas d'installation
▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant
▶ Poste le contenu du rapport qui s'ouvre
(si le premier lien ne fonctionne pas : List_Kill'em.bat )
Remerci ^^ (Mais Je DOIT Absolument aller au dodo xDD) Je finirais sa demain Je laisse tout en route !
RERERERERELERCI ^^ A Demain =D
RERERERERELERCI ^^ A Demain =D
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Rebonjour, Voici Le Résultat :
List'em by g3n-h@ckm@n 1.1.5.0
Thx to Chiquitine29.....& CCM team
User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 21:23:20 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 143,79 Go (10,49 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 143,56 Go (102,83 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 516
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\csrss.exe 696
C:\Windows\system32\wininit.exe 704
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\services.exe 784
C:\Windows\system32\lsass.exe 824
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1168
C:\Windows\System32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1372
C:\Windows\system32\svchost.exe 1412
C:\Windows\system32\svchost.exe 1568
D:\Avast\aswUpdSv.exe 1736
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\system32\svchost.exe 1844
C:\Acer\ALaunch\ALaunchSvc.exe 212
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 356
C:\Program Files\Bonjour\mDNSResponder.exe 380
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 396
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 828
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1332
C:\Windows\system32\FsUsbExService.Exe 1576
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 404
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2092
C:\Acer\Mobility Center\MobilityService.exe 2124
C:\Windows\System32\svchost.exe 2148
C:\Windows\System32\svchost.exe 2224
C:\Windows\system32\svchost.exe 2248
C:\Program Files\RelevantKnowledge\rlservice.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2300
C:\ProgramData\SeekappSrch\seekapp167.exe 2340
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\DRIVERS\xaudio.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2556
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2612
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2724
C:\Windows\system32\wbem\wmiprvse.exe 2832
C:\Windows\system32\wbem\wmiprvse.exe 2944
C:\Windows\system32\wbem\unsecapp.exe 3028
C:\Windows\system32\taskeng.exe 3436
C:\Program Files\Windows Media Player\wmpnetwk.exe 4064
C:\Windows\system32\taskeng.exe 2692
C:\Windows\system32\Dwm.exe 3872
C:\Windows\Explorer.EXE 900
C:\Program Files\Google\Update\GoogleUpdate.exe 3532
C:\Program Files\Apoint2K\Apoint.exe 3636
C:\Windows\RtHDVCpl.exe 4032
C:\Program Files\SeekappSrch\seekappsrch.exe 3052
C:\Windows\System32\rundll32.exe 2236
D:\WinAmp\winampa.exe 2908
C:\Program Files\Search Settings\SearchSettings.exe 3940
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 3944
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 2452
C:\Program Files\Java\jre6\bin\jusched.exe 3780
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3524
C:\Windows\ehome\ehtray.exe 4080
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2336
C:\Users\ANTOINE\AppData\Local\Google\Update\GoogleUpdate.exe 2916
C:\Program Files\Windows Media Player\wmpnscfg.exe 2104
C:\Users\ANTOINE\AppData\Local\ekcagd.exe 3840
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3984
C:\Windows\System32\rundll32.exe 3324
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3920
C:\Program Files\Apoint2K\ApMsgFwd.exe 2056
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe 4256
C:\Program Files\Apoint2K\Apntex.exe 4272
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE 4348
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4392
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4404
C:\Windows\system32\wuauclt.exe 4444
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\ehome\ehmsas.exe 4748
C:\Program Files\RelevantKnowledge\rlvknlg.exe 5064
C:\Windows\system32\WerFault.exe 5152
C:\Acer\Empowering Technology\eAudio\eAudio.exe 5692
C:\Users\ANTOINE\AppData\Local\Temp\Rar$DI00.228\List_Kill'em.scr 5904
C:\Windows\system32\conime.exe 5932
C:\Windows\system32\cmd.exe 5948
C:\Users\ANTOINE\AppData\Local\Temp\194A.tmp\pv.exe 5208
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Google Update REG_SZ "C:\Users\ANTOINE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
ekcagd REG_SZ "c:\users\antoine\appdata\local\ekcagd.exe" ekcagd
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
WinampAgent REG_SZ D:\WinAmp\winampa.exe
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
SearchSettings REG_SZ C:\Program Files\Search Settings\SearchSettings.exe
NPSStartup REG_SZ
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutorun REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://lo.st
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x2
SharedAccess : 0x4
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2
=========
E:\Autorun.inf :
----------------
[autorun]
open=Install.exe
icon=bin/Autorun.ico
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: ACER
Taille du volume = 144 Go
Espace libre = 10.56 Go
tendue d'espace libre la plus grande = 199 Mo
Pourcentage de fragmentation des fichiers = 34 %
Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Vous devriez d‚fragmenter ce volume.
==========
Programs
==========
Acer Arcade Deluxe
ACER CrystalEye webcam
Acer GameZone
Acer Inc
Activation Assistant for the 2007 Microsoft Office suites
Adobe
adslTV
Alwil Software
Apoint2K
Apple Software Update
AviSynth 2.5
Beneton Movie GIF
Beneton Software
Bonjour
Bullfrog
Common Files
Conduit
CONEXANT
ConvertHelper
CyberLink
desktop.ini
DevGuru
DIFX
DivX
EA GAMES
Electronic Arts
eMule
Fichiers communs
FileZilla Client
Free Music Zilla
Freecorder
Google
InstallShield Installation Information
Intel
Internet Explorer
iPod
IrfanView
IVT Corporation
Java
Lame for Audacity
Launch Manager
Mad Scientist Productions
MAGIX
MarkAny
Messenger Plus! Live
Microsoft
Microsoft Games
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft WSE
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSXML 4.0
NCH Software
NewTech Infosystems
NVIDIA Corporation
PC Connectivity Solution
QuickTime
Real
Realtek
Reference Assemblies
RelevantKnowledge
Rockstar Games
SAMSUNG
Search Settings
Seekapp
SeekappSrch
Shareaza
SUYIN
Ubi Soft
Ubisoft
Ulead Systems
Uninstall Information
VideoLAN
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live Safety Center
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Sidebar
WinRAR
WinZip
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata19.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt19.sqm
C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Program Files\RelevantKnowledge
C:\Program Files\Search Settings
C:\Windows\System32\ACER.exe
C:\Windows\System32\autorun.inf
C:\Windows\System32\drivers\etc\hosts.msn
C:\Windows\System32\MSINET.oca
C:\Windows\System32\x64
C:\Users\ANTOINE\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\AutoRun.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD3810.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD5AFA.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD8259.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EADE9A2.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\eauninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ffmpeg3.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\First15.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\GoogleUpdateSetup.exe66a9ceb
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\mdx-oct-2005.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\MsgPlusUninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ose00000.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl24E2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl258A.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl5E55.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylB1B2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylBA97.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylCA16.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\The Sims 2_uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\UNINSTAL.EXE
C:\Users\ANTOINE\LOCAL Settings\Temp\unwise.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0ca1.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0e40.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_10ed.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_9d35.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\VP6Install.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\xmlUpdater.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ycomp_setup.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\_is7233.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp120E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1260.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1803.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp19F0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1E8C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2012.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp21ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp223D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp22E2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp244.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp27EF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2C21.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2DF3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2F4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2FCB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp300.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3017.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3043.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3582.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp366D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp384A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3BF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3E38.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp403E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp42ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4725.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4A5A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4C8A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4DD7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4F7A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp516B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5E6A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5FCD.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6049.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6187.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp67F6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6A1E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp70BA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp719D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp730E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7AC1.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7B9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7BA9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8196.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8321.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp87E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp89BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8C68.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8DCE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9149.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9668.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9AFC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9ED0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA075.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA58B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA9DA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpADF2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB329.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB40F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB6F3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBA23.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBD78.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBE01.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC095.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC0C4.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC50.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC69.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCAAF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCABF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD492.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD4CC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD680.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD80C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD8A6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDC76.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDD05.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE087.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0C9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0D5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE4AA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE646.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA25.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA81.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpECF5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF114.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF3AB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF48F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF7BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF89B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF9FD.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
"HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
"HKLM\Software\Search Settings"
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\fcn
HKCU\SOFTWARE\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\SOFTWARE\OOO
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\Dealio
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\OOO
=========
Rootkits
=========
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 21:27:54
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc009599]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bdc009599]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
List'em by g3n-h@ckm@n 1.1.5.0
Thx to Chiquitine29.....& CCM team
User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 21:23:20 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 143,79 Go (10,49 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 143,56 Go (102,83 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 516
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\csrss.exe 696
C:\Windows\system32\wininit.exe 704
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\services.exe 784
C:\Windows\system32\lsass.exe 824
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1168
C:\Windows\System32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1372
C:\Windows\system32\svchost.exe 1412
C:\Windows\system32\svchost.exe 1568
D:\Avast\aswUpdSv.exe 1736
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\system32\svchost.exe 1844
C:\Acer\ALaunch\ALaunchSvc.exe 212
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 356
C:\Program Files\Bonjour\mDNSResponder.exe 380
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 396
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 828
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1332
C:\Windows\system32\FsUsbExService.Exe 1576
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 404
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2092
C:\Acer\Mobility Center\MobilityService.exe 2124
C:\Windows\System32\svchost.exe 2148
C:\Windows\System32\svchost.exe 2224
C:\Windows\system32\svchost.exe 2248
C:\Program Files\RelevantKnowledge\rlservice.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2300
C:\ProgramData\SeekappSrch\seekapp167.exe 2340
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\DRIVERS\xaudio.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2556
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2612
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2724
C:\Windows\system32\wbem\wmiprvse.exe 2832
C:\Windows\system32\wbem\wmiprvse.exe 2944
C:\Windows\system32\wbem\unsecapp.exe 3028
C:\Windows\system32\taskeng.exe 3436
C:\Program Files\Windows Media Player\wmpnetwk.exe 4064
C:\Windows\system32\taskeng.exe 2692
C:\Windows\system32\Dwm.exe 3872
C:\Windows\Explorer.EXE 900
C:\Program Files\Google\Update\GoogleUpdate.exe 3532
C:\Program Files\Apoint2K\Apoint.exe 3636
C:\Windows\RtHDVCpl.exe 4032
C:\Program Files\SeekappSrch\seekappsrch.exe 3052
C:\Windows\System32\rundll32.exe 2236
D:\WinAmp\winampa.exe 2908
C:\Program Files\Search Settings\SearchSettings.exe 3940
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 3944
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 2452
C:\Program Files\Java\jre6\bin\jusched.exe 3780
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3524
C:\Windows\ehome\ehtray.exe 4080
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2336
C:\Users\ANTOINE\AppData\Local\Google\Update\GoogleUpdate.exe 2916
C:\Program Files\Windows Media Player\wmpnscfg.exe 2104
C:\Users\ANTOINE\AppData\Local\ekcagd.exe 3840
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3984
C:\Windows\System32\rundll32.exe 3324
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3920
C:\Program Files\Apoint2K\ApMsgFwd.exe 2056
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe 4256
C:\Program Files\Apoint2K\Apntex.exe 4272
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE 4348
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4392
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4404
C:\Windows\system32\wuauclt.exe 4444
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\ehome\ehmsas.exe 4748
C:\Program Files\RelevantKnowledge\rlvknlg.exe 5064
C:\Windows\system32\WerFault.exe 5152
C:\Acer\Empowering Technology\eAudio\eAudio.exe 5692
C:\Users\ANTOINE\AppData\Local\Temp\Rar$DI00.228\List_Kill'em.scr 5904
C:\Windows\system32\conime.exe 5932
C:\Windows\system32\cmd.exe 5948
C:\Users\ANTOINE\AppData\Local\Temp\194A.tmp\pv.exe 5208
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder REG_SZ
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Google Update REG_SZ "C:\Users\ANTOINE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
ekcagd REG_SZ "c:\users\antoine\appdata\local\ekcagd.exe" ekcagd
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
WinampAgent REG_SZ D:\WinAmp\winampa.exe
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
SearchSettings REG_SZ C:\Program Files\Search Settings\SearchSettings.exe
NPSStartup REG_SZ
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutorun REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://lo.st
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x2
SharedAccess : 0x4
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2
=========
E:\Autorun.inf :
----------------
[autorun]
open=Install.exe
icon=bin/Autorun.ico
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: ACER
Taille du volume = 144 Go
Espace libre = 10.56 Go
tendue d'espace libre la plus grande = 199 Mo
Pourcentage de fragmentation des fichiers = 34 %
Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Vous devriez d‚fragmenter ce volume.
