Virus Virtumonde
Résolu
rogeroge
Messages postés
95
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour a tous
Voici un raport hijackthis
je pense qu'il doit y avoir pas mal de nettoyage a faire
merci pour votre aide
cordialement
rogeroge
Logfile of HijackThis v1.99.1
Scan saved at 16:37:56, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\winspur.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Acer\Mes documents\HIJACKTHIS VF.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\is-TC0GC.tmp\is-8OA9K.tmp
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11D87FD5-5402-4298-90F8-63CCD6D4459F} - C:\WINDOWS\system32\awtsr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\iifggeb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\nxrbknfm.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: iifggeb - C:\WINDOWS\SYSTEM32\iifggeb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Voici un raport hijackthis
je pense qu'il doit y avoir pas mal de nettoyage a faire
merci pour votre aide
cordialement
rogeroge
Logfile of HijackThis v1.99.1
Scan saved at 16:37:56, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\winspur.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Acer\Mes documents\HIJACKTHIS VF.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\is-TC0GC.tmp\is-8OA9K.tmp
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11D87FD5-5402-4298-90F8-63CCD6D4459F} - C:\WINDOWS\system32\awtsr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\iifggeb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\nxrbknfm.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: iifggeb - C:\WINDOWS\SYSTEM32\iifggeb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
A voir également:
- Virus Virtumonde
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
26 réponses
- 1
- 2
Suivant
O2 - BHO: (no name) - {11D87FD5-5402-4298-90F8-63CCD6D4459F} - C:\WINDOWS\system32\awtsr.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\iifggeb.dll
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: iifggeb - C:\WINDOWS\SYSTEM32\iifggeb.dll
oui il y a une infection vundo
-------------
télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît
= colle le contenu du rapport de navilog (qui est en option2)
----------------------
utilise aussi pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
scan avec vundo
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
puis Symantec Vundo Remove Tool
https://www.broadcom.com/support/security-center
et
https://www.broadcom.com/support/security-center
---------------
ensuite:
scan avec des antiespions (en mode sans échec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
AD AWARE:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
---------------------
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne : (de préférence)
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
---------
reactive la restauration systeme
et colle un rapport hijackthis
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\iifggeb.dll
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: iifggeb - C:\WINDOWS\SYSTEM32\iifggeb.dll
oui il y a une infection vundo
-------------
télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît
= colle le contenu du rapport de navilog (qui est en option2)
----------------------
utilise aussi pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
scan avec vundo
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
puis Symantec Vundo Remove Tool
https://www.broadcom.com/support/security-center
et
https://www.broadcom.com/support/security-center
---------------
ensuite:
scan avec des antiespions (en mode sans échec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
AD AWARE:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
---------------------
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne : (de préférence)
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
---------
reactive la restauration systeme
et colle un rapport hijackthis
non laisse les lignes, les logiciel demandés devraient les virer, je les ai mises pour verifier a la fin hijackthis
Clean Navipromo version 2.0.5 commencé le 11/07/2007 à 12:22:44,43
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\Acer\Application Data ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Acer\Local Settings\Temp effectué !
*** Sauvegarde du registre vers dossier Backupnavi***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Nettoyage registre Ok
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\rstwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rstwa.bak2 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\System32\eclwwapn.exe trouvé !
Copie C:\WINDOWS\system32\eclwwapn.exe réalise avec succes !
C:\WINDOWS\system32\eclwwapn.exe supprimé !
C:\WINDOWS\System32\lemantih.exe trouvé !
Copie C:\WINDOWS\system32\lemantih.exe réalise avec succes !
C:\WINDOWS\system32\lemantih.exe supprimé !
3)Contrôle présence clés Rootkit dans le registre :
Aucune autre clés présente dans le registre !
4)Certificats :
*** Nettoyage termine le 11/07/2007 à 12:26:04,84 ***
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\Acer\Application Data ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Acer\Local Settings\Temp effectué !
*** Sauvegarde du registre vers dossier Backupnavi***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Nettoyage registre Ok
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\rstwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rstwa.bak2 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\System32\eclwwapn.exe trouvé !
Copie C:\WINDOWS\system32\eclwwapn.exe réalise avec succes !
C:\WINDOWS\system32\eclwwapn.exe supprimé !
C:\WINDOWS\System32\lemantih.exe trouvé !
Copie C:\WINDOWS\system32\lemantih.exe réalise avec succes !
C:\WINDOWS\system32\lemantih.exe supprimé !
3)Contrôle présence clés Rootkit dans le registre :
Aucune autre clés présente dans le registre !
4)Certificats :
*** Nettoyage termine le 11/07/2007 à 12:26:04,84 ***
voila j'ai pas fait les scans en ligne
Logfile of HijackThis v1.99.1
Scan saved at 13:50:31, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
c:\winspur.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E0A0B024-ECF5-4DA5-918D-CC81218E297E} - C:\WINDOWS\system32\awtsr.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Logfile of HijackThis v1.99.1
Scan saved at 13:50:31, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
c:\winspur.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E0A0B024-ECF5-4DA5-918D-CC81218E297E} - C:\WINDOWS\system32\awtsr.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E0A0B024-ECF5-4DA5-918D-CC81218E297E} - C:\WINDOWS\system32\awtsr.dll (file missing)
fix ca avec hijackthis
------------
vundo n'y est plus
encore des signes d'infections? pubs? ...
--------------
colle le scan en ligne ou scan avec bitdefender free et colle le rapport
svp
bit defender free
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
bitdefender en ligne : (de préférence)
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
O2 - BHO: (no name) - {E0A0B024-ECF5-4DA5-918D-CC81218E297E} - C:\WINDOWS\system32\awtsr.dll (file missing)
fix ca avec hijackthis
------------
vundo n'y est plus
encore des signes d'infections? pubs? ...
--------------
colle le scan en ligne ou scan avec bitdefender free et colle le rapport
svp
bit defender free
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
bitdefender en ligne : (de préférence)
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila en ligne ca passe pas
//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 11/07/2007 16:18:03
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\WINDOWS\system32\
Folders : 244
Files : 7703
Archives : 124
Packed files : 330
Identified viruses : 2
Infected files : 6
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 6
Renamed files : 0
I/O errors : 10
Scan time : 00:03:23
Scan speed (files/sec) : 37
Virus definitions : 660615
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\WINDOWS\system32\dllcache\winmga.exe Infected Trojan.Agent.AAMG
C:\WINDOWS\system32\dllcache\winmga.exe Disinfection failed
C:\WINDOWS\system32\dllcache\winmga.exe Moved
C:\WINDOWS\system32\xfyigvma.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\xfyigvma.exe Disinfection failed
C:\WINDOWS\system32\xfyigvma.exe Moved
C:\WINDOWS\system32\bdamimky.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\bdamimky.exe Disinfection failed
C:\WINDOWS\system32\bdamimky.exe Moved
C:\WINDOWS\system32\pcydsxvg.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\pcydsxvg.exe Disinfection failed
C:\WINDOWS\system32\pcydsxvg.exe Moved
C:\WINDOWS\system32\oygucyfc.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\oygucyfc.exe Disinfection failed
C:\WINDOWS\system32\oygucyfc.exe Moved
C:\WINDOWS\system32\tibwruqq.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\tibwruqq.exe Disinfection failed
C:\WINDOWS\system32\tibwruqq.exe Moved
Scanned files
C:\=>Master Boot Record OK
C:\=>Primary partition 1 OK
C:\=>Primary partition 2 (Active) OK
C:\=>Primary partition 3 OK
C:\WINDOWS\system32\ OK
C:\WINDOWS\system32\config\ OK
C:\WINDOWS\system32\config\systemprofile\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\RtkBtMnt.exe OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007022820070301\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007022820070301\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat=>REMOVED_NULLS OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\77ZG5OV6\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\77ZG5OV6\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NSSS3A54\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NSSS3A54\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1UVCP6Z\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1UVCP6Z\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDYRS5MB\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDYRS5MB\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SLAD.tmp.fec5d2c.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.22e977d5.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IconCache.db OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Modèles\ OK