==========
Programs
==========
Acer Arcade Deluxe
ACER CrystalEye webcam
Acer GameZone
Acer Inc
Activation Assistant for the 2007 Microsoft Office suites
Adobe
adslTV
Alwil Software
Apoint2K
Apple Software Update
AviSynth 2.5
Beneton Movie GIF
Beneton Software
Bonjour
Bullfrog
Common Files
Conduit
CONEXANT
ConvertHelper
CyberLink
desktop.ini
DevGuru
DIFX
DivX
EA GAMES
Electronic Arts
eMule
Fichiers communs
FileZilla Client
Free Music Zilla
Freecorder
InstallShield Installation Information
Intel
Internet Explorer
iPod
IrfanView
IVT Corporation
Java
Lame for Audacity
Launch Manager
Mad Scientist Productions
MAGIX
MarkAny
Messenger Plus! Live
Microsoft
Microsoft Games
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft WSE
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSXML 4.0
NCH Software
NewTech Infosystems
NVIDIA Corporation
PC Connectivity Solution
QuickTime
Real
Realtek
Reference Assemblies
RelevantKnowledge
Rockstar Games
SAMSUNG
Search Settings
Seekapp
SeekappSrch
Shareaza
SUYIN
Ubi Soft
Ubisoft
Ulead Systems
Uninstall Information
VideoLAN
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live Safety Center
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Sidebar
WinRAR
WinZip
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata19.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt19.sqm
C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Program Files\RelevantKnowledge
C:\Program Files\Search Settings
C:\Windows\System32\ACER.exe
C:\Windows\System32\autorun.inf
C:\Windows\System32\drivers\etc\hosts.msn
C:\Windows\System32\MSINET.oca
C:\Windows\System32\x64
C:\Users\ANTOINE\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\AutoRun.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD3810.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD5AFA.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD8259.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EADE9A2.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\eauninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ffmpeg3.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\First15.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\GoogleUpdateSetup.exe66a9ceb
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\mdx-oct-2005.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\MsgPlusUninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ose00000.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl24E2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl258A.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl5E55.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylB1B2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylBA97.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylCA16.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\The Sims 2_uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\UNINSTAL.EXE
C:\Users\ANTOINE\LOCAL Settings\Temp\unwise.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0ca1.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0e40.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_10ed.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_9d35.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\VP6Install.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\xmlUpdater.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ycomp_setup.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\_is7233.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp120E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1260.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1803.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp19F0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1E8C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2012.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp21ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp223D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp22E2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp244.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp27EF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2C21.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2DF3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2F4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2FCB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp300.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3017.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3043.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3582.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp366D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp384A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3BF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3E38.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp403E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp42ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4725.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4A5A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4C8A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4DD7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4F7A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp516B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5E6A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5FCD.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6049.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6187.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp67F6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6A1E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp70BA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp719D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp730E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7AC1.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7B9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7BA9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8196.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8321.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp87E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp89BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8C68.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8DCE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9149.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9668.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9AFC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9ED0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA075.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA58B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA9DA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpADF2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB329.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB40F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB6F3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBA23.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBD78.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBE01.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC095.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC0C4.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC50.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC69.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCAAF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCABF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD492.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD4CC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD680.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD80C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD8A6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDC76.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDD05.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE087.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0C9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0D5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE4AA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE646.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA25.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA81.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpECF5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF114.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF3AB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF48F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF7BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF89B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF9FD.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
"HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
"HKLM\Software\Search Settings"
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\fcn
HKCU\SOFTWARE\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\SOFTWARE\OOO
HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\Dealio
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\OOO
=========
Rootkits
=========
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 21:27:54
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc009599]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bdc009599]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
ensuite :
supprime List_Kill'em
ensuite :
▶ Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:
▶ Allez dans "Démarrer" puis Panneau de configuration.
▶ Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
▶ Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
▶ Validez par OK et redémarrez .
ensuite
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
ensuite :
desinstalle AD-Remover
ensuite :
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite clic droit "executer en tant qu'administrateur" sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
ensuite :
supprime Navilog
ensuite :
########### [ Option 1 ( Recherche ) ]
▶ Télécharge FindyKill de Chiquitine29 sur ton bureau :
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
! Déconnecte toi et ferme toutes applications en cours !
▶ Double clique (clic droit "en tant qu'administrateur" pour Vista) sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
▶ Double-clique (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
ensuite :
########### [ Option 2 ( Suppression ) ]
▶ Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
▶ Relance "FindyKill" (clic droit "en tant qu'administrateur" pour Vista): au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
▶ Le pc va redémarrer automatiquement ...
▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
▶ Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
▶ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
ensuite :
relance findykill et option desiinstaller
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
ensuite :
supprime List_Kill'em
ensuite :
▶ Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:
▶ Allez dans "Démarrer" puis Panneau de configuration.
▶ Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
▶ Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
▶ Validez par OK et redémarrez .
ensuite
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
ensuite :
desinstalle AD-Remover
ensuite :
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite clic droit "executer en tant qu'administrateur" sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
ensuite :
supprime Navilog
ensuite :
########### [ Option 1 ( Recherche ) ]
▶ Télécharge FindyKill de Chiquitine29 sur ton bureau :
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
! Déconnecte toi et ferme toutes applications en cours !
▶ Double clique (clic droit "en tant qu'administrateur" pour Vista) sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
▶ Double-clique (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
ensuite :
########### [ Option 2 ( Suppression ) ]
▶ Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
▶ Relance "FindyKill" (clic droit "en tant qu'administrateur" pour Vista): au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
▶ Le pc va redémarrer automatiquement ...
▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
▶ Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
▶ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
ensuite :
relance findykill et option desiinstaller
Kill'em by g3n-h@ckm@n 1.1.5.0
User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 22:32:59 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 143,79 Go (10,29 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 143,56 Go (103,02 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 516
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\csrss.exe 696
C:\Windows\system32\wininit.exe 704
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\services.exe 784
C:\Windows\system32\lsass.exe 824
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1168
C:\Windows\System32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1372
C:\Windows\system32\svchost.exe 1412
C:\Windows\system32\svchost.exe 1568
D:\Avast\aswUpdSv.exe 1736
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\system32\svchost.exe 1844
C:\Acer\ALaunch\ALaunchSvc.exe 212
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 356
C:\Program Files\Bonjour\mDNSResponder.exe 380
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 396
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 828
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1332
C:\Windows\system32\FsUsbExService.Exe 1576
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 404
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2092
C:\Acer\Mobility Center\MobilityService.exe 2124
C:\Windows\System32\svchost.exe 2148
C:\Windows\System32\svchost.exe 2224
C:\Windows\system32\svchost.exe 2248
C:\Program Files\RelevantKnowledge\rlservice.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2300
C:\ProgramData\SeekappSrch\seekapp167.exe 2340
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\DRIVERS\xaudio.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2556
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2612
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2724
C:\Windows\system32\wbem\wmiprvse.exe 2832
C:\Windows\system32\wbem\wmiprvse.exe 2944
C:\Windows\system32\wbem\unsecapp.exe 3028
C:\Windows\system32\taskeng.exe 3436
C:\Program Files\Windows Media Player\wmpnetwk.exe 4064
C:\Windows\system32\taskeng.exe 2692
C:\Windows\system32\Dwm.exe 3872
C:\Windows\Explorer.EXE 900
C:\Program Files\Apoint2K\Apoint.exe 3636
C:\Windows\RtHDVCpl.exe 4032
C:\Program Files\SeekappSrch\seekappsrch.exe 3052
C:\Windows\System32\rundll32.exe 2236
D:\WinAmp\winampa.exe 2908
C:\Program Files\Search Settings\SearchSettings.exe 3940
C:\Program Files\Java\jre6\bin\jusched.exe 3780
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3524
C:\Windows\ehome\ehtray.exe 4080
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2336
C:\Program Files\Windows Media Player\wmpnscfg.exe 2104
C:\Users\ANTOINE\AppData\Local\ekcagd.exe 3840
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3984
C:\Windows\System32\rundll32.exe 3324
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3920
C:\Program Files\Apoint2K\ApMsgFwd.exe 2056
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe 4256
C:\Program Files\Apoint2K\Apntex.exe 4272
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE 4348
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4392
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4404
C:\Windows\system32\wuauclt.exe 4444
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\ehome\ehmsas.exe 4748
C:\Program Files\RelevantKnowledge\rlvknlg.exe 5064
C:\Windows\system32\WerFault.exe 5152
C:\Acer\Empowering Technology\eAudio\eAudio.exe 5692
C:\Windows\system32\conime.exe 5932
C:\Program Files\Windows Live\Contacts\wlcomm.exe 5104
D:\Opera\opera.exe 2316
C:\Windows\system32\notepad.exe 5744
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 5624
C:\Program Files\WinRAR\WinRAR.exe 4560
C:\Users\ANTOINE\AppData\Local\Temp\Rar$DI00.076\List_Kill'em.scr 768
C:\Windows\system32\cmd.exe 3136
C:\Users\ANTOINE\AppData\Local\Temp\FFA4.tmp\pv.exe 3952
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata19.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt19.sqm
"C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}"
"C:\Program Files\RelevantKnowledge"
"C:\Program Files\Search Settings"
"C:\Windows\System32\ACER.exe"
C:\Windows\System32\autorun.inf
"C:\Windows\System32\drivers\etc\hosts.msn"
"C:\Windows\system32\MSINET.oca"
"C:\Windows\system32\x64"
C:\Users\ANTOINE\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\AutoRun.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD3810.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD5AFA.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD8259.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EADE9A2.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\eauninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ffmpeg3.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\First15.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\GoogleUpdateSetup.exe66a9ceb
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\mdx-oct-2005.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\MsgPlusUninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ose00000.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl24E2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl258A.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl5E55.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylB1B2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylBA97.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylCA16.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\The Sims 2_uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\UNINSTAL.EXE
C:\Users\ANTOINE\LOCAL Settings\Temp\unwise.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0ca1.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0e40.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_10ed.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_9d35.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\VP6Install.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\xmlUpdater.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ycomp_setup.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\_is7233.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp120E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1260.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1803.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp19F0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1E8C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2012.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp21ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp223D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp22E2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp244.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp27EF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2C21.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2DF3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2F4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2FCB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp300.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3017.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3043.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3582.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp366D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp384A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3BF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3E38.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp403E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp42ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4725.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4A5A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4C8A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4DD7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4F7A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp516B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5E6A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5FCD.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6049.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6187.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp67F6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6A1E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp70BA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp719D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp730E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7AC1.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7B9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7BA9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8196.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8321.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp87E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp89BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8C68.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8DCE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9149.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9668.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9AFC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9ED0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA075.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA58B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA9DA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpADF2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB329.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB40F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB6F3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBA23.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBD78.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBE01.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC095.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC0C4.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC50.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC69.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCAAF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCABF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD492.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD4CC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD680.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD80C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD8A6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDC76.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDD05.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE087.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0C9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0D5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE4AA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE646.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA25.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA81.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpECF5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF114.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF3AB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF48F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF7BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF89B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF9FD.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
09393D62-FA46-408b-9A69-833FB7E70874.exe.Kill'em
acer.exe.Kill'em
AutoRun.exe.Kill'em
autorun.inf.Kill'em
B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe.Kill'em
EAD3810.exe.Kill'em
EAD5AFA.exe.Kill'em
EAD8259.exe.Kill'em
EADE9A2.exe.Kill'em
eauninstall.exe.Kill'em
ffmpeg3.exe.Kill'em
First15.exe.Kill'em
FlashPlayerUpdate.exe.Kill'em
GoogleUpdateSetup.exe66a9ceb.Kill'em
hosts.msn.Kill'em
jre-6u15-windows-i586-iftw.exe.Kill'em
jre-6u17-windows-i586-iftw-rv.exe.Kill'em
mdx-oct-2005.exe.Kill'em
MsgPlusUninstall.exe.Kill'em
MSINET.oca.Kill'em
ose00000.exe.Kill'em
pyl24E2.tmp.exe.Kill'em
pyl258A.tmp.exe.Kill'em
pyl5E55.tmp.exe.Kill'em
pylB1B2.tmp.exe.Kill'em
pylBA97.tmp.exe.Kill'em
pylCA16.tmp.exe.Kill'em
RelevantKnowledge.Kill'em
RtkBtMnt.exe.Kill'em
Search Settings.Kill'em
sqmdata05.sqm.Kill'em
sqmdata06.sqm.Kill'em
sqmdata07.sqm.Kill'em
sqmdata08.sqm.Kill'em
sqmdata09.sqm.Kill'em
sqmdata10.sqm.Kill'em
sqmdata11.sqm.Kill'em
sqmdata12.sqm.Kill'em
sqmdata13.sqm.Kill'em
sqmdata14.sqm.Kill'em
sqmdata15.sqm.Kill'em
sqmdata16.sqm.Kill'em
sqmdata19.sqm.Kill'em
sqmnoopt05.sqm.Kill'em
sqmnoopt06.sqm.Kill'em
sqmnoopt07.sqm.Kill'em
sqmnoopt08.sqm.Kill'em
sqmnoopt09.sqm.Kill'em
sqmnoopt10.sqm.Kill'em
sqmnoopt11.sqm.Kill'em
sqmnoopt12.sqm.Kill'em
sqmnoopt13.sqm.Kill'em
sqmnoopt14.sqm.Kill'em
sqmnoopt15.sqm.Kill'em
sqmnoopt16.sqm.Kill'em
sqmnoopt19.sqm.Kill'em
The Sims 2_uninst.exe.Kill'em
tmp120E.tmp.Kill'em
tmp1260.tmp.Kill'em
tmp1364.tmp.Kill'em
tmp1803.tmp.Kill'em
tmp19F0.tmp.Kill'em
tmp1E8C.tmp.Kill'em
tmp2012.tmp.Kill'em
tmp21ED.tmp.Kill'em
tmp223D.tmp.Kill'em
tmp22E2.tmp.Kill'em
tmp244.tmp.Kill'em
tmp2791.tmp.Kill'em
tmp27EF.tmp.Kill'em
tmp2C21.tmp.Kill'em
tmp2DF3.tmp.Kill'em
tmp2F4A.tmp.Kill'em
tmp2FCB.tmp.Kill'em
tmp300.tmp.Kill'em
tmp3017.tmp.Kill'em
tmp3043.tmp.Kill'em
tmp3582.tmp.Kill'em
tmp366D.tmp.Kill'em
tmp384A.tmp.Kill'em
tmp3BF.tmp.Kill'em
tmp3E38.tmp.Kill'em
tmp403E.tmp.Kill'em
tmp42ED.tmp.Kill'em
tmp4725.tmp.Kill'em
tmp4A5A.tmp.Kill'em
tmp4C8A.tmp.Kill'em
tmp4DD7.tmp.Kill'em
tmp4F7A.tmp.Kill'em
tmp516B.tmp.Kill'em
tmp5E6A.tmp.Kill'em
tmp5FCD.tmp.Kill'em
tmp6049.tmp.Kill'em
tmp6187.tmp.Kill'em
tmp67F6.tmp.Kill'em
tmp6A1E.tmp.Kill'em
tmp6E.tmp.Kill'em
tmp70BA.tmp.Kill'em
tmp719D.tmp.Kill'em
tmp730E.tmp.Kill'em
tmp7AC1.tmp.Kill'em
tmp7B9C.tmp.Kill'em
tmp7BA9.tmp.Kill'em
tmp8196.tmp.Kill'em
tmp8321.tmp.Kill'em
tmp87E.tmp.Kill'em
tmp89BE.tmp.Kill'em
tmp8C68.tmp.Kill'em
tmp8DCE.tmp.Kill'em
tmp9149.tmp.Kill'em
tmp9668.tmp.Kill'em
tmp9AFC.tmp.Kill'em
tmp9ED0.tmp.Kill'em
tmpA075.tmp.Kill'em
tmpA58B.tmp.Kill'em
tmpA9DA.tmp.Kill'em
tmpADF2.tmp.Kill'em
tmpB329.tmp.Kill'em
tmpB40F.tmp.Kill'em
tmpB6F3.tmp.Kill'em
tmpB9C.tmp.Kill'em
tmpBA23.tmp.Kill'em
tmpBD78.tmp.Kill'em
tmpBE01.tmp.Kill'em
tmpC095.tmp.Kill'em
tmpC0C4.tmp.Kill'em
tmpC50.tmp.Kill'em
tmpC69.tmp.Kill'em
tmpCAAF.tmp.Kill'em
tmpCABF.tmp.Kill'em
tmpD492.tmp.Kill'em
tmpD4CC.tmp.Kill'em
tmpD680.tmp.Kill'em
tmpD80C.tmp.Kill'em
tmpD8A6.tmp.Kill'em
tmpDC76.tmp.Kill'em
tmpDD05.tmp.Kill'em
tmpE087.tmp.Kill'em
tmpE0C9.tmp.Kill'em
tmpE0D5.tmp.Kill'em
tmpE4AA.tmp.Kill'em
tmpE646.tmp.Kill'em
tmpEA25.tmp.Kill'em
tmpEA81.tmp.Kill'em
tmpEC4A.tmp.Kill'em
tmpEC7.tmp.Kill'em
tmpECF5.tmp.Kill'em
tmpF114.tmp.Kill'em
tmpF3AB.tmp.Kill'em
tmpF48F.tmp.Kill'em
tmpF7BE.tmp.Kill'em
tmpF89B.tmp.Kill'em
tmpF9FD.tmp.Kill'em
uninst.exe.Kill'em
UNINSTAL.EXE.Kill'em
unwise.exe.Kill'em
Update_0ca1.exe.Kill'em
Update_0e40.exe.Kill'em
Update_10ed.exe.Kill'em
Update_9d35.exe.Kill'em
VP6Install.exe.Kill'em
wlsetup-cvr.exe.Kill'em
x64.Kill'em
xmlUpdater.exe.Kill'em
ycomp_setup.exe.Kill'em
_is7233.exe.Kill'em
{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\Software\Search Settings
Deleted : HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCR\EoRezoBHO.EoBho
Deleted : HKCR\EoRezoBHO.EoBho.1
Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Deleted : HKCR\SearchSettings.BHO
Deleted : HKCR\SearchSettings.BHO.1
Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\SOFTWARE\fcn
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCU\SOFTWARE\OOO
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Deleted : HKLM\Software\Dealio
Deleted : HKLM\SOFTWARE\EoRezo
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\SOFTWARE\OOO
============
Disk Cleaned
============
================
Prefetch cleaned :
================
AgAppLaunch.db
AgCx_S1_S-1-5-21-878254511-3643810499-2642686041-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgGlUAD_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 22:32:59 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 143,79 Go (10,29 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 143,56 Go (103,02 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 516
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\csrss.exe 696
C:\Windows\system32\wininit.exe 704
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\services.exe 784
C:\Windows\system32\lsass.exe 824
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1168
C:\Windows\System32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1372
C:\Windows\system32\svchost.exe 1412
C:\Windows\system32\svchost.exe 1568
D:\Avast\aswUpdSv.exe 1736
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\system32\svchost.exe 1844
C:\Acer\ALaunch\ALaunchSvc.exe 212
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 356
C:\Program Files\Bonjour\mDNSResponder.exe 380
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 396
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 828
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1332
C:\Windows\system32\FsUsbExService.Exe 1576
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 404
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2092
C:\Acer\Mobility Center\MobilityService.exe 2124
C:\Windows\System32\svchost.exe 2148
C:\Windows\System32\svchost.exe 2224
C:\Windows\system32\svchost.exe 2248
C:\Program Files\RelevantKnowledge\rlservice.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2300
C:\ProgramData\SeekappSrch\seekapp167.exe 2340
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\DRIVERS\xaudio.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2556
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2612
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2724
C:\Windows\system32\wbem\wmiprvse.exe 2832
C:\Windows\system32\wbem\wmiprvse.exe 2944
C:\Windows\system32\wbem\unsecapp.exe 3028
C:\Windows\system32\taskeng.exe 3436
C:\Program Files\Windows Media Player\wmpnetwk.exe 4064
C:\Windows\system32\taskeng.exe 2692
C:\Windows\system32\Dwm.exe 3872
C:\Windows\Explorer.EXE 900
C:\Program Files\Apoint2K\Apoint.exe 3636
C:\Windows\RtHDVCpl.exe 4032
C:\Program Files\SeekappSrch\seekappsrch.exe 3052
C:\Windows\System32\rundll32.exe 2236
D:\WinAmp\winampa.exe 2908
C:\Program Files\Search Settings\SearchSettings.exe 3940
C:\Program Files\Java\jre6\bin\jusched.exe 3780
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3524
C:\Windows\ehome\ehtray.exe 4080
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2336
C:\Program Files\Windows Media Player\wmpnscfg.exe 2104
C:\Users\ANTOINE\AppData\Local\ekcagd.exe 3840
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3984
C:\Windows\System32\rundll32.exe 3324
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3920
C:\Program Files\Apoint2K\ApMsgFwd.exe 2056
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe 4256
C:\Program Files\Apoint2K\Apntex.exe 4272
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE 4348
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4392
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4404
C:\Windows\system32\wuauclt.exe 4444
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\ehome\ehmsas.exe 4748
C:\Program Files\RelevantKnowledge\rlvknlg.exe 5064
C:\Windows\system32\WerFault.exe 5152
C:\Acer\Empowering Technology\eAudio\eAudio.exe 5692
C:\Windows\system32\conime.exe 5932
C:\Program Files\Windows Live\Contacts\wlcomm.exe 5104
D:\Opera\opera.exe 2316
C:\Windows\system32\notepad.exe 5744
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 5624
C:\Program Files\WinRAR\WinRAR.exe 4560
C:\Users\ANTOINE\AppData\Local\Temp\Rar$DI00.076\List_Kill'em.scr 768
C:\Windows\system32\cmd.exe 3136
C:\Users\ANTOINE\AppData\Local\Temp\FFA4.tmp\pv.exe 3952
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata19.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt19.sqm
"C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}"
"C:\Program Files\RelevantKnowledge"
"C:\Program Files\Search Settings"
"C:\Windows\System32\ACER.exe"
C:\Windows\System32\autorun.inf
"C:\Windows\System32\drivers\etc\hosts.msn"
"C:\Windows\system32\MSINET.oca"
"C:\Windows\system32\x64"
C:\Users\ANTOINE\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\AutoRun.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD3810.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD5AFA.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD8259.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EADE9A2.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\eauninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ffmpeg3.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\First15.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\GoogleUpdateSetup.exe66a9ceb
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\mdx-oct-2005.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\MsgPlusUninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ose00000.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl24E2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl258A.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl5E55.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylB1B2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylBA97.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylCA16.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\The Sims 2_uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\UNINSTAL.EXE
C:\Users\ANTOINE\LOCAL Settings\Temp\unwise.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0ca1.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0e40.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_10ed.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_9d35.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\VP6Install.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\xmlUpdater.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ycomp_setup.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\_is7233.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp120E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1260.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1803.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp19F0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1E8C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2012.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp21ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp223D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp22E2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp244.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp27EF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2C21.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2DF3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2F4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2FCB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp300.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3017.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3043.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3582.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp366D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp384A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3BF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3E38.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp403E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp42ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4725.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4A5A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4C8A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4DD7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4F7A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp516B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5E6A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5FCD.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6049.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6187.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp67F6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6A1E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp70BA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp719D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp730E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7AC1.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7B9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7BA9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8196.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8321.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp87E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp89BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8C68.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8DCE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9149.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9668.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9AFC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9ED0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA075.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA58B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA9DA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpADF2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB329.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB40F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB6F3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBA23.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBD78.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBE01.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC095.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC0C4.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC50.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC69.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCAAF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCABF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD492.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD4CC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD680.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD80C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD8A6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDC76.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDD05.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE087.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0C9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0D5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE4AA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE646.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA25.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA81.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpECF5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF114.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF3AB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF48F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF7BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF89B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF9FD.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
09393D62-FA46-408b-9A69-833FB7E70874.exe.Kill'em
acer.exe.Kill'em
AutoRun.exe.Kill'em
autorun.inf.Kill'em
B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe.Kill'em
EAD3810.exe.Kill'em
EAD5AFA.exe.Kill'em
EAD8259.exe.Kill'em
EADE9A2.exe.Kill'em
eauninstall.exe.Kill'em
ffmpeg3.exe.Kill'em
First15.exe.Kill'em
FlashPlayerUpdate.exe.Kill'em
GoogleUpdateSetup.exe66a9ceb.Kill'em
hosts.msn.Kill'em
jre-6u15-windows-i586-iftw.exe.Kill'em