C:\WINDOWS\system32\config\systemprofile\Modèles\winword.doc OK
C:\WINDOWS\system32\config\systemprofile\Modèles\powerpnt.ppt OK
C:\WINDOWS\system32\config\systemprofile\Modèles\lotus.wk4 OK
C:\WINDOWS\system32\config\systemprofile\Modèles\wordpfct.wpg OK
C:\WINDOWS\system32\config\systemprofile\Modèles\wordpfct.wpd OK
C:\WINDOWS\system32\config\systemprofile\Modèles\sndrec.wav OK
C:\WINDOWS\system32\config\systemprofile\Modèles\quattro.wb2 OK
C:\WINDOWS\system32\config\systemprofile\Modèles\excel.xls OK
C:\WINDOWS\system32\config\systemprofile\Modèles\excel4.xls OK
C:\WINDOWS\system32\config\systemprofile\Modèles\amipro.sam OK
C:\WINDOWS\system32\config\systemprofile\Modèles\winword2.doc OK
C:\WINDOWS\system32\config\systemprofile\Modèles\presenta.shw OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\Loupe.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\Clavier visuel.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\Gestionnaire d'utilitaires.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Divertissement\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Divertissement\Lecteur Windows Media.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Divertissement\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Bloc-notes.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Assistant Compatibilité des programmes.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Explorateur Windows.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Invite de commandes.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Carnet d'adresses.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Visite guidée de Windows XP.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Synchroniser.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Lecteur Windows Media.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Internet Explorer.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Assistance à distance.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Outlook Express.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\SendTo\ OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Assistant Transfert de fichiers Bluetooth.LNK OK
C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Dossier compressé.ZFSendToTarget OK
C:\WINDOWS\system32\config\systemprofile\SendTo\FileCD.lnk OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Mes documents.mydocs OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Destinataire.MAPIMail OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Bureau (créer un raccourci).DeskLink OK
C:\WINDOWS\system32\config\systemprofile\Recent\ OK
C:\WINDOWS\system32\config\systemprofile\Recent\Desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Voisinage d'impression\ OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\ OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Mes images\ OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Mes images\Desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Mes images\Échantillons d'images.lnk OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Ma musique\ OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Ma musique\Échantillons de musique.lnk OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Ma musique\Desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Voisinage réseau\ OK
C:\WINDOWS\system32\config\systemprofile\Favoris\ OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\ OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Windows Media.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Hotmail.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Windows.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Personnaliser les liens.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\MSN.com.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Guide des stations de radio.url OK
C:\WINDOWS\system32\config\systemprofile\Bureau\ OK
C:\WINDOWS\system32\config\systemprofile\Cookies\ OK
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Application Data\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt=>(unicode) OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1645522239-261478967-725345543-500\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1645522239-261478967-725345543-500\Preferred OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1645522239-261478967-725345543-500\3f1d872c-49b5-4949-bf1e-63911f9ea083 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\IMJP8_1\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\IMJP8_1\imjp81u.dic OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{C7EB3B73-15CD-485A-A800-21DEF89CD0A0}\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_fan_sys.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_memory.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_power.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_temp_sys.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_fan_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_power_voltage.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_memory.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_power_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_temp_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\pre_main_bitmap.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_mb.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_power.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_harddisk.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\backup_bg.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_bios.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_fan.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_sound.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_harddrive.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_network.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_memory.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_summary.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_video.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\strtab_eManager.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\strtab_eLock.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#SYSTEM OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/ACER ELCOK.hhk OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/html/Acer eLock.htm OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/ACER ELCOK.hhc OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/html/eLockManagementHelp.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#WINDOWS OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#IDXHDR OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#TOPICS OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#URLTBL OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#URLSTR OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#STRINGS OK
C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Intel\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Intel\Wireless\ OK
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT OK
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG OK
C:\WINDOWS\system32\config\userdiff OK
C:\WINDOWS\system32\config\system.LOG OK
C:\WINDOWS\system32\config\software.LOG OK
C:\WINDOWS\system32\config\default.LOG OK
C:\WINDOWS\system32\config\userdiff.LOG OK
C:\WINDOWS\system32\config\TempKey.LOG OK
C:\WINDOWS\system32\config\system.sav OK
C:\WINDOWS\system32\config\software.sav OK
C:\WINDOWS\system32\config\default.sav OK
C:\WINDOWS\system32\config\SECURITY OK
C:\WINDOWS\system32\config\SAM OK
C:\WINDOWS\system32\config\SAM.LOG OK
C:\WINDOWS\system32\config\SECURITY.LOG OK
C:\WINDOWS\system32\config\Media Ce.evt OK
C:\WINDOWS\system32\config\SYSTEM OK
C:\WINDOWS\system32\config\SOFTWARE OK
C:\WINDOWS\system32\config\DEFAULT OK
C:\WINDOWS\system32\config\SecEvent.Evt OK
C:\WINDOWS\system32\config\AppEvent.Evt OK
C:\WINDOWS\system32\config\SysEvent.Evt OK
C:\WINDOWS\system32\config\Internet.evt OK
C:\WINDOWS\system32\config\Antiviru.evt OK
C:\WINDOWS\system32\config\Antivirus.Evt OK
C:\WINDOWS\system32\drivers\ OK
C:\WINDOWS\system32\drivers\etc\ OK
C:\WINDOWS\system32\drivers\etc\hosts OK
C:\WINDOWS\system32\drivers\etc\lmhosts.sam OK
C:\WINDOWS\system32\drivers\etc\networks OK
C:\WINDOWS\system32\drivers\etc\protocol OK
C:\WINDOWS\system32\drivers\etc\services OK
C:\WINDOWS\system32\drivers\etc\hosts.msn OK
C:\WINDOWS\system32\drivers\disdn\ OK
C:\WINDOWS\system32\drivers\HSF_CNXT.sys OK
C:\WINDOWS\system32\drivers\wmilib.sys OK
C:\WINDOWS\system32\drivers\dmload.sys OK
C:\WINDOWS\system32\drivers\kbdclass.sys OK
C:\WINDOWS\system32\drivers\partmgr.sys OK
C:\WINDOWS\system32\drivers\ndistapi.sys OK
C:\WINDOWS\system32\drivers\ptilink.sys OK
C:\WINDOWS\system32\drivers\raspti.sys OK
C:\WINDOWS\system32\drivers\ndproxy.sys OK
C:\WINDOWS\system32\drivers\cdaudio.sys OK
C:\WINDOWS\system32\drivers\fs_rec.sys OK
C:\WINDOWS\system32\drivers\null.sys OK
C:\WINDOWS\system32\drivers\beep.sys OK
C:\WINDOWS\system32\drivers\rdpcdd.sys OK
C:\WINDOWS\system32\drivers\rasacd.sys OK
C:\WINDOWS\system32\drivers\fips.sys OK
C:\WINDOWS\system32\drivers\dxgthk.sys OK
C:\WINDOWS\system32\drivers\parvdm.sys OK
C:\WINDOWS\system32\drivers\atmepvc.sys OK
C:\WINDOWS\system32\drivers\atmuni.sys OK
C:\WINDOWS\system32\drivers\dac2w2k.sys OK
C:\WINDOWS\system32\drivers\cinemst2.sys OK
C:\WINDOWS\system32\drivers\cpqdap01.sys OK
C:\WINDOWS\system32\drivers\dxapi.sys OK
C:\WINDOWS\system32\drivers\gm.dls OK
C:\WINDOWS\system32\drivers\gmreadme.txt OK
C:\WINDOWS\system32\drivers\ipfltdrv.sys OK