jre-6u17-windows-i586-iftw-rv.exe.Kill'em
mdx-oct-2005.exe.Kill'em
MsgPlusUninstall.exe.Kill'em
MSINET.oca.Kill'em
ose00000.exe.Kill'em
pyl24E2.tmp.exe.Kill'em
pyl258A.tmp.exe.Kill'em
pyl5E55.tmp.exe.Kill'em
pylB1B2.tmp.exe.Kill'em
pylBA97.tmp.exe.Kill'em
pylCA16.tmp.exe.Kill'em
RelevantKnowledge.Kill'em
RtkBtMnt.exe.Kill'em
Search Settings.Kill'em
sqmdata05.sqm.Kill'em
sqmdata06.sqm.Kill'em
sqmdata07.sqm.Kill'em
sqmdata08.sqm.Kill'em
sqmdata09.sqm.Kill'em
sqmdata10.sqm.Kill'em
sqmdata11.sqm.Kill'em
sqmdata12.sqm.Kill'em
sqmdata13.sqm.Kill'em
sqmdata14.sqm.Kill'em
sqmdata15.sqm.Kill'em
sqmdata16.sqm.Kill'em
sqmdata19.sqm.Kill'em
sqmnoopt05.sqm.Kill'em
sqmnoopt06.sqm.Kill'em
sqmnoopt07.sqm.Kill'em
sqmnoopt08.sqm.Kill'em
sqmnoopt09.sqm.Kill'em
sqmnoopt10.sqm.Kill'em
sqmnoopt11.sqm.Kill'em
sqmnoopt12.sqm.Kill'em
sqmnoopt13.sqm.Kill'em
sqmnoopt14.sqm.Kill'em
sqmnoopt15.sqm.Kill'em
sqmnoopt16.sqm.Kill'em
sqmnoopt19.sqm.Kill'em
The Sims 2_uninst.exe.Kill'em
tmp120E.tmp.Kill'em
tmp1260.tmp.Kill'em
tmp1364.tmp.Kill'em
tmp1803.tmp.Kill'em
tmp19F0.tmp.Kill'em
tmp1E8C.tmp.Kill'em
tmp2012.tmp.Kill'em
tmp21ED.tmp.Kill'em
tmp223D.tmp.Kill'em
tmp22E2.tmp.Kill'em
tmp244.tmp.Kill'em
tmp2791.tmp.Kill'em
tmp27EF.tmp.Kill'em
tmp2C21.tmp.Kill'em
tmp2DF3.tmp.Kill'em
tmp2F4A.tmp.Kill'em
tmp2FCB.tmp.Kill'em
tmp300.tmp.Kill'em
tmp3017.tmp.Kill'em
tmp3043.tmp.Kill'em
tmp3582.tmp.Kill'em
tmp366D.tmp.Kill'em
tmp384A.tmp.Kill'em
tmp3BF.tmp.Kill'em
tmp3E38.tmp.Kill'em
tmp403E.tmp.Kill'em
tmp42ED.tmp.Kill'em
tmp4725.tmp.Kill'em
tmp4A5A.tmp.Kill'em
tmp4C8A.tmp.Kill'em
tmp4DD7.tmp.Kill'em
tmp4F7A.tmp.Kill'em
tmp516B.tmp.Kill'em
tmp5E6A.tmp.Kill'em
tmp5FCD.tmp.Kill'em
tmp6049.tmp.Kill'em
tmp6187.tmp.Kill'em
tmp67F6.tmp.Kill'em
tmp6A1E.tmp.Kill'em
tmp6E.tmp.Kill'em
tmp70BA.tmp.Kill'em
tmp719D.tmp.Kill'em
tmp730E.tmp.Kill'em
tmp7AC1.tmp.Kill'em
tmp7B9C.tmp.Kill'em
tmp7BA9.tmp.Kill'em
tmp8196.tmp.Kill'em
tmp8321.tmp.Kill'em
tmp87E.tmp.Kill'em
tmp89BE.tmp.Kill'em
tmp8C68.tmp.Kill'em
tmp8DCE.tmp.Kill'em
tmp9149.tmp.Kill'em
tmp9668.tmp.Kill'em
tmp9AFC.tmp.Kill'em
tmp9ED0.tmp.Kill'em
tmpA075.tmp.Kill'em
tmpA58B.tmp.Kill'em
tmpA9DA.tmp.Kill'em
tmpADF2.tmp.Kill'em
tmpB329.tmp.Kill'em
tmpB40F.tmp.Kill'em
tmpB6F3.tmp.Kill'em
tmpB9C.tmp.Kill'em
tmpBA23.tmp.Kill'em
tmpBD78.tmp.Kill'em
tmpBE01.tmp.Kill'em
tmpC095.tmp.Kill'em
tmpC0C4.tmp.Kill'em
tmpC50.tmp.Kill'em
tmpC69.tmp.Kill'em
tmpCAAF.tmp.Kill'em
tmpCABF.tmp.Kill'em
tmpD492.tmp.Kill'em
tmpD4CC.tmp.Kill'em
tmpD680.tmp.Kill'em
tmpD80C.tmp.Kill'em
tmpD8A6.tmp.Kill'em
tmpDC76.tmp.Kill'em
tmpDD05.tmp.Kill'em
tmpE087.tmp.Kill'em
tmpE0C9.tmp.Kill'em
tmpE0D5.tmp.Kill'em
tmpE4AA.tmp.Kill'em
tmpE646.tmp.Kill'em
tmpEA25.tmp.Kill'em
tmpEA81.tmp.Kill'em
tmpEC4A.tmp.Kill'em
tmpEC7.tmp.Kill'em
tmpECF5.tmp.Kill'em
tmpF114.tmp.Kill'em
tmpF3AB.tmp.Kill'em
tmpF48F.tmp.Kill'em
tmpF7BE.tmp.Kill'em
tmpF89B.tmp.Kill'em
tmpF9FD.tmp.Kill'em
uninst.exe.Kill'em
UNINSTAL.EXE.Kill'em
unwise.exe.Kill'em
Update_0ca1.exe.Kill'em
Update_0e40.exe.Kill'em
Update_10ed.exe.Kill'em
Update_9d35.exe.Kill'em
VP6Install.exe.Kill'em
wlsetup-cvr.exe.Kill'em
x64.Kill'em
xmlUpdater.exe.Kill'em
ycomp_setup.exe.Kill'em
_is7233.exe.Kill'em
{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\Software\Search Settings
Deleted : HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCR\EoRezoBHO.EoBho
Deleted : HKCR\EoRezoBHO.EoBho.1
Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Deleted : HKCR\SearchSettings.BHO
Deleted : HKCR\SearchSettings.BHO.1
Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\SOFTWARE\fcn
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCU\SOFTWARE\OOO
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Deleted : HKLM\Software\Dealio
Deleted : HKLM\SOFTWARE\EoRezo
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\SOFTWARE\OOO
============
Disk Cleaned
============
================
Prefetch cleaned :
================
AgAppLaunch.db
AgCx_S1_S-1-5-21-878254511-3643810499-2642686041-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgGlUAD_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.1.5.0
User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 22:32:59 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 143,79 Go (10,29 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 143,56 Go (103,02 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 516
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\csrss.exe 696
C:\Windows\system32\wininit.exe 704
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\services.exe 784
C:\Windows\system32\lsass.exe 824
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1168
C:\Windows\System32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1372
C:\Windows\system32\svchost.exe 1412
C:\Windows\system32\svchost.exe 1568
D:\Avast\aswUpdSv.exe 1736
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\system32\svchost.exe 1844
C:\Acer\ALaunch\ALaunchSvc.exe 212
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 356
C:\Program Files\Bonjour\mDNSResponder.exe 380
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 396
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 828
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1332
C:\Windows\system32\FsUsbExService.Exe 1576
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 404
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2092
C:\Acer\Mobility Center\MobilityService.exe 2124
C:\Windows\System32\svchost.exe 2148
C:\Windows\System32\svchost.exe 2224
C:\Windows\system32\svchost.exe 2248
C:\Program Files\RelevantKnowledge\rlservice.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2300
C:\ProgramData\SeekappSrch\seekapp167.exe 2340
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\DRIVERS\xaudio.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2556
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2612
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2724
C:\Windows\system32\wbem\wmiprvse.exe 2832
C:\Windows\system32\wbem\wmiprvse.exe 2944
C:\Windows\system32\wbem\unsecapp.exe 3028
C:\Windows\system32\taskeng.exe 3436
C:\Program Files\Windows Media Player\wmpnetwk.exe 4064
C:\Windows\system32\taskeng.exe 2692
C:\Windows\system32\Dwm.exe 3872
C:\Windows\Explorer.EXE 900
C:\Program Files\Apoint2K\Apoint.exe 3636
C:\Windows\RtHDVCpl.exe 4032
C:\Program Files\SeekappSrch\seekappsrch.exe 3052
C:\Windows\System32\rundll32.exe 2236
D:\WinAmp\winampa.exe 2908
C:\Program Files\Search Settings\SearchSettings.exe 3940
C:\Program Files\Java\jre6\bin\jusched.exe 3780
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3524
C:\Windows\ehome\ehtray.exe 4080
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2336
C:\Program Files\Windows Media Player\wmpnscfg.exe 2104
C:\Users\ANTOINE\AppData\Local\ekcagd.exe 3840
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3984
C:\Windows\System32\rundll32.exe 3324
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3920
C:\Program Files\Apoint2K\ApMsgFwd.exe 2056
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe 4256
C:\Program Files\Apoint2K\Apntex.exe 4272
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE 4348
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4392
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4404
C:\Windows\system32\wuauclt.exe 4444
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\ehome\ehmsas.exe 4748
C:\Program Files\RelevantKnowledge\rlvknlg.exe 5064
C:\Windows\system32\WerFault.exe 5152
C:\Acer\Empowering Technology\eAudio\eAudio.exe 5692
C:\Windows\system32\conime.exe 5932
C:\Program Files\Windows Live\Contacts\wlcomm.exe 5104
D:\Opera\opera.exe 2316
C:\Windows\system32\notepad.exe 5744
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 5624
C:\Program Files\WinRAR\WinRAR.exe 4560
C:\Users\ANTOINE\AppData\Local\Temp\Rar$DI00.076\List_Kill'em.scr 768
C:\Windows\system32\cmd.exe 3136
C:\Users\ANTOINE\AppData\Local\Temp\FFA4.tmp\pv.exe 3952
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata19.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt19.sqm
"C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}"
"C:\Program Files\RelevantKnowledge"
"C:\Program Files\Search Settings"
"C:\Windows\System32\ACER.exe"
C:\Windows\System32\autorun.inf
"C:\Windows\System32\drivers\etc\hosts.msn"
"C:\Windows\system32\MSINET.oca"
"C:\Windows\system32\x64"
C:\Users\ANTOINE\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\AutoRun.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD3810.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD5AFA.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD8259.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EADE9A2.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\eauninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ffmpeg3.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\First15.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\GoogleUpdateSetup.exe66a9ceb
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\mdx-oct-2005.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\MsgPlusUninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ose00000.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl24E2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl258A.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl5E55.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylB1B2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylBA97.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylCA16.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\The Sims 2_uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\UNINSTAL.EXE
C:\Users\ANTOINE\LOCAL Settings\Temp\unwise.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0ca1.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0e40.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_10ed.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_9d35.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\VP6Install.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\xmlUpdater.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ycomp_setup.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\_is7233.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp120E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1260.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1803.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp19F0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1E8C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2012.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp21ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp223D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp22E2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp244.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp27EF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2C21.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2DF3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2F4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2FCB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp300.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3017.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3043.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3582.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp366D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp384A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3BF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3E38.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp403E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp42ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4725.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4A5A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4C8A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4DD7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4F7A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp516B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5E6A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5FCD.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6049.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6187.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp67F6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6A1E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp70BA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp719D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp730E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7AC1.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7B9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7BA9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8196.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8321.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp87E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp89BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8C68.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8DCE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9149.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9668.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9AFC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9ED0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA075.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA58B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA9DA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpADF2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB329.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB40F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB6F3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBA23.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBD78.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBE01.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC095.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC0C4.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC50.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC69.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCAAF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCABF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD492.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD4CC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD680.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD80C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD8A6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDC76.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDD05.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE087.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0C9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0D5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE4AA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE646.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA25.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA81.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpECF5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF114.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF3AB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF48F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF7BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF89B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF9FD.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
09393D62-FA46-408b-9A69-833FB7E70874.exe.Kill'em
acer.exe.Kill'em
AutoRun.exe.Kill'em
autorun.inf.Kill'em
B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe.Kill'em
EAD3810.exe.Kill'em
EAD5AFA.exe.Kill'em
EAD8259.exe.Kill'em
EADE9A2.exe.Kill'em
eauninstall.exe.Kill'em
ffmpeg3.exe.Kill'em
First15.exe.Kill'em
FlashPlayerUpdate.exe.Kill'em
GoogleUpdateSetup.exe66a9ceb.Kill'em
hosts.msn.Kill'em
jre-6u15-windows-i586-iftw.exe.Kill'em
jre-6u17-windows-i586-iftw-rv.exe.Kill'em
mdx-oct-2005.exe.Kill'em
MsgPlusUninstall.exe.Kill'em
MSINET.oca.Kill'em
ose00000.exe.Kill'em
pyl24E2.tmp.exe.Kill'em
pyl258A.tmp.exe.Kill'em
pyl5E55.tmp.exe.Kill'em
pylB1B2.tmp.exe.Kill'em
pylBA97.tmp.exe.Kill'em
pylCA16.tmp.exe.Kill'em
RelevantKnowledge.Kill'em
RtkBtMnt.exe.Kill'em
Search Settings.Kill'em
sqmdata05.sqm.Kill'em
sqmdata06.sqm.Kill'em
sqmdata07.sqm.Kill'em
sqmdata08.sqm.Kill'em
sqmdata09.sqm.Kill'em
sqmdata10.sqm.Kill'em
sqmdata11.sqm.Kill'em
sqmdata12.sqm.Kill'em
sqmdata13.sqm.Kill'em
sqmdata14.sqm.Kill'em
sqmdata15.sqm.Kill'em
sqmdata16.sqm.Kill'em
sqmdata19.sqm.Kill'em
sqmnoopt05.sqm.Kill'em
sqmnoopt06.sqm.Kill'em
sqmnoopt07.sqm.Kill'em
sqmnoopt08.sqm.Kill'em
sqmnoopt09.sqm.Kill'em
sqmnoopt10.sqm.Kill'em
sqmnoopt11.sqm.Kill'em
sqmnoopt12.sqm.Kill'em
sqmnoopt13.sqm.Kill'em
sqmnoopt14.sqm.Kill'em
sqmnoopt15.sqm.Kill'em
sqmnoopt16.sqm.Kill'em
sqmnoopt19.sqm.Kill'em
The Sims 2_uninst.exe.Kill'em
tmp120E.tmp.Kill'em
tmp1260.tmp.Kill'em
tmp1364.tmp.Kill'em
tmp1803.tmp.Kill'em
tmp19F0.tmp.Kill'em
tmp1E8C.tmp.Kill'em
tmp2012.tmp.Kill'em
tmp21ED.tmp.Kill'em
tmp223D.tmp.Kill'em
tmp22E2.tmp.Kill'em
tmp244.tmp.Kill'em
tmp2791.tmp.Kill'em
tmp27EF.tmp.Kill'em
tmp2C21.tmp.Kill'em
tmp2DF3.tmp.Kill'em
tmp2F4A.tmp.Kill'em
tmp2FCB.tmp.Kill'em
tmp300.tmp.Kill'em
tmp3017.tmp.Kill'em
tmp3043.tmp.Kill'em
tmp3582.tmp.Kill'em
tmp366D.tmp.Kill'em
tmp384A.tmp.Kill'em
tmp3BF.tmp.Kill'em
tmp3E38.tmp.Kill'em
tmp403E.tmp.Kill'em
tmp42ED.tmp.Kill'em
tmp4725.tmp.Kill'em
tmp4A5A.tmp.Kill'em
tmp4C8A.tmp.Kill'em
tmp4DD7.tmp.Kill'em
tmp4F7A.tmp.Kill'em
tmp516B.tmp.Kill'em
tmp5E6A.tmp.Kill'em
tmp5FCD.tmp.Kill'em
tmp6049.tmp.Kill'em
tmp6187.tmp.Kill'em
tmp67F6.tmp.Kill'em
tmp6A1E.tmp.Kill'em
tmp6E.tmp.Kill'em
tmp70BA.tmp.Kill'em
tmp719D.tmp.Kill'em
tmp730E.tmp.Kill'em
tmp7AC1.tmp.Kill'em
tmp7B9C.tmp.Kill'em
tmp7BA9.tmp.Kill'em
tmp8196.tmp.Kill'em
tmp8321.tmp.Kill'em
tmp87E.tmp.Kill'em
tmp89BE.tmp.Kill'em
tmp8C68.tmp.Kill'em
tmp8DCE.tmp.Kill'em
tmp9149.tmp.Kill'em
tmp9668.tmp.Kill'em
tmp9AFC.tmp.Kill'em
tmp9ED0.tmp.Kill'em
tmpA075.tmp.Kill'em
tmpA58B.tmp.Kill'em
tmpA9DA.tmp.Kill'em
tmpADF2.tmp.Kill'em
tmpB329.tmp.Kill'em
tmpB40F.tmp.Kill'em
tmpB6F3.tmp.Kill'em
tmpB9C.tmp.Kill'em
tmpBA23.tmp.Kill'em
tmpBD78.tmp.Kill'em
tmpBE01.tmp.Kill'em
tmpC095.tmp.Kill'em
tmpC0C4.tmp.Kill'em
tmpC50.tmp.Kill'em
tmpC69.tmp.Kill'em
tmpCAAF.tmp.Kill'em
tmpCABF.tmp.Kill'em
tmpD492.tmp.Kill'em
tmpD4CC.tmp.Kill'em
tmpD680.tmp.Kill'em
tmpD80C.tmp.Kill'em
tmpD8A6.tmp.Kill'em
tmpDC76.tmp.Kill'em
tmpDD05.tmp.Kill'em
tmpE087.tmp.Kill'em
tmpE0C9.tmp.Kill'em
tmpE0D5.tmp.Kill'em
tmpE4AA.tmp.Kill'em
tmpE646.tmp.Kill'em
tmpEA25.tmp.Kill'em
tmpEA81.tmp.Kill'em
tmpEC4A.tmp.Kill'em
tmpEC7.tmp.Kill'em
tmpECF5.tmp.Kill'em
tmpF114.tmp.Kill'em
tmpF3AB.tmp.Kill'em
tmpF48F.tmp.Kill'em
tmpF7BE.tmp.Kill'em
tmpF89B.tmp.Kill'em
tmpF9FD.tmp.Kill'em
uninst.exe.Kill'em
UNINSTAL.EXE.Kill'em
unwise.exe.Kill'em
Update_0ca1.exe.Kill'em
Update_0e40.exe.Kill'em
Update_10ed.exe.Kill'em
Update_9d35.exe.Kill'em
VP6Install.exe.Kill'em
wlsetup-cvr.exe.Kill'em
x64.Kill'em
xmlUpdater.exe.Kill'em
ycomp_setup.exe.Kill'em
_is7233.exe.Kill'em
{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\Software\Search Settings
Deleted : HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCR\EoRezoBHO.EoBho
Deleted : HKCR\EoRezoBHO.EoBho.1
Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Deleted : HKCR\SearchSettings.BHO
Deleted : HKCR\SearchSettings.BHO.1
Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\SOFTWARE\fcn
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCU\SOFTWARE\OOO
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Deleted : HKLM\Software\Dealio
Deleted : HKLM\SOFTWARE\EoRezo
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\SOFTWARE\OOO
============
Disk Cleaned
============
================
Prefetch cleaned :
================
AgAppLaunch.db
AgCx_S1_S-1-5-21-878254511-3643810499-2642686041-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgGlUAD_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Voila la premiere partie, Mais la suite est sure ?