C:\WINDOWS\system32\drivers\mcd.sys OK
C:\WINDOWS\system32\drivers\nikedrv.sys OK
C:\WINDOWS\system32\drivers\nwlnkflt.sys OK
C:\WINDOWS\system32\drivers\nwlnkfwd.sys OK
C:\WINDOWS\system32\drivers\nwlnknb.sys OK
C:\WINDOWS\system32\drivers\nwlnkspx.sys OK
C:\WINDOWS\system32\drivers\rawwan.sys OK
C:\WINDOWS\system32\drivers\rio8drv.sys OK
C:\WINDOWS\system32\drivers\riodrv.sys OK
C:\WINDOWS\system32\drivers\usbport.sys OK
C:\WINDOWS\system32\drivers\rootmdm.sys OK
C:\WINDOWS\system32\drivers\smclib.sys OK
C:\WINDOWS\system32\drivers\tosdvd.sys OK
C:\WINDOWS\system32\drivers\tsbvcap.sys OK
C:\WINDOWS\system32\drivers\usbcamd.sys OK
C:\WINDOWS\system32\drivers\usbcamd2.sys OK
C:\WINDOWS\system32\drivers\vdmindvd.sys OK
C:\WINDOWS\system32\drivers\ws2ifsl.sys OK
C:\WINDOWS\system32\drivers\mnmdd.sys OK
C:\WINDOWS\system32\drivers\fsvga.sys OK
C:\WINDOWS\system32\drivers\usbhub.sys OK
C:\WINDOWS\system32\drivers\acpiec.sys OK
C:\WINDOWS\system32\drivers\oprghdlr.sys OK
C:\WINDOWS\system32\drivers\ndisuio.sys OK
C:\WINDOWS\system32\drivers\usbd.sys OK
C:\WINDOWS\system32\drivers\osaio.sys OK
C:\WINDOWS\system32\drivers\disk.sys OK
C:\WINDOWS\system32\drivers\classpnp.sys OK
C:\WINDOWS\system32\drivers\dmio.sys OK
C:\WINDOWS\system32\drivers\usbehci.sys OK
C:\WINDOWS\system32\drivers\ksecdd.sys OK
C:\WINDOWS\system32\drivers\mountmgr.sys OK
C:\WINDOWS\system32\drivers\mrxdav.sys OK
C:\WINDOWS\system32\drivers\tdi.sys OK
C:\WINDOWS\system32\drivers\ndis.sys OK
C:\WINDOWS\system32\drivers\msfs.sys OK
C:\WINDOWS\system32\drivers\mup.sys OK
C:\WINDOWS\system32\drivers\netbios.sys OK
C:\WINDOWS\system32\drivers\npfs.sys OK
C:\WINDOWS\system32\drivers\volsnap.sys OK
C:\WINDOWS\system32\drivers\p3.sys OK
C:\WINDOWS\system32\drivers\videoprt.sys OK
C:\WINDOWS\system32\drivers\pcmcia.sys OK
C:\WINDOWS\system32\drivers\modem.sys OK
C:\WINDOWS\system32\drivers\fdc.sys OK
C:\WINDOWS\system32\drivers\serial.sys OK
C:\WINDOWS\system32\drivers\serenum.sys OK
C:\WINDOWS\system32\drivers\parport.sys OK
C:\WINDOWS\system32\drivers\cdrom.sys OK
C:\WINDOWS\system32\drivers\rasl2tp.sys OK
C:\WINDOWS\system32\drivers\ndiswan.sys OK
C:\WINDOWS\system32\drivers\raspppoe.sys OK
C:\WINDOWS\system32\drivers\raspptp.sys OK
C:\WINDOWS\system32\drivers\psched.sys OK
C:\WINDOWS\system32\drivers\msgpc.sys OK
C:\WINDOWS\system32\drivers\mssmbios.sys OK
C:\WINDOWS\system32\drivers\flpydisk.sys OK
C:\WINDOWS\system32\drivers\sfloppy.sys OK
C:\WINDOWS\system32\drivers\vga.sys OK
C:\WINDOWS\system32\drivers\ipsec.sys OK
C:\WINDOWS\system32\drivers\netbt.sys OK
C:\WINDOWS\system32\drivers\wanarp.sys OK
C:\WINDOWS\system32\drivers\imapi.sys OK
C:\WINDOWS\system32\drivers\fastfat.sys OK
C:\WINDOWS\system32\drivers\dxg.sys OK
C:\WINDOWS\system32\drivers\afd.sys OK
C:\WINDOWS\system32\drivers\hidir.sys OK
C:\WINDOWS\system32\drivers\diskdump.sys OK
C:\WINDOWS\system32\drivers\processr.sys OK
C:\WINDOWS\system32\drivers\amdk6.sys OK
C:\WINDOWS\system32\drivers\amdk7.sys OK
C:\WINDOWS\system32\drivers\arp1394.sys OK
C:\WINDOWS\system32\drivers\asyncmac.sys OK
C:\WINDOWS\system32\drivers\atmarpc.sys OK
C:\WINDOWS\system32\drivers\atmlane.sys OK
C:\WINDOWS\system32\drivers\bridge.sys OK
C:\WINDOWS\system32\drivers\cdfs.sys OK
C:\WINDOWS\system32\drivers\crusoe.sys OK
C:\WINDOWS\system32\drivers\dmboot.sys OK
C:\WINDOWS\system32\drivers\intelppm.sys OK
C:\WINDOWS\system32\drivers\ip6fw.sys OK
C:\WINDOWS\system32\drivers\ipinip.sys OK
C:\WINDOWS\system32\drivers\mf.sys OK
C:\WINDOWS\system32\drivers\mqac.sys OK
C:\WINDOWS\system32\drivers\rdpdr.sys OK
C:\WINDOWS\system32\drivers\nic1394.sys OK
C:\WINDOWS\system32\drivers\nmnt.sys OK
C:\WINDOWS\system32\drivers\nwlnkipx.sys OK
C:\WINDOWS\system32\drivers\irbus.sys OK
C:\WINDOWS\system32\drivers\rndismp.sys OK
C:\WINDOWS\system32\drivers\scsiport.sys OK
C:\WINDOWS\system32\drivers\sdbus.sys OK
C:\WINDOWS\system32\drivers\secdrv.sys OK
C:\WINDOWS\system32\drivers\sffdisk.sys OK
C:\WINDOWS\system32\drivers\sffp_sd.sys OK
C:\WINDOWS\system32\drivers\sonydcam.sys OK
C:\WINDOWS\system32\drivers\MSPCLOCK.sys OK
C:\WINDOWS\system32\drivers\tape.sys OK
C:\WINDOWS\system32\drivers\tunmp.sys OK
C:\WINDOWS\system32\drivers\udfs.sys OK
C:\WINDOWS\system32\drivers\usb8023.sys OK
C:\WINDOWS\system32\drivers\usbintel.sys OK
C:\WINDOWS\system32\drivers\i8042prt.sys OK
C:\WINDOWS\system32\drivers\ohci1394.sys OK
C:\WINDOWS\system32\drivers\1394bus.sys OK
C:\WINDOWS\system32\drivers\acpi.sys OK
C:\WINDOWS\system32\drivers\hidclass.sys OK
C:\WINDOWS\system32\drivers\hidparse.sys OK
C:\WINDOWS\system32\drivers\usbuhci.sys OK
C:\WINDOWS\system32\drivers\Hdaudbus.sys OK
C:\WINDOWS\system32\drivers\pci.sys OK
C:\WINDOWS\system32\drivers\isapnp.sys OK
C:\WINDOWS\system32\drivers\HSFHWAZL.sys OK
C:\WINDOWS\system32\drivers\irenum.sys OK
C:\WINDOWS\system32\drivers\Hdaudio.sys OK
C:\WINDOWS\system32\drivers\wmiacpi.sys OK
C:\WINDOWS\system32\drivers\HSF_DPV.sys OK
C:\WINDOWS\system32\drivers\mdmxsdk.sys OK
C:\WINDOWS\system32\drivers\portcls.sys OK
C:\WINDOWS\system32\drivers\ialmnt5.sys OK
C:\WINDOWS\system32\drivers\HSFProf.cty OK
C:\WINDOWS\system32\drivers\enum1394.sys OK
C:\WINDOWS\system32\drivers\drmk.sys OK
C:\WINDOWS\system32\drivers\ks.sys OK
C:\WINDOWS\system32\drivers\MSPQM.sys OK
C:\WINDOWS\system32\drivers\CmBatt.sys OK
C:\WINDOWS\system32\drivers\battc.sys OK
C:\WINDOWS\system32\drivers\MSKSSRV.sys OK
C:\WINDOWS\system32\drivers\sysaudio.sys OK
C:\WINDOWS\system32\drivers\compbatt.sys OK
C:\WINDOWS\system32\drivers\drmkaud.sys OK
C:\WINDOWS\system32\drivers\bcm4sbxp.sys OK
C:\WINDOWS\system32\drivers\stream.sys OK
C:\WINDOWS\system32\drivers\ESM7SK.sys OK
C:\WINDOWS\system32\drivers\swmidi.sys OK
C:\WINDOWS\system32\drivers\EMS7SK.sys OK
C:\WINDOWS\system32\drivers\RtkHDAud.Sys OK
C:\WINDOWS\system32\drivers\ESD7SK.sys OK
C:\WINDOWS\system32\drivers\osanbm.sys OK
C:\WINDOWS\system32\drivers\DMusic.sys OK
C:\WINDOWS\system32\drivers\redbook.sys OK
C:\WINDOWS\system32\drivers\NETMNT.sys OK
C:\WINDOWS\system32\drivers\smcirda.sys OK
C:\WINDOWS\system32\drivers\SynTP.sys OK
C:\WINDOWS\system32\drivers\irda.sys OK
C:\WINDOWS\system32\drivers\UBHelper.sys OK
C:\WINDOWS\system32\drivers\rasirda.sys OK
C:\WINDOWS\system32\drivers\NTIDrvr.sys OK
C:\WINDOWS\system32\drivers\audstub.sys OK
C:\WINDOWS\system32\drivers\OsaFsLoc.sys OK
C:\WINDOWS\system32\drivers\mouclass.sys OK
C:\WINDOWS\system32\drivers\NdisFilt.sys OK
C:\WINDOWS\system32\drivers\termdd.sys OK
C:\WINDOWS\system32\drivers\BTHUSB.SYS OK
C:\WINDOWS\system32\drivers\bthport.sys OK
C:\WINDOWS\system32\drivers\tdpipe.sys OK
C:\WINDOWS\system32\drivers\rfcomm.sys OK
C:\WINDOWS\system32\drivers\tdtcp.sys OK
C:\WINDOWS\system32\drivers\bthpan.sys OK
C:\WINDOWS\system32\drivers\mhndrv.sys OK
C:\WINDOWS\system32\drivers\BthEnum.sys OK
C:\WINDOWS\system32\drivers\symlcbrd.sys OK
C:\WINDOWS\system32\drivers\sr.sys OK
C:\WINDOWS\system32\drivers\ACER_Crane2_MCE.MRK OK
C:\WINDOWS\system32\drivers\mraid35x.sys OK
C:\WINDOWS\system32\drivers\AMDAGP.SYS OK
C:\WINDOWS\system32\drivers\ftdisk.sys OK
C:\WINDOWS\system32\drivers\AGP440.SYS OK
C:\WINDOWS\system32\drivers\swenum.sys OK
C:\WINDOWS\system32\drivers\ALIM1541.SYS OK
C:\WINDOWS\system32\drivers\viaide.sys OK
C:\WINDOWS\system32\drivers\SISAGP.SYS OK
C:\WINDOWS\system32\drivers\toside.sys OK
C:\WINDOWS\system32\drivers\AGPCPQ.SYS OK
C:\WINDOWS\system32\drivers\aliide.sys OK
C:\WINDOWS\system32\drivers\VIAAGP.SYS OK
C:\WINDOWS\system32\drivers\sym_u3.sys OK
C:\WINDOWS\system32\drivers\cd20xrnt.sys OK
C:\WINDOWS\system32\drivers\cbidf2k.sys OK
C:\WINDOWS\system32\drivers\dac960nt.sys OK
C:\WINDOWS\system32\drivers\asc3550.sys OK
C:\WINDOWS\system32\drivers\asc.sys OK
C:\WINDOWS\system32\drivers\asc3350p.sys OK
C:\WINDOWS\system32\drivers\ABP480N5.SYS OK
C:\WINDOWS\system32\drivers\amsint.sys OK
C:\WINDOWS\system32\drivers\ini910u.sys OK
C:\WINDOWS\system32\drivers\intelide.sys OK
C:\WINDOWS\system32\drivers\ultra.sys OK
C:\WINDOWS\system32\drivers\atapi.sys OK
C:\WINDOWS\system32\drivers\cmdide.sys OK
C:\WINDOWS\system32\drivers\pciidex.sys OK
C:\WINDOWS\system32\drivers\pciide.sys OK
C:\WINDOWS\system32\drivers\adpu160m.sys OK
C:\WINDOWS\system32\drivers\dpti2o.sys OK
C:\WINDOWS\system32\drivers\aic78u2.sys OK
C:\WINDOWS\system32\drivers\aic78xx.sys OK
C:\WINDOWS\system32\drivers\aha154x.sys OK
C:\WINDOWS\system32\drivers\sparrow.sys OK
C:\WINDOWS\system32\drivers\cpqarray.sys OK
C:\WINDOWS\system32\drivers\perc2.sys OK
C:\WINDOWS\system32\drivers\perc2hib.sys OK
C:\WINDOWS\system32\drivers\hpn.sys OK
C:\WINDOWS\system32\drivers\sym_hi.sys OK
C:\WINDOWS\system32\drivers\symc810.sys OK
C:\WINDOWS\system32\drivers\symc8xx.sys OK
C:\WINDOWS\system32\drivers\ql10wnt.sys OK
C:\WINDOWS\system32\drivers\ql1080.sys OK
C:\WINDOWS\system32\drivers\ql1240.sys OK
C:\WINDOWS\system32\drivers\ql1280.sys OK
C:\WINDOWS\system32\drivers\ql12160.sys OK
C:\WINDOWS\system32\drivers\i2omp.sys OK
C:\WINDOWS\system32\drivers\i2omgmt.sys OK
C:\WINDOWS\system32\drivers\w39n51.sys OK
C:\WINDOWS\system32\drivers\DKbFltr.SYS OK
C:\WINDOWS\system32\drivers\s24trans.sys OK
C:\WINDOWS\system32\drivers\AegisP.sys OK
C:\WINDOWS\system32\drivers\epm-psd.sys OK
C:\WINDOWS\system32\drivers\epm-shd.sys OK
C:\WINDOWS\system32\drivers\npf.sys OK
C:\WINDOWS\system32\drivers\hidusb.sys OK
C:\WINDOWS\system32\drivers\mouhid.sys OK
C:\WINDOWS\system32\drivers\rdbss.sys OK
C:\WINDOWS\system32\drivers\mrxsmb.sys OK
C:\WINDOWS\system32\drivers\http.sys OK
C:\WINDOWS\system32\drivers\ipnat.sys OK
C:\WINDOWS\system32\drivers\fltMgr.sys OK
C:\WINDOWS\system32\drivers\tcpip.sys OK
C:\WINDOWS\system32\drivers\RMCast.sys OK
C:\WINDOWS\system32\drivers\wdmaud.sys OK
C:\WINDOWS\system32\drivers\splitter.sys OK
C:\WINDOWS\system32\drivers\kmixer.sys OK
C:\WINDOWS\system32\drivers\wpdusb.sys OK
C:\WINDOWS\system32\drivers\aec.sys OK
C:\WINDOWS\system32\drivers\nwrdr.sys OK
C:\WINDOWS\system32\drivers\rdpwd.sys OK