User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 22:32:59 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 143,79 Go (10,29 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 143,56 Go (103,02 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 516
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\csrss.exe 696
C:\Windows\system32\wininit.exe 704
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\services.exe 784
C:\Windows\system32\lsass.exe 824
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1168
C:\Windows\System32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1372
C:\Windows\system32\svchost.exe 1412
C:\Windows\system32\svchost.exe 1568
D:\Avast\aswUpdSv.exe 1736
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\system32\svchost.exe 1844
C:\Acer\ALaunch\ALaunchSvc.exe 212
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 356
C:\Program Files\Bonjour\mDNSResponder.exe 380
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 396
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 828
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1332
C:\Windows\system32\FsUsbExService.Exe 1576
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 404
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2092
C:\Acer\Mobility Center\MobilityService.exe 2124
C:\Windows\System32\svchost.exe 2148
C:\Windows\System32\svchost.exe 2224
C:\Windows\system32\svchost.exe 2248
C:\Program Files\RelevantKnowledge\rlservice.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2300
C:\ProgramData\SeekappSrch\seekapp167.exe 2340
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\DRIVERS\xaudio.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2556
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2612
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2724
C:\Windows\system32\wbem\wmiprvse.exe 2832
C:\Windows\system32\wbem\wmiprvse.exe 2944
C:\Windows\system32\wbem\unsecapp.exe 3028
C:\Windows\system32\taskeng.exe 3436
C:\Program Files\Windows Media Player\wmpnetwk.exe 4064
C:\Windows\system32\taskeng.exe 2692
C:\Windows\system32\Dwm.exe 3872
C:\Windows\Explorer.EXE 900
C:\Program Files\Apoint2K\Apoint.exe 3636
C:\Windows\RtHDVCpl.exe 4032
C:\Program Files\SeekappSrch\seekappsrch.exe 3052
C:\Windows\System32\rundll32.exe 2236
D:\WinAmp\winampa.exe 2908
C:\Program Files\Search Settings\SearchSettings.exe 3940
C:\Program Files\Java\jre6\bin\jusched.exe 3780
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3524
C:\Windows\ehome\ehtray.exe 4080
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2336
C:\Program Files\Windows Media Player\wmpnscfg.exe 2104
C:\Users\ANTOINE\AppData\Local\ekcagd.exe 3840
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3984
C:\Windows\System32\rundll32.exe 3324
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3920
C:\Program Files\Apoint2K\ApMsgFwd.exe 2056
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe 4256
C:\Program Files\Apoint2K\Apntex.exe 4272
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE 4348
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4392
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4404
C:\Windows\system32\wuauclt.exe 4444
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\ehome\ehmsas.exe 4748
C:\Program Files\RelevantKnowledge\rlvknlg.exe 5064
C:\Windows\system32\WerFault.exe 5152
C:\Acer\Empowering Technology\eAudio\eAudio.exe 5692
C:\Windows\system32\conime.exe 5932
C:\Program Files\Windows Live\Contacts\wlcomm.exe 5104
D:\Opera\opera.exe 2316
C:\Windows\system32\notepad.exe 5744
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 5624
C:\Program Files\WinRAR\WinRAR.exe 4560
C:\Users\ANTOINE\AppData\Local\Temp\Rar$DI00.076\List_Kill'em.scr 768
C:\Windows\system32\cmd.exe 3136
C:\Users\ANTOINE\AppData\Local\Temp\FFA4.tmp\pv.exe 3952
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata19.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt19.sqm
"C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}"
"C:\Program Files\RelevantKnowledge"
"C:\Program Files\Search Settings"
"C:\Windows\System32\ACER.exe"
C:\Windows\System32\autorun.inf
"C:\Windows\System32\drivers\etc\hosts.msn"
"C:\Windows\system32\MSINET.oca"
"C:\Windows\system32\x64"
C:\Users\ANTOINE\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\AutoRun.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD3810.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD5AFA.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD8259.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EADE9A2.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\eauninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ffmpeg3.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\First15.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\GoogleUpdateSetup.exe66a9ceb
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\mdx-oct-2005.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\MsgPlusUninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ose00000.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl24E2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl258A.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl5E55.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylB1B2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylBA97.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylCA16.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\The Sims 2_uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\UNINSTAL.EXE
C:\Users\ANTOINE\LOCAL Settings\Temp\unwise.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0ca1.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0e40.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_10ed.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_9d35.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\VP6Install.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\xmlUpdater.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ycomp_setup.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\_is7233.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp120E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1260.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1803.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp19F0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1E8C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2012.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp21ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp223D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp22E2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp244.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp27EF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2C21.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2DF3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2F4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2FCB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp300.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3017.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3043.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3582.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp366D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp384A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3BF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3E38.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp403E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp42ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4725.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4A5A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4C8A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4DD7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4F7A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp516B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5E6A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5FCD.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6049.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6187.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp67F6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6A1E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp70BA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp719D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp730E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7AC1.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7B9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7BA9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8196.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8321.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp87E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp89BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8C68.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8DCE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9149.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9668.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9AFC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9ED0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA075.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA58B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA9DA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpADF2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB329.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB40F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB6F3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBA23.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBD78.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBE01.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC095.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC0C4.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC50.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC69.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCAAF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCABF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD492.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD4CC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD680.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD80C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD8A6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDC76.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDD05.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE087.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0C9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0D5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE4AA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE646.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA25.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA81.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpECF5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF114.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF3AB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF48F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF7BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF89B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF9FD.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
09393D62-FA46-408b-9A69-833FB7E70874.exe.Kill'em
acer.exe.Kill'em
AutoRun.exe.Kill'em
autorun.inf.Kill'em
B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe.Kill'em
EAD3810.exe.Kill'em
EAD5AFA.exe.Kill'em
EAD8259.exe.Kill'em
EADE9A2.exe.Kill'em
eauninstall.exe.Kill'em
ffmpeg3.exe.Kill'em
First15.exe.Kill'em
FlashPlayerUpdate.exe.Kill'em
GoogleUpdateSetup.exe66a9ceb.Kill'em
hosts.msn.Kill'em
jre-6u15-windows-i586-iftw.exe.Kill'em
jre-6u17-windows-i586-iftw-rv.exe.Kill'em
mdx-oct-2005.exe.Kill'em
MsgPlusUninstall.exe.Kill'em
MSINET.oca.Kill'em
ose00000.exe.Kill'em
pyl24E2.tmp.exe.Kill'em
pyl258A.tmp.exe.Kill'em
pyl5E55.tmp.exe.Kill'em
pylB1B2.tmp.exe.Kill'em
pylBA97.tmp.exe.Kill'em
pylCA16.tmp.exe.Kill'em
RelevantKnowledge.Kill'em
RtkBtMnt.exe.Kill'em
Search Settings.Kill'em
sqmdata05.sqm.Kill'em
sqmdata06.sqm.Kill'em
sqmdata07.sqm.Kill'em
sqmdata08.sqm.Kill'em
sqmdata09.sqm.Kill'em
sqmdata10.sqm.Kill'em
sqmdata11.sqm.Kill'em
sqmdata12.sqm.Kill'em
sqmdata13.sqm.Kill'em
sqmdata14.sqm.Kill'em
sqmdata15.sqm.Kill'em
sqmdata16.sqm.Kill'em
sqmdata19.sqm.Kill'em
sqmnoopt05.sqm.Kill'em
sqmnoopt06.sqm.Kill'em
sqmnoopt07.sqm.Kill'em
sqmnoopt08.sqm.Kill'em
sqmnoopt09.sqm.Kill'em
sqmnoopt10.sqm.Kill'em
sqmnoopt11.sqm.Kill'em
sqmnoopt12.sqm.Kill'em
sqmnoopt13.sqm.Kill'em
sqmnoopt14.sqm.Kill'em
sqmnoopt15.sqm.Kill'em
sqmnoopt16.sqm.Kill'em
sqmnoopt19.sqm.Kill'em
The Sims 2_uninst.exe.Kill'em
tmp120E.tmp.Kill'em
tmp1260.tmp.Kill'em
tmp1364.tmp.Kill'em
tmp1803.tmp.Kill'em
tmp19F0.tmp.Kill'em
tmp1E8C.tmp.Kill'em
tmp2012.tmp.Kill'em
tmp21ED.tmp.Kill'em
tmp223D.tmp.Kill'em
tmp22E2.tmp.Kill'em
tmp244.tmp.Kill'em
tmp2791.tmp.Kill'em
tmp27EF.tmp.Kill'em
tmp2C21.tmp.Kill'em
tmp2DF3.tmp.Kill'em
tmp2F4A.tmp.Kill'em
tmp2FCB.tmp.Kill'em
tmp300.tmp.Kill'em
tmp3017.tmp.Kill'em
tmp3043.tmp.Kill'em
tmp3582.tmp.Kill'em
tmp366D.tmp.Kill'em
tmp384A.tmp.Kill'em
tmp3BF.tmp.Kill'em
tmp3E38.tmp.Kill'em
tmp403E.tmp.Kill'em
tmp42ED.tmp.Kill'em
tmp4725.tmp.Kill'em
tmp4A5A.tmp.Kill'em
tmp4C8A.tmp.Kill'em
tmp4DD7.tmp.Kill'em
tmp4F7A.tmp.Kill'em
tmp516B.tmp.Kill'em
tmp5E6A.tmp.Kill'em
tmp5FCD.tmp.Kill'em
tmp6049.tmp.Kill'em
tmp6187.tmp.Kill'em
tmp67F6.tmp.Kill'em
tmp6A1E.tmp.Kill'em
tmp6E.tmp.Kill'em
tmp70BA.tmp.Kill'em
tmp719D.tmp.Kill'em
tmp730E.tmp.Kill'em
tmp7AC1.tmp.Kill'em
tmp7B9C.tmp.Kill'em
tmp7BA9.tmp.Kill'em
tmp8196.tmp.Kill'em
tmp8321.tmp.Kill'em
tmp87E.tmp.Kill'em
tmp89BE.tmp.Kill'em
tmp8C68.tmp.Kill'em
tmp8DCE.tmp.Kill'em
tmp9149.tmp.Kill'em
tmp9668.tmp.Kill'em
tmp9AFC.tmp.Kill'em
tmp9ED0.tmp.Kill'em
tmpA075.tmp.Kill'em
tmpA58B.tmp.Kill'em
tmpA9DA.tmp.Kill'em
tmpADF2.tmp.Kill'em
tmpB329.tmp.Kill'em
tmpB40F.tmp.Kill'em
tmpB6F3.tmp.Kill'em
tmpB9C.tmp.Kill'em
tmpBA23.tmp.Kill'em
tmpBD78.tmp.Kill'em
tmpBE01.tmp.Kill'em
tmpC095.tmp.Kill'em
tmpC0C4.tmp.Kill'em
tmpC50.tmp.Kill'em
tmpC69.tmp.Kill'em
tmpCAAF.tmp.Kill'em
tmpCABF.tmp.Kill'em
tmpD492.tmp.Kill'em
tmpD4CC.tmp.Kill'em
tmpD680.tmp.Kill'em
tmpD80C.tmp.Kill'em
tmpD8A6.tmp.Kill'em
tmpDC76.tmp.Kill'em
tmpDD05.tmp.Kill'em
tmpE087.tmp.Kill'em
tmpE0C9.tmp.Kill'em
tmpE0D5.tmp.Kill'em
tmpE4AA.tmp.Kill'em
tmpE646.tmp.Kill'em
tmpEA25.tmp.Kill'em
tmpEA81.tmp.Kill'em
tmpEC4A.tmp.Kill'em
tmpEC7.tmp.Kill'em
tmpECF5.tmp.Kill'em
tmpF114.tmp.Kill'em
tmpF3AB.tmp.Kill'em
tmpF48F.tmp.Kill'em
tmpF7BE.tmp.Kill'em
tmpF89B.tmp.Kill'em
tmpF9FD.tmp.Kill'em
uninst.exe.Kill'em
UNINSTAL.EXE.Kill'em
unwise.exe.Kill'em
Update_0ca1.exe.Kill'em
Update_0e40.exe.Kill'em
Update_10ed.exe.Kill'em
Update_9d35.exe.Kill'em
VP6Install.exe.Kill'em
wlsetup-cvr.exe.Kill'em
x64.Kill'em
xmlUpdater.exe.Kill'em
ycomp_setup.exe.Kill'em
_is7233.exe.Kill'em
{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\Software\Search Settings
Deleted : HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCR\EoRezoBHO.EoBho
Deleted : HKCR\EoRezoBHO.EoBho.1
Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Deleted : HKCR\SearchSettings.BHO
Deleted : HKCR\SearchSettings.BHO.1
Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\SOFTWARE\fcn
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCU\SOFTWARE\OOO
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Deleted : HKLM\Software\Dealio
Deleted : HKLM\SOFTWARE\EoRezo
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\SOFTWARE\OOO
============
Disk Cleaned
============
================
Prefetch cleaned :
================
AgAppLaunch.db
AgCx_S1_S-1-5-21-878254511-3643810499-2642686041-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgGlUAD_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Voila la premiere partie, Mais la suite est sure ?
Kill'em by g3n-h@ckm@n 1.1.5.0
User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 22:32:59 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 143,79 Go (10,29 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 143,56 Go (103,02 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 516
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\csrss.exe 696
C:\Windows\system32\wininit.exe 704
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\services.exe 784
C:\Windows\system32\lsass.exe 824
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1168
C:\Windows\System32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1372
C:\Windows\system32\svchost.exe 1412
C:\Windows\system32\svchost.exe 1568
D:\Avast\aswUpdSv.exe 1736
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\system32\svchost.exe 1844
C:\Acer\ALaunch\ALaunchSvc.exe 212
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 356
C:\Program Files\Bonjour\mDNSResponder.exe 380
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 396
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 828
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1332
C:\Windows\system32\FsUsbExService.Exe 1576
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 404
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2092
C:\Acer\Mobility Center\MobilityService.exe 2124
C:\Windows\System32\svchost.exe 2148
C:\Windows\System32\svchost.exe 2224
C:\Windows\system32\svchost.exe 2248
C:\Program Files\RelevantKnowledge\rlservice.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2300
C:\ProgramData\SeekappSrch\seekapp167.exe 2340
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\DRIVERS\xaudio.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2556
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2612
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2724
C:\Windows\system32\wbem\wmiprvse.exe 2832
C:\Windows\system32\wbem\wmiprvse.exe 2944
C:\Windows\system32\wbem\unsecapp.exe 3028
C:\Windows\system32\taskeng.exe 3436
C:\Program Files\Windows Media Player\wmpnetwk.exe 4064
C:\Windows\system32\taskeng.exe 2692
C:\Windows\system32\Dwm.exe 3872
C:\Windows\Explorer.EXE 900
C:\Program Files\Apoint2K\Apoint.exe 3636
C:\Windows\RtHDVCpl.exe 4032
C:\Program Files\SeekappSrch\seekappsrch.exe 3052
C:\Windows\System32\rundll32.exe 2236
D:\WinAmp\winampa.exe 2908
C:\Program Files\Search Settings\SearchSettings.exe 3940
C:\Program Files\Java\jre6\bin\jusched.exe 3780
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3524
C:\Windows\ehome\ehtray.exe 4080
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2336
C:\Program Files\Windows Media Player\wmpnscfg.exe 2104
C:\Users\ANTOINE\AppData\Local\ekcagd.exe 3840
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3984
C:\Windows\System32\rundll32.exe 3324
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3920
C:\Program Files\Apoint2K\ApMsgFwd.exe 2056
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe 4256
C:\Program Files\Apoint2K\Apntex.exe 4272
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE 4348
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4392
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4404
C:\Windows\system32\wuauclt.exe 4444
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\ehome\ehmsas.exe 4748
C:\Program Files\RelevantKnowledge\rlvknlg.exe 5064
C:\Windows\system32\WerFault.exe 5152
C:\Acer\Empowering Technology\eAudio\eAudio.exe 5692
C:\Windows\system32\conime.exe 5932
C:\Program Files\Windows Live\Contacts\wlcomm.exe 5104
D:\Opera\opera.exe 2316
C:\Windows\system32\notepad.exe 5744
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 5624
C:\Program Files\WinRAR\WinRAR.exe 4560
C:\Users\ANTOINE\AppData\Local\Temp\Rar$DI00.076\List_Kill'em.scr 768
C:\Windows\system32\cmd.exe 3136
C:\Users\ANTOINE\AppData\Local\Temp\FFA4.tmp\pv.exe 3952
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata19.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt19.sqm
"C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}"
"C:\Program Files\RelevantKnowledge"
"C:\Program Files\Search Settings"
"C:\Windows\System32\ACER.exe"
C:\Windows\System32\autorun.inf
"C:\Windows\System32\drivers\etc\hosts.msn"
"C:\Windows\system32\MSINET.oca"
"C:\Windows\system32\x64"
C:\Users\ANTOINE\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\AutoRun.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD3810.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD5AFA.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD8259.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EADE9A2.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\eauninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ffmpeg3.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\First15.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\GoogleUpdateSetup.exe66a9ceb
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\mdx-oct-2005.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\MsgPlusUninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ose00000.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl24E2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl258A.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl5E55.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylB1B2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylBA97.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylCA16.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\The Sims 2_uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\UNINSTAL.EXE
C:\Users\ANTOINE\LOCAL Settings\Temp\unwise.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0ca1.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0e40.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_10ed.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_9d35.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\VP6Install.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\xmlUpdater.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ycomp_setup.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\_is7233.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp120E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1260.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1803.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp19F0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1E8C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2012.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp21ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp223D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp22E2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp244.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp27EF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2C21.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2DF3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2F4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2FCB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp300.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3017.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3043.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3582.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp366D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp384A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3BF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3E38.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp403E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp42ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4725.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4A5A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4C8A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4DD7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4F7A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp516B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5E6A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5FCD.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6049.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6187.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp67F6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6A1E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp70BA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp719D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp730E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7AC1.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7B9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7BA9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8196.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8321.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp87E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp89BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8C68.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8DCE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9149.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9668.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9AFC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9ED0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA075.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA58B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA9DA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpADF2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB329.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB40F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB6F3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBA23.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBD78.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBE01.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC095.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC0C4.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC50.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC69.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCAAF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCABF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD492.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD4CC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD680.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD80C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD8A6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDC76.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDD05.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE087.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0C9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0D5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE4AA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE646.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA25.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA81.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpECF5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF114.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF3AB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF48F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF7BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF89B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF9FD.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
09393D62-FA46-408b-9A69-833FB7E70874.exe.Kill'em
acer.exe.Kill'em
AutoRun.exe.Kill'em
autorun.inf.Kill'em
B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe.Kill'em
EAD3810.exe.Kill'em
EAD5AFA.exe.Kill'em
EAD8259.exe.Kill'em
EADE9A2.exe.Kill'em
eauninstall.exe.Kill'em
ffmpeg3.exe.Kill'em
First15.exe.Kill'em
FlashPlayerUpdate.exe.Kill'em
GoogleUpdateSetup.exe66a9ceb.Kill'em
hosts.msn.Kill'em
jre-6u15-windows-i586-iftw.exe.Kill'em
jre-6u17-windows-i586-iftw-rv.exe.Kill'em
mdx-oct-2005.exe.Kill'em
MsgPlusUninstall.exe.Kill'em
MSINET.oca.Kill'em
ose00000.exe.Kill'em
pyl24E2.tmp.exe.Kill'em
pyl258A.tmp.exe.Kill'em
pyl5E55.tmp.exe.Kill'em
pylB1B2.tmp.exe.Kill'em
pylBA97.tmp.exe.Kill'em
pylCA16.tmp.exe.Kill'em
RelevantKnowledge.Kill'em
RtkBtMnt.exe.Kill'em
Search Settings.Kill'em
sqmdata05.sqm.Kill'em
sqmdata06.sqm.Kill'em
sqmdata07.sqm.Kill'em
sqmdata08.sqm.Kill'em
sqmdata09.sqm.Kill'em
sqmdata10.sqm.Kill'em
sqmdata11.sqm.Kill'em
sqmdata12.sqm.Kill'em
sqmdata13.sqm.Kill'em
sqmdata14.sqm.Kill'em
sqmdata15.sqm.Kill'em
sqmdata16.sqm.Kill'em
sqmdata19.sqm.Kill'em
sqmnoopt05.sqm.Kill'em
sqmnoopt06.sqm.Kill'em
sqmnoopt07.sqm.Kill'em
sqmnoopt08.sqm.Kill'em
sqmnoopt09.sqm.Kill'em
sqmnoopt10.sqm.Kill'em
sqmnoopt11.sqm.Kill'em
sqmnoopt12.sqm.Kill'em
sqmnoopt13.sqm.Kill'em
sqmnoopt14.sqm.Kill'em
sqmnoopt15.sqm.Kill'em
sqmnoopt16.sqm.Kill'em
sqmnoopt19.sqm.Kill'em
The Sims 2_uninst.exe.Kill'em
tmp120E.tmp.Kill'em
tmp1260.tmp.Kill'em
tmp1364.tmp.Kill'em
tmp1803.tmp.Kill'em
tmp19F0.tmp.Kill'em
tmp1E8C.tmp.Kill'em
tmp2012.tmp.Kill'em
tmp21ED.tmp.Kill'em
tmp223D.tmp.Kill'em
tmp22E2.tmp.Kill'em
tmp244.tmp.Kill'em
tmp2791.tmp.Kill'em
tmp27EF.tmp.Kill'em
tmp2C21.tmp.Kill'em
tmp2DF3.tmp.Kill'em
tmp2F4A.tmp.Kill'em
tmp2FCB.tmp.Kill'em
tmp300.tmp.Kill'em
tmp3017.tmp.Kill'em
tmp3043.tmp.Kill'em
tmp3582.tmp.Kill'em
tmp366D.tmp.Kill'em
tmp384A.tmp.Kill'em
tmp3BF.tmp.Kill'em
tmp3E38.tmp.Kill'em
tmp403E.tmp.Kill'em
tmp42ED.tmp.Kill'em
tmp4725.tmp.Kill'em
tmp4A5A.tmp.Kill'em
tmp4C8A.tmp.Kill'em
tmp4DD7.tmp.Kill'em
tmp4F7A.tmp.Kill'em
tmp516B.tmp.Kill'em
tmp5E6A.tmp.Kill'em
tmp5FCD.tmp.Kill'em
tmp6049.tmp.Kill'em
tmp6187.tmp.Kill'em
tmp67F6.tmp.Kill'em
tmp6A1E.tmp.Kill'em
tmp6E.tmp.Kill'em
tmp70BA.tmp.Kill'em
tmp719D.tmp.Kill'em
tmp730E.tmp.Kill'em
tmp7AC1.tmp.Kill'em
tmp7B9C.tmp.Kill'em
tmp7BA9.tmp.Kill'em
tmp8196.tmp.Kill'em
tmp8321.tmp.Kill'em
tmp87E.tmp.Kill'em
tmp89BE.tmp.Kill'em
tmp8C68.tmp.Kill'em
tmp8DCE.tmp.Kill'em
tmp9149.tmp.Kill'em
tmp9668.tmp.Kill'em
tmp9AFC.tmp.Kill'em
tmp9ED0.tmp.Kill'em
tmpA075.tmp.Kill'em
tmpA58B.tmp.Kill'em
tmpA9DA.tmp.Kill'em
tmpADF2.tmp.Kill'em
tmpB329.tmp.Kill'em
tmpB40F.tmp.Kill'em
tmpB6F3.tmp.Kill'em
tmpB9C.tmp.Kill'em
tmpBA23.tmp.Kill'em
tmpBD78.tmp.Kill'em
tmpBE01.tmp.Kill'em
tmpC095.tmp.Kill'em
tmpC0C4.tmp.Kill'em
tmpC50.tmp.Kill'em
tmpC69.tmp.Kill'em
tmpCAAF.tmp.Kill'em
tmpCABF.tmp.Kill'em
tmpD492.tmp.Kill'em
tmpD4CC.tmp.Kill'em
tmpD680.tmp.Kill'em
tmpD80C.tmp.Kill'em
tmpD8A6.tmp.Kill'em
tmpDC76.tmp.Kill'em
tmpDD05.tmp.Kill'em
tmpE087.tmp.Kill'em
tmpE0C9.tmp.Kill'em
tmpE0D5.tmp.Kill'em
tmpE4AA.tmp.Kill'em
tmpE646.tmp.Kill'em
tmpEA25.tmp.Kill'em
tmpEA81.tmp.Kill'em
tmpEC4A.tmp.Kill'em
tmpEC7.tmp.Kill'em
tmpECF5.tmp.Kill'em
tmpF114.tmp.Kill'em
tmpF3AB.tmp.Kill'em
tmpF48F.tmp.Kill'em
tmpF7BE.tmp.Kill'em
tmpF89B.tmp.Kill'em
tmpF9FD.tmp.Kill'em
uninst.exe.Kill'em
UNINSTAL.EXE.Kill'em
unwise.exe.Kill'em
Update_0ca1.exe.Kill'em
Update_0e40.exe.Kill'em
Update_10ed.exe.Kill'em
Update_9d35.exe.Kill'em
VP6Install.exe.Kill'em
wlsetup-cvr.exe.Kill'em
x64.Kill'em
xmlUpdater.exe.Kill'em
ycomp_setup.exe.Kill'em
_is7233.exe.Kill'em
{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\Software\Search Settings
Deleted : HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCR\EoRezoBHO.EoBho
Deleted : HKCR\EoRezoBHO.EoBho.1
Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Deleted : HKCR\SearchSettings.BHO
Deleted : HKCR\SearchSettings.BHO.1
Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\SOFTWARE\fcn
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCU\SOFTWARE\OOO
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Deleted : HKLM\Software\Dealio
Deleted : HKLM\SOFTWARE\EoRezo
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\SOFTWARE\OOO
============
Disk Cleaned
============
================
Prefetch cleaned :
================
AgAppLaunch.db
AgCx_S1_S-1-5-21-878254511-3643810499-2642686041-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgGlUAD_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Voila la premiere partie, Mais la suite est sure ?