C:\WINDOWS\system32\drivers\srv.sys OK
C:\WINDOWS\system32\drivers\tcpip6.sys OK
C:\WINDOWS\system32\drivers\pxhelp20.sys OK
C:\WINDOWS\system32\drivers\cdralw2k.sys OK
C:\WINDOWS\system32\drivers\cdr4_xp.sys OK
C:\WINDOWS\system32\drivers\usbccgp.sys OK
C:\WINDOWS\system32\drivers\LVSVF2.sys OK
C:\WINDOWS\system32\drivers\LVUSBSta.sys OK
C:\WINDOWS\system32\drivers\USBAUDIO.sys OK
C:\WINDOWS\system32\drivers\lv302af.sys OK
C:\WINDOWS\system32\drivers\CCDECODE.sys OK
C:\WINDOWS\system32\drivers\NABTSFEC.sys OK
C:\WINDOWS\system32\drivers\WSTCODEC.SYS OK
C:\WINDOWS\system32\drivers\SLIP.sys OK
C:\WINDOWS\system32\drivers\StreamIP.sys OK
C:\WINDOWS\system32\drivers\NdisIP.sys OK
C:\WINDOWS\system32\drivers\MSTEE.sys OK
C:\WINDOWS\system32\drivers\USBSTOR.SYS OK
C:\WINDOWS\system32\drivers\Bulk533.sys OK
C:\WINDOWS\system32\drivers\Ca533av.sys OK
C:\WINDOWS\system32\drivers\aswmon.sys OK
C:\WINDOWS\system32\drivers\aswmon2.sys OK
C:\WINDOWS\system32\drivers\aavmker4.sys OK
C:\WINDOWS\system32\drivers\aswTdi.sys OK
C:\WINDOWS\system32\drivers\aswRdr.sys OK
C:\WINDOWS\system32\drivers\LV302AV.SYS OK
C:\WINDOWS\system32\drivers\ntfs.sys OK
C:\WINDOWS\system32\drivers\update.sys OK
C:\WINDOWS\system32\ras\ OK
C:\WINDOWS\system32\ras\cis.scp OK
C:\WINDOWS\system32\ras\pad.inf OK
C:\WINDOWS\system32\ras\pppmenu.scp OK
C:\WINDOWS\system32\ras\slip.scp OK
C:\WINDOWS\system32\ras\slipmenu.scp OK
C:\WINDOWS\system32\ras\switch.inf OK
C:\WINDOWS\system32\spool\ OK
C:\WINDOWS\system32\spool\drivers\ OK
C:\WINDOWS\system32\spool\drivers\w32x86\ OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\ OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSDRV.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSWZRD.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSTIFF.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSRES.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSAPI.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSUI.DLL OK
C:\WINDOWS\system32\spool\drivers\color\ OK
C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm OK
C:\WINDOWS\system32\spool\drivers\color\is330.icm OK
C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm OK
C:\WINDOWS\system32\spool\prtprocs\ OK
C:\WINDOWS\system32\spool\prtprocs\w32x86\ OK
C:\WINDOWS\system32\spool\PRINTERS\ OK
C:\WINDOWS\system32\wins\ OK
C:\WINDOWS\system32\dhcp\ OK
C:\WINDOWS\system32\ShellExt\ OK
C:\WINDOWS\system32\Setup\ OK
C:\WINDOWS\system32\Setup\comsetup.dll OK
C:\WINDOWS\system32\Setup\imsinsnt.dll OK
C:\WINDOWS\system32\Setup\msdtcstp.dll OK
C:\WINDOWS\system32\Setup\zoneoc.dll OK
C:\WINDOWS\system32\Setup\fsconins.dll OK
C:\WINDOWS\system32\Setup\fp40ext.dll OK
C:\WINDOWS\system32\Setup\fxsocm.dll OK
C:\WINDOWS\system32\Setup\iis.dll OK
C:\WINDOWS\system32\Setup\msmqocm.dll OK
C:\WINDOWS\system32\Setup\netfxocm.dll OK
C:\WINDOWS\system32\Setup\netoc.dll OK
C:\WINDOWS\system32\Setup\ntoc.dll OK
C:\WINDOWS\system32\Setup\ocgen.dll OK
C:\WINDOWS\system32\Setup\setupqry.dll OK
C:\WINDOWS\system32\Setup\tsoc.dll OK
C:\WINDOWS\system32\Setup\tabletoc.dll OK
C:\WINDOWS\system32\Setup\medctroc.dll OK
C:\WINDOWS\system32\Setup\ehOCGen.dll OK
C:\WINDOWS\system32\Setup\plusoc.dll OK
C:\WINDOWS\system32\Setup\ocmsn.dll OK
C:\WINDOWS\system32\Setup\msgrocm.dll OK
C:\WINDOWS\system32\wbem\ OK
C:\WINDOWS\system32\wbem\Repository\ OK
C:\WINDOWS\system32\wbem\Repository\FS\ OK
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP OK
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP OK
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER OK
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP OK
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP OK
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA OK
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR OK
C:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG OK
C:\WINDOWS\system32\wbem\mof\ OK
C:\WINDOWS\system32\wbem\mof\good\ OK
C:\WINDOWS\system32\wbem\mof\bad\ OK
C:\WINDOWS\system32\wbem\xml\ OK
C:\WINDOWS\system32\wbem\xml\cim20.dtd OK
C:\WINDOWS\system32\wbem\xml\wmi20.dtd OK
C:\WINDOWS\system32\wbem\xml\wmi2xml.dll OK
C:\WINDOWS\system32\wbem\Logs\ OK
C:\WINDOWS\system32\wbem\Logs\wbemess.log OK
C:\WINDOWS\system32\wbem\Logs\wmiprov.log OK
C:\WINDOWS\system32\wbem\Logs\FrameWork.log OK
C:\WINDOWS\system32\wbem\snmp\ OK
C:\WINDOWS\system32\wbem\Performance\ OK
C:\WINDOWS\system32\wbem\Performance\WmiApRpl.h OK
C:\WINDOWS\system32\wbem\Performance\WmiApRpl.ini OK
C:\WINDOWS\system32\wbem\Performance\WmiApRpl.ini=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\ OK
C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\dgnet.mof OK
C:\WINDOWS\system32\wbem\dgnet.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\evntrprv.mof OK
C:\WINDOWS\system32\wbem\evntrprv.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\policman.mof OK
C:\WINDOWS\system32\wbem\policman.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\hnetcfg.mof OK
C:\WINDOWS\system32\wbem\hnetcfg.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ieinfo5.mof OK
C:\WINDOWS\system32\wbem\ieinfo5.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\rsop.mfl OK
C:\WINDOWS\system32\wbem\rsop.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\scersop.mof OK
C:\WINDOWS\system32\wbem\scersop.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\sr.mof OK
C:\WINDOWS\system32\wbem\sr.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\whqlprov.mof OK
C:\WINDOWS\system32\wbem\whqlprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\evntrprv.dll OK
C:\WINDOWS\system32\wbem\regevent.mfl OK
C:\WINDOWS\system32\wbem\regevent.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\rsop.mof OK
C:\WINDOWS\system32\wbem\rsop.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemperf.dll OK
C:\WINDOWS\system32\wbem\wscenter.mof OK
C:\WINDOWS\system32\wbem\wscenter.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\CmdEvTgProv.mof OK
C:\WINDOWS\system32\wbem\CmdEvTgProv.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\CmdEvTgProv.dll OK
C:\WINDOWS\system32\wbem\regevent.mof OK
C:\WINDOWS\system32\wbem\regevent.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\cimwin32.dll OK
C:\WINDOWS\system32\wbem\scm.mof OK
C:\WINDOWS\system32\wbem\scm.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\csv.xsl OK
C:\WINDOWS\system32\wbem\scrcons.mfl OK
C:\WINDOWS\system32\wbem\scrcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\esscli.dll OK
C:\WINDOWS\system32\wbem\scrcons.mof OK
C:\WINDOWS\system32\wbem\scrcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\fastprox.dll OK
C:\WINDOWS\system32\wbem\secrcw32.mfl OK
C:\WINDOWS\system32\wbem\secrcw32.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\framedyn.dll OK
C:\WINDOWS\system32\wbem\secrcw32.mof OK
C:\WINDOWS\system32\wbem\secrcw32.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\hform.xsl OK
C:\WINDOWS\system32\wbem\smtpcons.mfl OK
C:\WINDOWS\system32\wbem\smtpcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\htable.xsl OK
C:\WINDOWS\system32\wbem\smtpcons.mof OK
C:\WINDOWS\system32\wbem\smtpcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\krnlprov.dll OK
C:\WINDOWS\system32\wbem\subscrpt.mof OK
C:\WINDOWS\system32\wbem\subscrpt.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\mof.xsl OK
C:\WINDOWS\system32\wbem\system.mof OK
C:\WINDOWS\system32\wbem\system.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\mofcomp.exe OK
C:\WINDOWS\system32\wbem\tmplprov.mfl OK
C:\WINDOWS\system32\wbem\tmplprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\mofd.dll OK
C:\WINDOWS\system32\wbem\tmplprov.mof OK
C:\WINDOWS\system32\wbem\tmplprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ncprov.dll OK
C:\WINDOWS\system32\wbem\trnsprov.mfl OK
C:\WINDOWS\system32\wbem\trnsprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\ntevt.dll OK
C:\WINDOWS\system32\wbem\trnsprov.mof OK
C:\WINDOWS\system32\wbem\trnsprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\policman.dll OK
C:\WINDOWS\system32\wbem\updprov.mfl OK
C:\WINDOWS\system32\wbem\updprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\provthrd.dll OK
C:\WINDOWS\system32\wbem\updprov.mof OK
C:\WINDOWS\system32\wbem\updprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\rawxml.xsl OK
C:\WINDOWS\system32\wbem\wbemcons.mfl OK
C:\WINDOWS\system32\wbem\wbemcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\repdrvfs.dll OK
C:\WINDOWS\system32\wbem\wbemcons.mof OK
C:\WINDOWS\system32\wbem\wbemcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\scrcons.exe OK
C:\WINDOWS\system32\wbem\wmi.mfl OK
C:\WINDOWS\system32\wbem\wmi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\stdprov.dll OK
C:\WINDOWS\system32\wbem\wmipcima.mfl OK
C:\WINDOWS\system32\wbem\wmipcima.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipcima.mof OK
C:\WINDOWS\system32\wbem\wmipcima.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\texttable.xsl OK
C:\WINDOWS\system32\wbem\wmipdskq.mfl OK
C:\WINDOWS\system32\wbem\wmipdskq.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipdskq.mof OK
C:\WINDOWS\system32\wbem\wmipdskq.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\textvaluelist.xsl OK
C:\WINDOWS\system32\wbem\wmipicmp.mfl OK
C:\WINDOWS\system32\wbem\wmipicmp.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\viewprov.dll OK
C:\WINDOWS\system32\wbem\wmipicmp.mof OK
C:\WINDOWS\system32\wbem\wmipicmp.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcntl.dll OK
C:\WINDOWS\system32\wbem\wmipiprt.mfl OK
C:\WINDOWS\system32\wbem\wmipiprt.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcomn.dll OK
C:\WINDOWS\system32\wbem\wmipiprt.mof OK
C:\WINDOWS\system32\wbem\wmipiprt.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcons.dll OK
C:\WINDOWS\system32\wbem\wmipjobj.mfl OK
C:\WINDOWS\system32\wbem\wmipjobj.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcore.dll OK