User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 22:32:59 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 143,79 Go (10,29 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 143,56 Go (103,02 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 516
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\csrss.exe 696
C:\Windows\system32\wininit.exe 704
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\services.exe 784
C:\Windows\system32\lsass.exe 824
C:\Windows\system32\lsm.exe 832
C:\Windows\system32\svchost.exe 980
C:\Windows\system32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1168
C:\Windows\System32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1372
C:\Windows\system32\svchost.exe 1412
C:\Windows\system32\svchost.exe 1568
D:\Avast\aswUpdSv.exe 1736
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\system32\svchost.exe 1844
C:\Acer\ALaunch\ALaunchSvc.exe 212
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 356
C:\Program Files\Bonjour\mDNSResponder.exe 380
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 396
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 828
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1332
C:\Windows\system32\FsUsbExService.Exe 1576
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 404
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2092
C:\Acer\Mobility Center\MobilityService.exe 2124
C:\Windows\System32\svchost.exe 2148
C:\Windows\System32\svchost.exe 2224
C:\Windows\system32\svchost.exe 2248
C:\Program Files\RelevantKnowledge\rlservice.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2300
C:\ProgramData\SeekappSrch\seekapp167.exe 2340
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\DRIVERS\xaudio.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2556
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2612
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2724
C:\Windows\system32\wbem\wmiprvse.exe 2832
C:\Windows\system32\wbem\wmiprvse.exe 2944
C:\Windows\system32\wbem\unsecapp.exe 3028
C:\Windows\system32\taskeng.exe 3436
C:\Program Files\Windows Media Player\wmpnetwk.exe 4064
C:\Windows\system32\taskeng.exe 2692
C:\Windows\system32\Dwm.exe 3872
C:\Windows\Explorer.EXE 900
C:\Program Files\Apoint2K\Apoint.exe 3636
C:\Windows\RtHDVCpl.exe 4032
C:\Program Files\SeekappSrch\seekappsrch.exe 3052
C:\Windows\System32\rundll32.exe 2236
D:\WinAmp\winampa.exe 2908
C:\Program Files\Search Settings\SearchSettings.exe 3940
C:\Program Files\Java\jre6\bin\jusched.exe 3780
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3852
C:\Program Files\Windows Sidebar\sidebar.exe 3524
C:\Windows\ehome\ehtray.exe 4080
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2336
C:\Program Files\Windows Media Player\wmpnscfg.exe 2104
C:\Users\ANTOINE\AppData\Local\ekcagd.exe 3840
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3984
C:\Windows\System32\rundll32.exe 3324
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3920
C:\Program Files\Apoint2K\ApMsgFwd.exe 2056
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe 4256
C:\Program Files\Apoint2K\Apntex.exe 4272
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE 4348
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 4392
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4404
C:\Windows\system32\wuauclt.exe 4444
C:\Program Files\Windows Sidebar\sidebar.exe 4540
C:\Windows\ehome\ehmsas.exe 4748
C:\Program Files\RelevantKnowledge\rlvknlg.exe 5064
C:\Windows\system32\WerFault.exe 5152
C:\Acer\Empowering Technology\eAudio\eAudio.exe 5692
C:\Windows\system32\conime.exe 5932
C:\Program Files\Windows Live\Contacts\wlcomm.exe 5104
D:\Opera\opera.exe 2316
C:\Windows\system32\notepad.exe 5744
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 5624
C:\Program Files\WinRAR\WinRAR.exe 4560
C:\Users\ANTOINE\AppData\Local\Temp\Rar$DI00.076\List_Kill'em.scr 768
C:\Windows\system32\cmd.exe 3136
C:\Users\ANTOINE\AppData\Local\Temp\FFA4.tmp\pv.exe 3952
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata19.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt19.sqm
"C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}"
"C:\Program Files\RelevantKnowledge"
"C:\Program Files\Search Settings"
"C:\Windows\System32\ACER.exe"
C:\Windows\System32\autorun.inf
"C:\Windows\System32\drivers\etc\hosts.msn"
"C:\Windows\system32\MSINET.oca"
"C:\Windows\system32\x64"
C:\Users\ANTOINE\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\AutoRun.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD3810.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD5AFA.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EAD8259.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\EADE9A2.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\eauninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ffmpeg3.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\First15.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\GoogleUpdateSetup.exe66a9ceb
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\mdx-oct-2005.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\MsgPlusUninstall.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ose00000.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl24E2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl258A.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pyl5E55.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylB1B2.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylBA97.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\pylCA16.tmp.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\The Sims 2_uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\uninst.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\UNINSTAL.EXE
C:\Users\ANTOINE\LOCAL Settings\Temp\unwise.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0ca1.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_0e40.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_10ed.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\Update_9d35.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\VP6Install.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\xmlUpdater.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\ycomp_setup.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\_is7233.exe
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp120E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1260.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1364.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1803.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp19F0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp1E8C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2012.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp21ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp223D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp22E2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp244.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2791.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp27EF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2C21.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2DF3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2F4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp2FCB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp300.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3017.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3043.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3582.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp366D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp384A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3BF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp3E38.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp403E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp42ED.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4725.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4A5A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4C8A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4DD7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp4F7A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp516B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5E6A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp5FCD.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6049.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6187.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp67F6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6A1E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp6E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp70BA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp719D.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp730E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7AC1.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7B9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp7BA9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8196.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8321.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp87E.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp89BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8C68.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp8DCE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9149.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9668.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9AFC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmp9ED0.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA075.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA58B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpA9DA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpADF2.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB329.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB40F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB6F3.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpB9C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBA23.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBD78.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpBE01.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC095.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC0C4.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC50.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpC69.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCAAF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpCABF.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD492.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD4CC.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD680.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD80C.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpD8A6.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDC76.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpDD05.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE087.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0C9.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE0D5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE4AA.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpE646.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA25.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEA81.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC4A.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpEC7.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpECF5.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF114.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF3AB.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF48F.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF7BE.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF89B.tmp
C:\Users\ANTOINE\LOCAL Settings\Temp\tmpF9FD.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
09393D62-FA46-408b-9A69-833FB7E70874.exe.Kill'em
acer.exe.Kill'em
AutoRun.exe.Kill'em
autorun.inf.Kill'em
B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe.Kill'em
EAD3810.exe.Kill'em
EAD5AFA.exe.Kill'em
EAD8259.exe.Kill'em
EADE9A2.exe.Kill'em
eauninstall.exe.Kill'em
ffmpeg3.exe.Kill'em
First15.exe.Kill'em
FlashPlayerUpdate.exe.Kill'em
GoogleUpdateSetup.exe66a9ceb.Kill'em
hosts.msn.Kill'em
jre-6u15-windows-i586-iftw.exe.Kill'em
jre-6u17-windows-i586-iftw-rv.exe.Kill'em
mdx-oct-2005.exe.Kill'em
MsgPlusUninstall.exe.Kill'em
MSINET.oca.Kill'em
ose00000.exe.Kill'em
pyl24E2.tmp.exe.Kill'em
pyl258A.tmp.exe.Kill'em
pyl5E55.tmp.exe.Kill'em
pylB1B2.tmp.exe.Kill'em
pylBA97.tmp.exe.Kill'em
pylCA16.tmp.exe.Kill'em
RelevantKnowledge.Kill'em
RtkBtMnt.exe.Kill'em
Search Settings.Kill'em
sqmdata05.sqm.Kill'em
sqmdata06.sqm.Kill'em
sqmdata07.sqm.Kill'em
sqmdata08.sqm.Kill'em
sqmdata09.sqm.Kill'em
sqmdata10.sqm.Kill'em
sqmdata11.sqm.Kill'em
sqmdata12.sqm.Kill'em
sqmdata13.sqm.Kill'em
sqmdata14.sqm.Kill'em
sqmdata15.sqm.Kill'em
sqmdata16.sqm.Kill'em
sqmdata19.sqm.Kill'em
sqmnoopt05.sqm.Kill'em
sqmnoopt06.sqm.Kill'em
sqmnoopt07.sqm.Kill'em
sqmnoopt08.sqm.Kill'em
sqmnoopt09.sqm.Kill'em
sqmnoopt10.sqm.Kill'em
sqmnoopt11.sqm.Kill'em
sqmnoopt12.sqm.Kill'em
sqmnoopt13.sqm.Kill'em
sqmnoopt14.sqm.Kill'em
sqmnoopt15.sqm.Kill'em
sqmnoopt16.sqm.Kill'em
sqmnoopt19.sqm.Kill'em
The Sims 2_uninst.exe.Kill'em
tmp120E.tmp.Kill'em
tmp1260.tmp.Kill'em
tmp1364.tmp.Kill'em
tmp1803.tmp.Kill'em
tmp19F0.tmp.Kill'em
tmp1E8C.tmp.Kill'em
tmp2012.tmp.Kill'em
tmp21ED.tmp.Kill'em
tmp223D.tmp.Kill'em
tmp22E2.tmp.Kill'em
tmp244.tmp.Kill'em
tmp2791.tmp.Kill'em
tmp27EF.tmp.Kill'em
tmp2C21.tmp.Kill'em
tmp2DF3.tmp.Kill'em
tmp2F4A.tmp.Kill'em
tmp2FCB.tmp.Kill'em
tmp300.tmp.Kill'em
tmp3017.tmp.Kill'em
tmp3043.tmp.Kill'em
tmp3582.tmp.Kill'em
tmp366D.tmp.Kill'em
tmp384A.tmp.Kill'em
tmp3BF.tmp.Kill'em
tmp3E38.tmp.Kill'em
tmp403E.tmp.Kill'em
tmp42ED.tmp.Kill'em
tmp4725.tmp.Kill'em
tmp4A5A.tmp.Kill'em
tmp4C8A.tmp.Kill'em
tmp4DD7.tmp.Kill'em
tmp4F7A.tmp.Kill'em
tmp516B.tmp.Kill'em
tmp5E6A.tmp.Kill'em
tmp5FCD.tmp.Kill'em
tmp6049.tmp.Kill'em
tmp6187.tmp.Kill'em
tmp67F6.tmp.Kill'em
tmp6A1E.tmp.Kill'em
tmp6E.tmp.Kill'em
tmp70BA.tmp.Kill'em
tmp719D.tmp.Kill'em
tmp730E.tmp.Kill'em
tmp7AC1.tmp.Kill'em
tmp7B9C.tmp.Kill'em
tmp7BA9.tmp.Kill'em
tmp8196.tmp.Kill'em
tmp8321.tmp.Kill'em
tmp87E.tmp.Kill'em
tmp89BE.tmp.Kill'em
tmp8C68.tmp.Kill'em
tmp8DCE.tmp.Kill'em
tmp9149.tmp.Kill'em
tmp9668.tmp.Kill'em
tmp9AFC.tmp.Kill'em
tmp9ED0.tmp.Kill'em
tmpA075.tmp.Kill'em
tmpA58B.tmp.Kill'em
tmpA9DA.tmp.Kill'em
tmpADF2.tmp.Kill'em
tmpB329.tmp.Kill'em
tmpB40F.tmp.Kill'em
tmpB6F3.tmp.Kill'em
tmpB9C.tmp.Kill'em
tmpBA23.tmp.Kill'em
tmpBD78.tmp.Kill'em
tmpBE01.tmp.Kill'em
tmpC095.tmp.Kill'em
tmpC0C4.tmp.Kill'em
tmpC50.tmp.Kill'em
tmpC69.tmp.Kill'em
tmpCAAF.tmp.Kill'em
tmpCABF.tmp.Kill'em
tmpD492.tmp.Kill'em
tmpD4CC.tmp.Kill'em
tmpD680.tmp.Kill'em
tmpD80C.tmp.Kill'em
tmpD8A6.tmp.Kill'em
tmpDC76.tmp.Kill'em
tmpDD05.tmp.Kill'em
tmpE087.tmp.Kill'em
tmpE0C9.tmp.Kill'em
tmpE0D5.tmp.Kill'em
tmpE4AA.tmp.Kill'em
tmpE646.tmp.Kill'em
tmpEA25.tmp.Kill'em
tmpEA81.tmp.Kill'em
tmpEC4A.tmp.Kill'em
tmpEC7.tmp.Kill'em
tmpECF5.tmp.Kill'em
tmpF114.tmp.Kill'em
tmpF3AB.tmp.Kill'em
tmpF48F.tmp.Kill'em
tmpF7BE.tmp.Kill'em
tmpF89B.tmp.Kill'em
tmpF9FD.tmp.Kill'em
uninst.exe.Kill'em
UNINSTAL.EXE.Kill'em
unwise.exe.Kill'em
Update_0ca1.exe.Kill'em
Update_0e40.exe.Kill'em
Update_10ed.exe.Kill'em
Update_9d35.exe.Kill'em
VP6Install.exe.Kill'em
wlsetup-cvr.exe.Kill'em
x64.Kill'em
xmlUpdater.exe.Kill'em
ycomp_setup.exe.Kill'em
_is7233.exe.Kill'em
{3276BE95_AF08_429F_A64F_CA64CB79BCF6}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\Software\Search Settings
Deleted : HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCR\EoRezoBHO.EoBho
Deleted : HKCR\EoRezoBHO.EoBho.1
Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Deleted : HKCR\SearchSettings.BHO
Deleted : HKCR\SearchSettings.BHO.1
Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\SOFTWARE\fcn
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Deleted : HKCU\SOFTWARE\OOO
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Deleted : HKLM\Software\Dealio
Deleted : HKLM\SOFTWARE\EoRezo
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\SOFTWARE\OOO
============
Disk Cleaned
============
================
Prefetch cleaned :
================
AgAppLaunch.db
AgCx_S1_S-1-5-21-878254511-3643810499-2642686041-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgGlUAD_S-1-5-21-878254511-3643810499-2642686041-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Voila la premiere partie, Mais la suite est sure ?