C:\WINDOWS\system32\wbem\wmipjobj.mof OK
C:\WINDOWS\system32\wbem\wmipjobj.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemdisp.dll OK
C:\WINDOWS\system32\wbem\wmipsess.mfl OK
C:\WINDOWS\system32\wbem\wmipsess.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemess.dll OK
C:\WINDOWS\system32\wbem\wmipsess.mof OK
C:\WINDOWS\system32\wbem\wmipsess.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemprox.dll OK
C:\WINDOWS\system32\wbem\wmitimep.mfl OK
C:\WINDOWS\system32\wbem\wmitimep.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemsvc.dll OK
C:\WINDOWS\system32\wbem\wmitimep.mof OK
C:\WINDOWS\system32\wbem\wmitimep.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemtest.exe OK
C:\WINDOWS\system32\wbem\wbemupgd.dll OK
C:\WINDOWS\system32\wbem\wmiadap.exe OK
C:\WINDOWS\system32\wbem\wmiapres.dll OK
C:\WINDOWS\system32\wbem\wmiaprpl.dll OK
C:\WINDOWS\system32\wbem\wmiapsrv.exe OK
C:\WINDOWS\system32\wbem\wmic.exe OK
C:\WINDOWS\system32\wbem\wmicookr.dll OK
C:\WINDOWS\system32\wbem\wmidcprv.dll OK
C:\WINDOWS\system32\wbem\wmipcima.dll OK
C:\WINDOWS\system32\wbem\wmipdskq.dll OK
C:\WINDOWS\system32\wbem\wmipiprt.dll OK
C:\WINDOWS\system32\wbem\wmipjobj.dll OK
C:\WINDOWS\system32\wbem\wmiprov.dll OK
C:\WINDOWS\system32\wbem\wmiprvsd.dll OK
C:\WINDOWS\system32\wbem\wmiprvse.exe OK
C:\WINDOWS\system32\wbem\wmipsess.dll OK
C:\WINDOWS\system32\wbem\wmisvc.dll OK
C:\WINDOWS\system32\wbem\wmiutils.dll OK
C:\WINDOWS\system32\wbem\xml.xsl OK
C:\WINDOWS\system32\wbem\xsl-mappings.xml OK
C:\WINDOWS\system32\wbem\xsl-mappings.xml=>(unicode) OK
C:\WINDOWS\system32\wbem\cimwin32.mfl OK
C:\WINDOWS\system32\wbem\cimwin32.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\cimwin32.mof OK
C:\WINDOWS\system32\wbem\cimwin32.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\cli.mof OK
C:\WINDOWS\system32\wbem\cli.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\cliegaliases.mfl OK
C:\WINDOWS\system32\wbem\cliegaliases.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\cliegaliases.mof OK
C:\WINDOWS\system32\wbem\cliegaliases.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\licwmi.mfl OK
C:\WINDOWS\system32\wbem\licwmi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\licwmi.mof OK
C:\WINDOWS\system32\wbem\licwmi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmi.mof OK
C:\WINDOWS\system32\wbem\wmi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\tscfgwmi.mof OK
C:\WINDOWS\system32\wbem\tscfgwmi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\tscfgwmi.mfl OK
C:\WINDOWS\system32\wbem\tscfgwmi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\dsprov.dll OK
C:\WINDOWS\system32\wbem\fwdprov.dll OK
C:\WINDOWS\system32\wbem\htable-sortby.xsl OK
C:\WINDOWS\system32\wbem\msiprov.dll OK
C:\WINDOWS\system32\wbem\smtpcons.dll OK
C:\WINDOWS\system32\wbem\texttablewsys.xsl OK
C:\WINDOWS\system32\wbem\tmplprov.dll OK
C:\WINDOWS\system32\wbem\trnsprov.dll OK
C:\WINDOWS\system32\wbem\unsecapp.exe OK
C:\WINDOWS\system32\wbem\updprov.dll OK
C:\WINDOWS\system32\wbem\wbemads.dll OK
C:\WINDOWS\system32\wbem\wbemads.tlb OK
C:\WINDOWS\system32\wbem\wbemdisp.tlb OK
C:\WINDOWS\system32\wbem\winmgmt.exe OK
C:\WINDOWS\system32\wbem\winmgmtr.dll OK
C:\WINDOWS\system32\wbem\wmiclimofformat.xsl OK
C:\WINDOWS\system32\wbem\wmiclitableformat.xsl OK
C:\WINDOWS\system32\wbem\wmiclitableformatnosys.xsl OK
C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl OK
C:\WINDOWS\system32\wbem\wmimsg.dll OK
C:\WINDOWS\system32\wbem\wmipicmp.dll OK
C:\WINDOWS\system32\wbem\wmitimep.dll OK
C:\WINDOWS\system32\wbem\dsprov.mfl OK
C:\WINDOWS\system32\wbem\dsprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\dsprov.mof OK
C:\WINDOWS\system32\wbem\dsprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\fconprov.mfl OK
C:\WINDOWS\system32\wbem\fconprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\fconprov.mof OK
C:\WINDOWS\system32\wbem\fconprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\fevprov.mfl OK
C:\WINDOWS\system32\wbem\fevprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\fevprov.mof OK
C:\WINDOWS\system32\wbem\fevprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\krnlprov.mfl OK
C:\WINDOWS\system32\wbem\krnlprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\krnlprov.mof OK
C:\WINDOWS\system32\wbem\krnlprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\msi.mfl OK
C:\WINDOWS\system32\wbem\msi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\msi.mof OK
C:\WINDOWS\system32\wbem\msi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ncprov.mfl OK
C:\WINDOWS\system32\wbem\ncprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\ncprov.mof OK
C:\WINDOWS\system32\wbem\ncprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ntevt.mfl OK
C:\WINDOWS\system32\wbem\ntevt.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\ntevt.mof OK
C:\WINDOWS\system32\wbem\ntevt.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\policman.mfl OK
C:\WINDOWS\system32\wbem\policman.mfl=>(unicode) OK
C:\WINDOWS\system32\npp\ OK
C:\WINDOWS\system32\npp\ndisnpp.dll OK
C:\WINDOWS\system32\npp\nppagent.exe OK
C:\WINDOWS\system32\ias\ OK
C:\WINDOWS\system32\ias\dnary.mdb OK
C:\WINDOWS\system32\ias\ias.mdb OK
C:\WINDOWS\system32\dllcache\ OK
C:\WINDOWS\system32\dllcache\inetmgr.dll OK
C:\WINDOWS\system32\dllcache\NT5INF.CAT OK
C:\WINDOWS\system32\dllcache\inetmgr.exe OK
C:\WINDOWS\system32\dllcache\NT5.CAT OK
C:\WINDOWS\system32\dllcache\inetsloc.dll OK
C:\WINDOWS\system32\dllcache\SP2.CAT OK
C:\WINDOWS\system32\dllcache\infoadmn.dll OK
C:\WINDOWS\system32\dllcache\NTPRINT.CAT OK
C:\WINDOWS\system32\dllcache\ipsec.sys OK
C:\WINDOWS\system32\dllcache\NT5IIS.CAT OK
C:\WINDOWS\system32\dllcache\isatq.dll OK
C:\WINDOWS\system32\dllcache\MAPIMIG.CAT OK
C:\WINDOWS\system32\dllcache\iertutil.dll OK
C:\WINDOWS\system32\dllcache\FP4.CAT OK
C:\WINDOWS\system32\dllcache\ieudinit.exe OK
C:\WINDOWS\system32\dllcache\IMS.CAT OK
C:\WINDOWS\system32\dllcache\iexplore.exe OK
C:\WINDOWS\system32\dllcache\MSMSGS.CAT
//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 11/07/2007 16:18:03
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\WINDOWS\system32\
Folders : 244
Files : 7703
Archives : 124
Packed files : 330
Identified viruses : 2
Infected files : 6
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 6
Renamed files : 0
I/O errors : 10
Scan time : 00:03:23
Scan speed (files/sec) : 37
Virus definitions : 660615
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\WINDOWS\system32\dllcache\winmga.exe Infected Trojan.Agent.AAMG
C:\WINDOWS\system32\dllcache\winmga.exe Disinfection failed
C:\WINDOWS\system32\dllcache\winmga.exe Moved
C:\WINDOWS\system32\xfyigvma.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\xfyigvma.exe Disinfection failed
C:\WINDOWS\system32\xfyigvma.exe Moved
C:\WINDOWS\system32\bdamimky.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\bdamimky.exe Disinfection failed
C:\WINDOWS\system32\bdamimky.exe Moved
C:\WINDOWS\system32\pcydsxvg.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\pcydsxvg.exe Disinfection failed
C:\WINDOWS\system32\pcydsxvg.exe Moved
C:\WINDOWS\system32\oygucyfc.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\oygucyfc.exe Disinfection failed
C:\WINDOWS\system32\oygucyfc.exe Moved
C:\WINDOWS\system32\tibwruqq.exe Infected Trojan.Clicker.MNB
C:\WINDOWS\system32\tibwruqq.exe Disinfection failed
C:\WINDOWS\system32\tibwruqq.exe Moved
Scanned files
C:\=>Master Boot Record OK
C:\=>Primary partition 1 OK
C:\=>Primary partition 2 (Active) OK
C:\=>Primary partition 3 OK
C:\WINDOWS\system32\ OK
C:\WINDOWS\system32\config\ OK
C:\WINDOWS\system32\config\systemprofile\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\RtkBtMnt.exe OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007022820070301\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007022820070301\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat=>REMOVED_NULLS OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\77ZG5OV6\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\77ZG5OV6\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NSSS3A54\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NSSS3A54\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1UVCP6Z\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1UVCP6Z\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDYRS5MB\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDYRS5MB\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SLAD.tmp.fec5d2c.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.22e977d5.ini OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IconCache.db OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Modèles\ OK
C:\WINDOWS\system32\config\systemprofile\Modèles\winword.doc OK
C:\WINDOWS\system32\config\systemprofile\Modèles\powerpnt.ppt OK
C:\WINDOWS\system32\config\systemprofile\Modèles\lotus.wk4 OK
C:\WINDOWS\system32\config\systemprofile\Modèles\wordpfct.wpg OK
C:\WINDOWS\system32\config\systemprofile\Modèles\wordpfct.wpd OK
C:\WINDOWS\system32\config\systemprofile\Modèles\sndrec.wav OK
C:\WINDOWS\system32\config\systemprofile\Modèles\quattro.wb2 OK
C:\WINDOWS\system32\config\systemprofile\Modèles\excel.xls OK
C:\WINDOWS\system32\config\systemprofile\Modèles\excel4.xls OK
C:\WINDOWS\system32\config\systemprofile\Modèles\amipro.sam OK
C:\WINDOWS\system32\config\systemprofile\Modèles\winword2.doc OK
C:\WINDOWS\system32\config\systemprofile\Modèles\presenta.shw OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\Loupe.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\Clavier visuel.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Accessibilité\Gestionnaire d'utilitaires.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Divertissement\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Divertissement\Lecteur Windows Media.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Divertissement\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Bloc-notes.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Assistant Compatibilité des programmes.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Explorateur Windows.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Invite de commandes.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Carnet d'adresses.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Visite guidée de Windows XP.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\Synchroniser.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Accessoires\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Lecteur Windows Media.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Internet Explorer.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Assistance à distance.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Outlook Express.lnk OK
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\SendTo\ OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Assistant Transfert de fichiers Bluetooth.LNK OK
C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Dossier compressé.ZFSendToTarget OK
C:\WINDOWS\system32\config\systemprofile\SendTo\FileCD.lnk OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Mes documents.mydocs OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Destinataire.MAPIMail OK
C:\WINDOWS\system32\config\systemprofile\SendTo\Bureau (créer un raccourci).DeskLink OK
C:\WINDOWS\system32\config\systemprofile\Recent\ OK
C:\WINDOWS\system32\config\systemprofile\Recent\Desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Voisinage d'impression\ OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\ OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Mes images\ OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Mes images\Desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Mes images\Échantillons d'images.lnk OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Ma musique\ OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Ma musique\Échantillons de musique.lnk OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\Ma musique\Desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Mes documents\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Voisinage réseau\ OK
C:\WINDOWS\system32\config\systemprofile\Favoris\ OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\ OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Windows Media.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Hotmail.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Windows.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Personnaliser les liens.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\MSN.com.url OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Guide des stations de radio.url OK
C:\WINDOWS\system32\config\systemprofile\Bureau\ OK
C:\WINDOWS\system32\config\systemprofile\Cookies\ OK
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat OK
C:\WINDOWS\system32\config\systemprofile\Application Data\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt=>(unicode) OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1645522239-261478967-725345543-500\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1645522239-261478967-725345543-500\Preferred OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1645522239-261478967-725345543-500\3f1d872c-49b5-4949-bf1e-63911f9ea083 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\IMJP8_1\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\IMJP8_1\imjp81u.dic OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{C7EB3B73-15CD-485A-A800-21DEF89CD0A0}\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_fan_sys.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_memory.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_power.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_temp_sys.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_fan_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_power_voltage.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_memory.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_power_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_temp_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\pre_main_bitmap.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_mb.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_power.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\advc_harddisk.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\backup_bg.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_bios.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_cpu.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_fan.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_sound.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_harddrive.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\adv_network.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_memory.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_summary.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\images\sinfo_video.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\strtab_eManager.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\strtab_eLock.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#SYSTEM OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/ACER ELCOK.hhk OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/html/Acer eLock.htm OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/ACER ELCOK.hhc OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/html/eLockManagementHelp.jpg OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#WINDOWS OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#IDXHDR OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#TOPICS OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#URLTBL OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#URLSTR OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Acer\eManager\__LanguageFiles\ACER ELOCK.CHM=>/#STRINGS OK
C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Intel\ OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Intel\Wireless\ OK
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT OK
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG OK
C:\WINDOWS\system32\config\userdiff OK
C:\WINDOWS\system32\config\system.LOG OK
C:\WINDOWS\system32\config\software.LOG OK
C:\WINDOWS\system32\config\default.LOG OK
C:\WINDOWS\system32\config\userdiff.LOG OK
C:\WINDOWS\system32\config\TempKey.LOG OK
C:\WINDOWS\system32\config\system.sav OK
C:\WINDOWS\system32\config\software.sav OK
C:\WINDOWS\system32\config\default.sav OK
C:\WINDOWS\system32\config\SECURITY OK
C:\WINDOWS\system32\config\SAM OK
C:\WINDOWS\system32\config\SAM.LOG OK
C:\WINDOWS\system32\config\SECURITY.LOG OK
C:\WINDOWS\system32\config\Media Ce.evt OK
C:\WINDOWS\system32\config\SYSTEM OK
C:\WINDOWS\system32\config\SOFTWARE OK
C:\WINDOWS\system32\config\DEFAULT OK
C:\WINDOWS\system32\config\SecEvent.Evt OK
C:\WINDOWS\system32\config\AppEvent.Evt OK
C:\WINDOWS\system32\config\SysEvent.Evt OK
C:\WINDOWS\system32\config\Internet.evt OK
C:\WINDOWS\system32\config\Antiviru.evt OK
C:\WINDOWS\system32\config\Antivirus.Evt OK
C:\WINDOWS\system32\drivers\ OK
C:\WINDOWS\system32\drivers\etc\ OK
C:\WINDOWS\system32\drivers\etc\hosts OK
C:\WINDOWS\system32\drivers\etc\lmhosts.sam OK
C:\WINDOWS\system32\drivers\etc\networks OK
C:\WINDOWS\system32\drivers\etc\protocol OK
C:\WINDOWS\system32\drivers\etc\services OK
C:\WINDOWS\system32\drivers\etc\hosts.msn OK
C:\WINDOWS\system32\drivers\disdn\ OK
C:\WINDOWS\system32\drivers\HSF_CNXT.sys OK
C:\WINDOWS\system32\drivers\wmilib.sys OK
C:\WINDOWS\system32\drivers\dmload.sys OK
C:\WINDOWS\system32\drivers\kbdclass.sys OK
C:\WINDOWS\system32\drivers\partmgr.sys OK
C:\WINDOWS\system32\drivers\ndistapi.sys OK
C:\WINDOWS\system32\drivers\ptilink.sys OK
C:\WINDOWS\system32\drivers\raspti.sys OK
C:\WINDOWS\system32\drivers\ndproxy.sys OK
C:\WINDOWS\system32\drivers\cdaudio.sys OK
C:\WINDOWS\system32\drivers\fs_rec.sys OK
C:\WINDOWS\system32\drivers\null.sys OK
C:\WINDOWS\system32\drivers\beep.sys OK
C:\WINDOWS\system32\drivers\rdpcdd.sys OK
C:\WINDOWS\system32\drivers\rasacd.sys OK
C:\WINDOWS\system32\drivers\fips.sys OK
C:\WINDOWS\system32\drivers\dxgthk.sys OK
C:\WINDOWS\system32\drivers\parvdm.sys OK
C:\WINDOWS\system32\drivers\atmepvc.sys OK
C:\WINDOWS\system32\drivers\atmuni.sys OK
C:\WINDOWS\system32\drivers\dac2w2k.sys OK
C:\WINDOWS\system32\drivers\cinemst2.sys OK
C:\WINDOWS\system32\drivers\cpqdap01.sys OK
C:\WINDOWS\system32\drivers\dxapi.sys OK
C:\WINDOWS\system32\drivers\gm.dls OK
C:\WINDOWS\system32\drivers\gmreadme.txt OK
C:\WINDOWS\system32\drivers\ipfltdrv.sys OK
C:\WINDOWS\system32\drivers\mcd.sys OK
C:\WINDOWS\system32\drivers\nikedrv.sys OK
C:\WINDOWS\system32\drivers\nwlnkflt.sys OK
C:\WINDOWS\system32\drivers\nwlnkfwd.sys OK
C:\WINDOWS\system32\drivers\nwlnknb.sys OK
C:\WINDOWS\system32\drivers\nwlnkspx.sys OK
C:\WINDOWS\system32\drivers\rawwan.sys OK
C:\WINDOWS\system32\drivers\rio8drv.sys OK
C:\WINDOWS\system32\drivers\riodrv.sys OK
C:\WINDOWS\system32\drivers\usbport.sys OK
C:\WINDOWS\system32\drivers\rootmdm.sys OK
C:\WINDOWS\system32\drivers\smclib.sys OK
C:\WINDOWS\system32\drivers\tosdvd.sys OK
C:\WINDOWS\system32\drivers\tsbvcap.sys OK
C:\WINDOWS\system32\drivers\usbcamd.sys OK
C:\WINDOWS\system32\drivers\usbcamd2.sys OK
C:\WINDOWS\system32\drivers\vdmindvd.sys OK
C:\WINDOWS\system32\drivers\ws2ifsl.sys OK
C:\WINDOWS\system32\drivers\mnmdd.sys OK
C:\WINDOWS\system32\drivers\fsvga.sys OK
C:\WINDOWS\system32\drivers\usbhub.sys OK
C:\WINDOWS\system32\drivers\acpiec.sys OK
C:\WINDOWS\system32\drivers\oprghdlr.sys OK
C:\WINDOWS\system32\drivers\ndisuio.sys OK
C:\WINDOWS\system32\drivers\usbd.sys OK
C:\WINDOWS\system32\drivers\osaio.sys OK
C:\WINDOWS\system32\drivers\disk.sys OK
C:\WINDOWS\system32\drivers\classpnp.sys OK