Voila le premier rapport :
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_E | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 11.12.2009 à 20:53
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:08:41, 12/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-ANTOINE | Utilisateur actuel: ANTOINE
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: SeekappSrch Service
C:\ProgramData\Seekapp
C:\Users\ANTOINE\AppData\Roaming\EoRezo
C:\Users\ANTOINE\AppData\Roaming\ItsLabel
C:\PROGRA~2\SeekappSrch
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\RelevantKnowledge
C:\Users\ANTOINE\AppData\LocalLow\Search Settings
C:\Program Files\Seekapp
C:\Program Files\SeekappSrch - ... [b]ERREUR SUPPRESSION !!/b
C:\Users\ANTOINE\AppData\Local\Temp\liveplayer_exe.dat
C:\Users\ANTOINE\AppData\Local\Temp\liveplayer_skin.dat
C:\Windows\Temp\msksetup.log
C:\Windows\Installer\a4b30.msi
C:\Users\ANTOINE\AppData\Local\bwdim.bat
C:\Users\ANTOINE\AppData\Local\ekcagd.dat
C:\Users\ANTOINE\AppData\Local\ekcagd.exe
C:\Users\ANTOINE\AppData\Local\ekcagd_nav.dat
C:\Users\ANTOINE\AppData\Local\ekcagd_navps.dat
C:\Users\ANTOINE\AppData\Local\euoaeuc.dat
C:\Users\ANTOINE\AppData\Local\euoaeuc_nav.dat
C:\Users\ANTOINE\AppData\Local\euoaeuc_navps.dat
C:\Users\ANTOINE\AppData\Local\ikmmmam.bat
C:\Users\ANTOINE\AppData\Local\umisu.dat
C:\Users\ANTOINE\AppData\Local\umisu_nav.dat
C:\Users\ANTOINE\AppData\Local\umisu_navps.dat
C:\Users\ANTOINE\AppData\Local\yoioi.bat
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\fcn
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ekcagd
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\software\GamesBarSetup
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0292226F570267D459357AF78015E534
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\03285961954D5824C85975D955031EE8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AC3985F4D64C2245A96D31569D1BF40
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\855847FA0E25FBA46B8516389DFDD4B3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\94E65EF7E080DDA4AA2F1DEDCE74AC5B
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9DC2844D0E3E8924C8973C3B3BAE1F58
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\AFEB575AA30ACB243B748619F62F0782
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F461B8DD96FF5AA41A52D14E1D7B69C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\software\microsoft\windows\currentversion\uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831}
HKLM\software\microsoft\windows\currentversion\uninstall\ekcagd
HKLM\software\microsoft\windows\currentversion\uninstall\Seekapp
HKLM\software\Seekapp
HKLM\SYSTEM\ControlSet002\Services\RelevantKnowledge
HKLM\SYSTEM\ControlSet002\Services\Seekapp Service
HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge
HKLM\SYSTEM\CurrentControlSet\Services\Seekapp Service
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.4 [fr] *
.
Nom du profil: bqg9mw27.default (ANTOINE)
.
(ANTOINE, prefs.js) Browser.download.dir, C:\Users\ANTOINE\Downloads
(ANTOINE, prefs.js) Browser.download.lastDir, C:\Users\ANTOINE\Desktop
(ANTOINE, prefs.js) Browser.search.defaultenginename,
(ANTOINE, prefs.js) Browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
(ANTOINE, prefs.js) Browser.search.selectedEngine,
(ANTOINE, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
.
(ANTOINE, prefs.js) EFFACE - Browser.search.defaultthis.engineName, Freecorder Customized Web Search
.
.
* Internet Explorer Version 7.0.6001.18000 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1 (0x1)
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Search Asst: no
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Enable Browser Extensions: yes
Use Search Asst: no
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5389 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
1 Fichier(s) - C:\Users\ANTOINE\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
9 Fichier(s) - C:\Windows\Prefetch
.
20 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
44 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 11:16:15 | 12/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.
Et Le Deuxième :
Fix Navipromo version 4.0.5 commencé le 12/12/2009 11:20:02,63
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz )
BIOS : Default System BIOS
USER : ANTOINE ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:143 Go (Free:20 Go)
D:\ (Local Disk) - NTFS - Total:143 Go (Free:103 Go)
E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\ANTOINE\AppData\Local\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
*** Scan terminé 12/12/2009 11:34:55,74 ***
Mais l'option 1 qui sui je doit la faire avec quoi si je supprime navilog ? ^^
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_E | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 11.12.2009 à 20:53
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:08:41, 12/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-ANTOINE | Utilisateur actuel: ANTOINE
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: SeekappSrch Service
C:\ProgramData\Seekapp
C:\Users\ANTOINE\AppData\Roaming\EoRezo
C:\Users\ANTOINE\AppData\Roaming\ItsLabel
C:\PROGRA~2\SeekappSrch
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\RelevantKnowledge
C:\Users\ANTOINE\AppData\LocalLow\Search Settings
C:\Program Files\Seekapp
C:\Program Files\SeekappSrch - ... [b]ERREUR SUPPRESSION !!/b
C:\Users\ANTOINE\AppData\Local\Temp\liveplayer_exe.dat
C:\Users\ANTOINE\AppData\Local\Temp\liveplayer_skin.dat
C:\Windows\Temp\msksetup.log
C:\Windows\Installer\a4b30.msi
C:\Users\ANTOINE\AppData\Local\bwdim.bat
C:\Users\ANTOINE\AppData\Local\ekcagd.dat
C:\Users\ANTOINE\AppData\Local\ekcagd.exe
C:\Users\ANTOINE\AppData\Local\ekcagd_nav.dat
C:\Users\ANTOINE\AppData\Local\ekcagd_navps.dat
C:\Users\ANTOINE\AppData\Local\euoaeuc.dat
C:\Users\ANTOINE\AppData\Local\euoaeuc_nav.dat
C:\Users\ANTOINE\AppData\Local\euoaeuc_navps.dat
C:\Users\ANTOINE\AppData\Local\ikmmmam.bat
C:\Users\ANTOINE\AppData\Local\umisu.dat
C:\Users\ANTOINE\AppData\Local\umisu_nav.dat
C:\Users\ANTOINE\AppData\Local\umisu_navps.dat
C:\Users\ANTOINE\AppData\Local\yoioi.bat
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\fcn
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ekcagd
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\software\GamesBarSetup
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0292226F570267D459357AF78015E534
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\03285961954D5824C85975D955031EE8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AC3985F4D64C2245A96D31569D1BF40
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\855847FA0E25FBA46B8516389DFDD4B3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\94E65EF7E080DDA4AA2F1DEDCE74AC5B
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9DC2844D0E3E8924C8973C3B3BAE1F58
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\AFEB575AA30ACB243B748619F62F0782
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F461B8DD96FF5AA41A52D14E1D7B69C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\software\microsoft\windows\currentversion\uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831}
HKLM\software\microsoft\windows\currentversion\uninstall\ekcagd
HKLM\software\microsoft\windows\currentversion\uninstall\Seekapp
HKLM\software\Seekapp
HKLM\SYSTEM\ControlSet002\Services\RelevantKnowledge
HKLM\SYSTEM\ControlSet002\Services\Seekapp Service
HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge
HKLM\SYSTEM\CurrentControlSet\Services\Seekapp Service
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.4 [fr] *
.
Nom du profil: bqg9mw27.default (ANTOINE)
.
(ANTOINE, prefs.js) Browser.download.dir, C:\Users\ANTOINE\Downloads
(ANTOINE, prefs.js) Browser.download.lastDir, C:\Users\ANTOINE\Desktop
(ANTOINE, prefs.js) Browser.search.defaultenginename,
(ANTOINE, prefs.js) Browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
(ANTOINE, prefs.js) Browser.search.selectedEngine,
(ANTOINE, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
.
(ANTOINE, prefs.js) EFFACE - Browser.search.defaultthis.engineName, Freecorder Customized Web Search
.
.
* Internet Explorer Version 7.0.6001.18000 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1 (0x1)
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Search Asst: no
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Enable Browser Extensions: yes
Use Search Asst: no
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5389 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
1 Fichier(s) - C:\Users\ANTOINE\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
9 Fichier(s) - C:\Windows\Prefetch
.
20 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
44 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 11:16:15 | 12/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.
Et Le Deuxième :
Fix Navipromo version 4.0.5 commencé le 12/12/2009 11:20:02,63
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz )
BIOS : Default System BIOS
USER : ANTOINE ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:143 Go (Free:20 Go)
D:\ (Local Disk) - NTFS - Total:143 Go (Free:103 Go)
E:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\ANTOINE\AppData\Local\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
*** Scan terminé 12/12/2009 11:34:55,74 ***
Mais l'option 1 qui sui je doit la faire avec quoi si je supprime navilog ? ^^
Oh Désolé Je croyais que c'était une option a faier avant de télécharger le log ^^
Voila donc son premier resultat :
############################## | FindyKill V5.021 |
# User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
# Update on 10/12/2009 by Chiquitine29
# Start at: 12:03:51 | 12/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled
# C:\ # Disque fixe local # 143,79 Go (20,75 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 143,56 Go (103,01 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] # CDFS
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
D:\Avast\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
D:\WinAmp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wuauclt.exe
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
################## | C: |
Présent ! E:\autorun.inf
################## | C:\Windows |
################## | C:\Windows\system32 |
################## | C:\Windows\system32\drivers |
################## | C:\Users\ANTOINE\AppData\Roaming |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Présent ! [HKLM\software\microsoft\security center] "UacDisableNotify"
Présent ! [HKLM\software\microsoft\security center\Svc] "AntiVirusOverride"
Présent ! [HKLM\software\microsoft\security center\Svc] "FirewallOverride"
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# (!) Uac = 0x0
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.021 ! |
Voila donc son premier resultat :
############################## | FindyKill V5.021 |
# User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
# Update on 10/12/2009 by Chiquitine29
# Start at: 12:03:51 | 12/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled
# C:\ # Disque fixe local # 143,79 Go (20,75 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 143,56 Go (103,01 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] # CDFS
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
D:\Avast\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
D:\WinAmp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\ANTOINE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wuauclt.exe
C:\Users\ANTOINE\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
################## | C: |
Présent ! E:\autorun.inf
################## | C:\Windows |
################## | C:\Windows\system32 |
################## | C:\Windows\system32\drivers |
################## | C:\Users\ANTOINE\AppData\Roaming |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Présent ! [HKLM\software\microsoft\security center] "UacDisableNotify"
Présent ! [HKLM\software\microsoft\security center\Svc] "AntiVirusOverride"
Présent ! [HKLM\software\microsoft\security center\Svc] "FirewallOverride"
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# (!) Uac = 0x0
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.021 ! |
Et le deuxième :
############################## | FindyKill V5.021 |
# User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
# Update on 10/12/2009 by Chiquitine29
# Start at: 12:29:40 | 12/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled
# C:\ # Disque fixe local # 143,79 Go (20,24 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 143,56 Go (103,02 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] # CDFS
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
D:\Avast\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Calendar\WinCal.exe
C:\Windows\system32\PresentationSettings.exe
################## | C: |
Supprimé ! E:\"autorun.inf"
################## | C:\Windows |
Supprimé ! C:\Windows\Prefetch\WINUPGRO.EXE-B9E72D89.pf
################## | C:\Windows\system32 |
################## | C:\Windows\system32\drivers |
################## | C:\Users\ANTOINE\AppData\Roaming |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "UacDisableNotify"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Uac : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.021 ! |
############################## | FindyKill V5.021 |
# User : ANTOINE (Administrateurs) # PC-DE-ANTOINE
# Update on 10/12/2009 by Chiquitine29
# Start at: 12:29:40 | 12/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled
# C:\ # Disque fixe local # 143,79 Go (20,24 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 143,56 Go (103,02 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 3,92 Go (0 Mo free) [GTA_SAN_ANDREAS] # CDFS
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
D:\Avast\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Calendar\WinCal.exe
C:\Windows\system32\PresentationSettings.exe
################## | C: |
Supprimé ! E:\"autorun.inf"
################## | C:\Windows |
Supprimé ! C:\Windows\Prefetch\WINUPGRO.EXE-B9E72D89.pf
################## | C:\Windows\system32 |
################## | C:\Windows\system32\drivers |
################## | C:\Users\ANTOINE\AppData\Roaming |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "UacDisableNotify"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Uac : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.021 ! |