C:\WINDOWS\system32\drivers\dmio.sys OK
C:\WINDOWS\system32\drivers\usbehci.sys OK
C:\WINDOWS\system32\drivers\ksecdd.sys OK
C:\WINDOWS\system32\drivers\mountmgr.sys OK
C:\WINDOWS\system32\drivers\mrxdav.sys OK
C:\WINDOWS\system32\drivers\tdi.sys OK
C:\WINDOWS\system32\drivers\ndis.sys OK
C:\WINDOWS\system32\drivers\msfs.sys OK
C:\WINDOWS\system32\drivers\mup.sys OK
C:\WINDOWS\system32\drivers\netbios.sys OK
C:\WINDOWS\system32\drivers\npfs.sys OK
C:\WINDOWS\system32\drivers\volsnap.sys OK
C:\WINDOWS\system32\drivers\p3.sys OK
C:\WINDOWS\system32\drivers\videoprt.sys OK
C:\WINDOWS\system32\drivers\pcmcia.sys OK
C:\WINDOWS\system32\drivers\modem.sys OK
C:\WINDOWS\system32\drivers\fdc.sys OK
C:\WINDOWS\system32\drivers\serial.sys OK
C:\WINDOWS\system32\drivers\serenum.sys OK
C:\WINDOWS\system32\drivers\parport.sys OK
C:\WINDOWS\system32\drivers\cdrom.sys OK
C:\WINDOWS\system32\drivers\rasl2tp.sys OK
C:\WINDOWS\system32\drivers\ndiswan.sys OK
C:\WINDOWS\system32\drivers\raspppoe.sys OK
C:\WINDOWS\system32\drivers\raspptp.sys OK
C:\WINDOWS\system32\drivers\psched.sys OK
C:\WINDOWS\system32\drivers\msgpc.sys OK
C:\WINDOWS\system32\drivers\mssmbios.sys OK
C:\WINDOWS\system32\drivers\flpydisk.sys OK
C:\WINDOWS\system32\drivers\sfloppy.sys OK
C:\WINDOWS\system32\drivers\vga.sys OK
C:\WINDOWS\system32\drivers\ipsec.sys OK
C:\WINDOWS\system32\drivers\netbt.sys OK
C:\WINDOWS\system32\drivers\wanarp.sys OK
C:\WINDOWS\system32\drivers\imapi.sys OK
C:\WINDOWS\system32\drivers\fastfat.sys OK
C:\WINDOWS\system32\drivers\dxg.sys OK
C:\WINDOWS\system32\drivers\afd.sys OK
C:\WINDOWS\system32\drivers\hidir.sys OK
C:\WINDOWS\system32\drivers\diskdump.sys OK
C:\WINDOWS\system32\drivers\processr.sys OK
C:\WINDOWS\system32\drivers\amdk6.sys OK
C:\WINDOWS\system32\drivers\amdk7.sys OK
C:\WINDOWS\system32\drivers\arp1394.sys OK
C:\WINDOWS\system32\drivers\asyncmac.sys OK
C:\WINDOWS\system32\drivers\atmarpc.sys OK
C:\WINDOWS\system32\drivers\atmlane.sys OK
C:\WINDOWS\system32\drivers\bridge.sys OK
C:\WINDOWS\system32\drivers\cdfs.sys OK
C:\WINDOWS\system32\drivers\crusoe.sys OK
C:\WINDOWS\system32\drivers\dmboot.sys OK
C:\WINDOWS\system32\drivers\intelppm.sys OK
C:\WINDOWS\system32\drivers\ip6fw.sys OK
C:\WINDOWS\system32\drivers\ipinip.sys OK
C:\WINDOWS\system32\drivers\mf.sys OK
C:\WINDOWS\system32\drivers\mqac.sys OK
C:\WINDOWS\system32\drivers\rdpdr.sys OK
C:\WINDOWS\system32\drivers\nic1394.sys OK
C:\WINDOWS\system32\drivers\nmnt.sys OK
C:\WINDOWS\system32\drivers\nwlnkipx.sys OK
C:\WINDOWS\system32\drivers\irbus.sys OK
C:\WINDOWS\system32\drivers\rndismp.sys OK
C:\WINDOWS\system32\drivers\scsiport.sys OK
C:\WINDOWS\system32\drivers\sdbus.sys OK
C:\WINDOWS\system32\drivers\secdrv.sys OK
C:\WINDOWS\system32\drivers\sffdisk.sys OK
C:\WINDOWS\system32\drivers\sffp_sd.sys OK
C:\WINDOWS\system32\drivers\sonydcam.sys OK
C:\WINDOWS\system32\drivers\MSPCLOCK.sys OK
C:\WINDOWS\system32\drivers\tape.sys OK
C:\WINDOWS\system32\drivers\tunmp.sys OK
C:\WINDOWS\system32\drivers\udfs.sys OK
C:\WINDOWS\system32\drivers\usb8023.sys OK
C:\WINDOWS\system32\drivers\usbintel.sys OK
C:\WINDOWS\system32\drivers\i8042prt.sys OK
C:\WINDOWS\system32\drivers\ohci1394.sys OK
C:\WINDOWS\system32\drivers\1394bus.sys OK
C:\WINDOWS\system32\drivers\acpi.sys OK
C:\WINDOWS\system32\drivers\hidclass.sys OK
C:\WINDOWS\system32\drivers\hidparse.sys OK
C:\WINDOWS\system32\drivers\usbuhci.sys OK
C:\WINDOWS\system32\drivers\Hdaudbus.sys OK
C:\WINDOWS\system32\drivers\pci.sys OK
C:\WINDOWS\system32\drivers\isapnp.sys OK
C:\WINDOWS\system32\drivers\HSFHWAZL.sys OK
C:\WINDOWS\system32\drivers\irenum.sys OK
C:\WINDOWS\system32\drivers\Hdaudio.sys OK
C:\WINDOWS\system32\drivers\wmiacpi.sys OK
C:\WINDOWS\system32\drivers\HSF_DPV.sys OK
C:\WINDOWS\system32\drivers\mdmxsdk.sys OK
C:\WINDOWS\system32\drivers\portcls.sys OK
C:\WINDOWS\system32\drivers\ialmnt5.sys OK
C:\WINDOWS\system32\drivers\HSFProf.cty OK
C:\WINDOWS\system32\drivers\enum1394.sys OK
C:\WINDOWS\system32\drivers\drmk.sys OK
C:\WINDOWS\system32\drivers\ks.sys OK
C:\WINDOWS\system32\drivers\MSPQM.sys OK
C:\WINDOWS\system32\drivers\CmBatt.sys OK
C:\WINDOWS\system32\drivers\battc.sys OK
C:\WINDOWS\system32\drivers\MSKSSRV.sys OK
C:\WINDOWS\system32\drivers\sysaudio.sys OK
C:\WINDOWS\system32\drivers\compbatt.sys OK
C:\WINDOWS\system32\drivers\drmkaud.sys OK
C:\WINDOWS\system32\drivers\bcm4sbxp.sys OK
C:\WINDOWS\system32\drivers\stream.sys OK
C:\WINDOWS\system32\drivers\ESM7SK.sys OK
C:\WINDOWS\system32\drivers\swmidi.sys OK
C:\WINDOWS\system32\drivers\EMS7SK.sys OK
C:\WINDOWS\system32\drivers\RtkHDAud.Sys OK
C:\WINDOWS\system32\drivers\ESD7SK.sys OK
C:\WINDOWS\system32\drivers\osanbm.sys OK
C:\WINDOWS\system32\drivers\DMusic.sys OK
C:\WINDOWS\system32\drivers\redbook.sys OK
C:\WINDOWS\system32\drivers\NETMNT.sys OK
C:\WINDOWS\system32\drivers\smcirda.sys OK
C:\WINDOWS\system32\drivers\SynTP.sys OK
C:\WINDOWS\system32\drivers\irda.sys OK
C:\WINDOWS\system32\drivers\UBHelper.sys OK
C:\WINDOWS\system32\drivers\rasirda.sys OK
C:\WINDOWS\system32\drivers\NTIDrvr.sys OK
C:\WINDOWS\system32\drivers\audstub.sys OK
C:\WINDOWS\system32\drivers\OsaFsLoc.sys OK
C:\WINDOWS\system32\drivers\mouclass.sys OK
C:\WINDOWS\system32\drivers\NdisFilt.sys OK
C:\WINDOWS\system32\drivers\termdd.sys OK
C:\WINDOWS\system32\drivers\BTHUSB.SYS OK
C:\WINDOWS\system32\drivers\bthport.sys OK
C:\WINDOWS\system32\drivers\tdpipe.sys OK
C:\WINDOWS\system32\drivers\rfcomm.sys OK
C:\WINDOWS\system32\drivers\tdtcp.sys OK
C:\WINDOWS\system32\drivers\bthpan.sys OK
C:\WINDOWS\system32\drivers\mhndrv.sys OK
C:\WINDOWS\system32\drivers\BthEnum.sys OK
C:\WINDOWS\system32\drivers\symlcbrd.sys OK
C:\WINDOWS\system32\drivers\sr.sys OK
C:\WINDOWS\system32\drivers\ACER_Crane2_MCE.MRK OK
C:\WINDOWS\system32\drivers\mraid35x.sys OK
C:\WINDOWS\system32\drivers\AMDAGP.SYS OK
C:\WINDOWS\system32\drivers\ftdisk.sys OK
C:\WINDOWS\system32\drivers\AGP440.SYS OK
C:\WINDOWS\system32\drivers\swenum.sys OK
C:\WINDOWS\system32\drivers\ALIM1541.SYS OK
C:\WINDOWS\system32\drivers\viaide.sys OK
C:\WINDOWS\system32\drivers\SISAGP.SYS OK
C:\WINDOWS\system32\drivers\toside.sys OK
C:\WINDOWS\system32\drivers\AGPCPQ.SYS OK
C:\WINDOWS\system32\drivers\aliide.sys OK
C:\WINDOWS\system32\drivers\VIAAGP.SYS OK
C:\WINDOWS\system32\drivers\sym_u3.sys OK
C:\WINDOWS\system32\drivers\cd20xrnt.sys OK
C:\WINDOWS\system32\drivers\cbidf2k.sys OK
C:\WINDOWS\system32\drivers\dac960nt.sys OK
C:\WINDOWS\system32\drivers\asc3550.sys OK
C:\WINDOWS\system32\drivers\asc.sys OK
C:\WINDOWS\system32\drivers\asc3350p.sys OK
C:\WINDOWS\system32\drivers\ABP480N5.SYS OK
C:\WINDOWS\system32\drivers\amsint.sys OK
C:\WINDOWS\system32\drivers\ini910u.sys OK
C:\WINDOWS\system32\drivers\intelide.sys OK
C:\WINDOWS\system32\drivers\ultra.sys OK
C:\WINDOWS\system32\drivers\atapi.sys OK
C:\WINDOWS\system32\drivers\cmdide.sys OK
C:\WINDOWS\system32\drivers\pciidex.sys OK
C:\WINDOWS\system32\drivers\pciide.sys OK
C:\WINDOWS\system32\drivers\adpu160m.sys OK
C:\WINDOWS\system32\drivers\dpti2o.sys OK
C:\WINDOWS\system32\drivers\aic78u2.sys OK
C:\WINDOWS\system32\drivers\aic78xx.sys OK
C:\WINDOWS\system32\drivers\aha154x.sys OK
C:\WINDOWS\system32\drivers\sparrow.sys OK
C:\WINDOWS\system32\drivers\cpqarray.sys OK
C:\WINDOWS\system32\drivers\perc2.sys OK
C:\WINDOWS\system32\drivers\perc2hib.sys OK
C:\WINDOWS\system32\drivers\hpn.sys OK
C:\WINDOWS\system32\drivers\sym_hi.sys OK
C:\WINDOWS\system32\drivers\symc810.sys OK
C:\WINDOWS\system32\drivers\symc8xx.sys OK
C:\WINDOWS\system32\drivers\ql10wnt.sys OK
C:\WINDOWS\system32\drivers\ql1080.sys OK
C:\WINDOWS\system32\drivers\ql1240.sys OK
C:\WINDOWS\system32\drivers\ql1280.sys OK
C:\WINDOWS\system32\drivers\ql12160.sys OK
C:\WINDOWS\system32\drivers\i2omp.sys OK
C:\WINDOWS\system32\drivers\i2omgmt.sys OK
C:\WINDOWS\system32\drivers\w39n51.sys OK
C:\WINDOWS\system32\drivers\DKbFltr.SYS OK
C:\WINDOWS\system32\drivers\s24trans.sys OK
C:\WINDOWS\system32\drivers\AegisP.sys OK
C:\WINDOWS\system32\drivers\epm-psd.sys OK
C:\WINDOWS\system32\drivers\epm-shd.sys OK
C:\WINDOWS\system32\drivers\npf.sys OK
C:\WINDOWS\system32\drivers\hidusb.sys OK
C:\WINDOWS\system32\drivers\mouhid.sys OK
C:\WINDOWS\system32\drivers\rdbss.sys OK
C:\WINDOWS\system32\drivers\mrxsmb.sys OK
C:\WINDOWS\system32\drivers\http.sys OK
C:\WINDOWS\system32\drivers\ipnat.sys OK
C:\WINDOWS\system32\drivers\fltMgr.sys OK
C:\WINDOWS\system32\drivers\tcpip.sys OK
C:\WINDOWS\system32\drivers\RMCast.sys OK
C:\WINDOWS\system32\drivers\wdmaud.sys OK
C:\WINDOWS\system32\drivers\splitter.sys OK
C:\WINDOWS\system32\drivers\kmixer.sys OK
C:\WINDOWS\system32\drivers\wpdusb.sys OK
C:\WINDOWS\system32\drivers\aec.sys OK
C:\WINDOWS\system32\drivers\nwrdr.sys OK
C:\WINDOWS\system32\drivers\rdpwd.sys OK
C:\WINDOWS\system32\drivers\srv.sys OK
C:\WINDOWS\system32\drivers\tcpip6.sys OK
C:\WINDOWS\system32\drivers\pxhelp20.sys OK
C:\WINDOWS\system32\drivers\cdralw2k.sys OK
C:\WINDOWS\system32\drivers\cdr4_xp.sys OK
C:\WINDOWS\system32\drivers\usbccgp.sys OK
C:\WINDOWS\system32\drivers\LVSVF2.sys OK
C:\WINDOWS\system32\drivers\LVUSBSta.sys OK
C:\WINDOWS\system32\drivers\USBAUDIO.sys OK
C:\WINDOWS\system32\drivers\lv302af.sys OK
C:\WINDOWS\system32\drivers\CCDECODE.sys OK
C:\WINDOWS\system32\drivers\NABTSFEC.sys OK
C:\WINDOWS\system32\drivers\WSTCODEC.SYS OK
C:\WINDOWS\system32\drivers\SLIP.sys OK
C:\WINDOWS\system32\drivers\StreamIP.sys OK
C:\WINDOWS\system32\drivers\NdisIP.sys OK
C:\WINDOWS\system32\drivers\MSTEE.sys OK
C:\WINDOWS\system32\drivers\USBSTOR.SYS OK
C:\WINDOWS\system32\drivers\Bulk533.sys OK
C:\WINDOWS\system32\drivers\Ca533av.sys OK
C:\WINDOWS\system32\drivers\aswmon.sys OK
C:\WINDOWS\system32\drivers\aswmon2.sys OK
C:\WINDOWS\system32\drivers\aavmker4.sys OK
C:\WINDOWS\system32\drivers\aswTdi.sys OK
C:\WINDOWS\system32\drivers\aswRdr.sys OK
C:\WINDOWS\system32\drivers\LV302AV.SYS OK
C:\WINDOWS\system32\drivers\ntfs.sys OK
C:\WINDOWS\system32\drivers\update.sys OK
C:\WINDOWS\system32\ras\ OK
C:\WINDOWS\system32\ras\cis.scp OK
C:\WINDOWS\system32\ras\pad.inf OK
C:\WINDOWS\system32\ras\pppmenu.scp OK
C:\WINDOWS\system32\ras\slip.scp OK
C:\WINDOWS\system32\ras\slipmenu.scp OK
C:\WINDOWS\system32\ras\switch.inf OK
C:\WINDOWS\system32\spool\ OK
C:\WINDOWS\system32\spool\drivers\ OK
C:\WINDOWS\system32\spool\drivers\w32x86\ OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\ OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSDRV.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSWZRD.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSTIFF.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSRES.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSAPI.DLL OK
C:\WINDOWS\system32\spool\drivers\w32x86\3\FXSUI.DLL OK
C:\WINDOWS\system32\spool\drivers\color\ OK
C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm OK
C:\WINDOWS\system32\spool\drivers\color\is330.icm OK
C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm OK
C:\WINDOWS\system32\spool\prtprocs\ OK
C:\WINDOWS\system32\spool\prtprocs\w32x86\ OK
C:\WINDOWS\system32\spool\PRINTERS\ OK
C:\WINDOWS\system32\wins\ OK
C:\WINDOWS\system32\dhcp\ OK
C:\WINDOWS\system32\ShellExt\ OK
C:\WINDOWS\system32\Setup\ OK
C:\WINDOWS\system32\Setup\comsetup.dll OK
C:\WINDOWS\system32\Setup\imsinsnt.dll OK
C:\WINDOWS\system32\Setup\msdtcstp.dll OK
C:\WINDOWS\system32\Setup\zoneoc.dll OK
C:\WINDOWS\system32\Setup\fsconins.dll OK
C:\WINDOWS\system32\Setup\fp40ext.dll OK
C:\WINDOWS\system32\Setup\fxsocm.dll OK
C:\WINDOWS\system32\Setup\iis.dll OK
C:\WINDOWS\system32\Setup\msmqocm.dll OK
C:\WINDOWS\system32\Setup\netfxocm.dll OK
C:\WINDOWS\system32\Setup\netoc.dll OK
C:\WINDOWS\system32\Setup\ntoc.dll OK
C:\WINDOWS\system32\Setup\ocgen.dll OK
C:\WINDOWS\system32\Setup\setupqry.dll OK
C:\WINDOWS\system32\Setup\tsoc.dll OK
C:\WINDOWS\system32\Setup\tabletoc.dll OK
C:\WINDOWS\system32\Setup\medctroc.dll OK
C:\WINDOWS\system32\Setup\ehOCGen.dll OK
C:\WINDOWS\system32\Setup\plusoc.dll OK
C:\WINDOWS\system32\Setup\ocmsn.dll OK
C:\WINDOWS\system32\Setup\msgrocm.dll OK
C:\WINDOWS\system32\wbem\ OK
C:\WINDOWS\system32\wbem\Repository\ OK
C:\WINDOWS\system32\wbem\Repository\FS\ OK
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP OK
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP OK
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER OK
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP OK
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP OK
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA OK
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR OK
C:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG OK
C:\WINDOWS\system32\wbem\mof\ OK
C:\WINDOWS\system32\wbem\mof\good\ OK
C:\WINDOWS\system32\wbem\mof\bad\ OK
C:\WINDOWS\system32\wbem\xml\ OK
C:\WINDOWS\system32\wbem\xml\cim20.dtd OK
C:\WINDOWS\system32\wbem\xml\wmi20.dtd OK
C:\WINDOWS\system32\wbem\xml\wmi2xml.dll OK
C:\WINDOWS\system32\wbem\Logs\ OK
C:\WINDOWS\system32\wbem\Logs\wbemess.log OK
C:\WINDOWS\system32\wbem\Logs\wmiprov.log OK
C:\WINDOWS\system32\wbem\Logs\FrameWork.log OK
C:\WINDOWS\system32\wbem\snmp\ OK
C:\WINDOWS\system32\wbem\Performance\ OK
C:\WINDOWS\system32\wbem\Performance\WmiApRpl.h OK
C:\WINDOWS\system32\wbem\Performance\WmiApRpl.ini OK
C:\WINDOWS\system32\wbem\Performance\WmiApRpl.ini=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\ OK
C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof OK
C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\dgnet.mof OK
C:\WINDOWS\system32\wbem\dgnet.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\evntrprv.mof OK
C:\WINDOWS\system32\wbem\evntrprv.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\policman.mof OK
C:\WINDOWS\system32\wbem\policman.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\hnetcfg.mof OK
C:\WINDOWS\system32\wbem\hnetcfg.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ieinfo5.mof OK
C:\WINDOWS\system32\wbem\ieinfo5.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\rsop.mfl OK
C:\WINDOWS\system32\wbem\rsop.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\scersop.mof OK
C:\WINDOWS\system32\wbem\scersop.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\sr.mof OK
C:\WINDOWS\system32\wbem\sr.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\whqlprov.mof OK
C:\WINDOWS\system32\wbem\whqlprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\evntrprv.dll OK
C:\WINDOWS\system32\wbem\regevent.mfl OK
C:\WINDOWS\system32\wbem\regevent.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\rsop.mof OK
C:\WINDOWS\system32\wbem\rsop.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemperf.dll OK
C:\WINDOWS\system32\wbem\wscenter.mof OK
C:\WINDOWS\system32\wbem\wscenter.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\CmdEvTgProv.mof OK
C:\WINDOWS\system32\wbem\CmdEvTgProv.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\CmdEvTgProv.dll OK
C:\WINDOWS\system32\wbem\regevent.mof OK
C:\WINDOWS\system32\wbem\regevent.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\cimwin32.dll OK
C:\WINDOWS\system32\wbem\scm.mof OK
C:\WINDOWS\system32\wbem\scm.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\csv.xsl OK
C:\WINDOWS\system32\wbem\scrcons.mfl OK
C:\WINDOWS\system32\wbem\scrcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\esscli.dll OK
C:\WINDOWS\system32\wbem\scrcons.mof OK
C:\WINDOWS\system32\wbem\scrcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\fastprox.dll OK
C:\WINDOWS\system32\wbem\secrcw32.mfl OK
C:\WINDOWS\system32\wbem\secrcw32.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\framedyn.dll OK
C:\WINDOWS\system32\wbem\secrcw32.mof OK
C:\WINDOWS\system32\wbem\secrcw32.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\hform.xsl OK
C:\WINDOWS\system32\wbem\smtpcons.mfl OK
C:\WINDOWS\system32\wbem\smtpcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\htable.xsl OK
C:\WINDOWS\system32\wbem\smtpcons.mof OK
C:\WINDOWS\system32\wbem\smtpcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\krnlprov.dll OK
C:\WINDOWS\system32\wbem\subscrpt.mof OK
C:\WINDOWS\system32\wbem\subscrpt.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\mof.xsl OK
C:\WINDOWS\system32\wbem\system.mof OK
C:\WINDOWS\system32\wbem\system.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\mofcomp.exe OK
C:\WINDOWS\system32\wbem\tmplprov.mfl OK
C:\WINDOWS\system32\wbem\tmplprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\mofd.dll OK
C:\WINDOWS\system32\wbem\tmplprov.mof OK
C:\WINDOWS\system32\wbem\tmplprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ncprov.dll OK
C:\WINDOWS\system32\wbem\trnsprov.mfl OK
C:\WINDOWS\system32\wbem\trnsprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\ntevt.dll OK
C:\WINDOWS\system32\wbem\trnsprov.mof OK
C:\WINDOWS\system32\wbem\trnsprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\policman.dll OK
C:\WINDOWS\system32\wbem\updprov.mfl OK
C:\WINDOWS\system32\wbem\updprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\provthrd.dll OK
C:\WINDOWS\system32\wbem\updprov.mof OK
C:\WINDOWS\system32\wbem\updprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\rawxml.xsl OK
C:\WINDOWS\system32\wbem\wbemcons.mfl OK
C:\WINDOWS\system32\wbem\wbemcons.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\repdrvfs.dll OK
C:\WINDOWS\system32\wbem\wbemcons.mof OK
C:\WINDOWS\system32\wbem\wbemcons.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\scrcons.exe OK
C:\WINDOWS\system32\wbem\wmi.mfl OK
C:\WINDOWS\system32\wbem\wmi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\stdprov.dll OK
C:\WINDOWS\system32\wbem\wmipcima.mfl OK
C:\WINDOWS\system32\wbem\wmipcima.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipcima.mof OK
C:\WINDOWS\system32\wbem\wmipcima.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\texttable.xsl OK
C:\WINDOWS\system32\wbem\wmipdskq.mfl OK
C:\WINDOWS\system32\wbem\wmipdskq.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wmipdskq.mof OK
C:\WINDOWS\system32\wbem\wmipdskq.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\textvaluelist.xsl OK
C:\WINDOWS\system32\wbem\wmipicmp.mfl OK
C:\WINDOWS\system32\wbem\wmipicmp.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\viewprov.dll OK
C:\WINDOWS\system32\wbem\wmipicmp.mof OK
C:\WINDOWS\system32\wbem\wmipicmp.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcntl.dll OK
C:\WINDOWS\system32\wbem\wmipiprt.mfl OK
C:\WINDOWS\system32\wbem\wmipiprt.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcomn.dll OK
C:\WINDOWS\system32\wbem\wmipiprt.mof OK
C:\WINDOWS\system32\wbem\wmipiprt.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcons.dll OK
C:\WINDOWS\system32\wbem\wmipjobj.mfl OK
C:\WINDOWS\system32\wbem\wmipjobj.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemcore.dll OK
C:\WINDOWS\system32\wbem\wmipjobj.mof OK
C:\WINDOWS\system32\wbem\wmipjobj.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemdisp.dll OK
C:\WINDOWS\system32\wbem\wmipsess.mfl OK
C:\WINDOWS\system32\wbem\wmipsess.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemess.dll OK
C:\WINDOWS\system32\wbem\wmipsess.mof OK
C:\WINDOWS\system32\wbem\wmipsess.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemprox.dll OK
C:\WINDOWS\system32\wbem\wmitimep.mfl OK
C:\WINDOWS\system32\wbem\wmitimep.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemsvc.dll OK
C:\WINDOWS\system32\wbem\wmitimep.mof OK
C:\WINDOWS\system32\wbem\wmitimep.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wbemtest.exe OK
C:\WINDOWS\system32\wbem\wbemupgd.dll OK
C:\WINDOWS\system32\wbem\wmiadap.exe OK
C:\WINDOWS\system32\wbem\wmiapres.dll OK
C:\WINDOWS\system32\wbem\wmiaprpl.dll OK
C:\WINDOWS\system32\wbem\wmiapsrv.exe OK
C:\WINDOWS\system32\wbem\wmic.exe OK
C:\WINDOWS\system32\wbem\wmicookr.dll OK
C:\WINDOWS\system32\wbem\wmidcprv.dll OK
C:\WINDOWS\system32\wbem\wmipcima.dll OK
C:\WINDOWS\system32\wbem\wmipdskq.dll OK
C:\WINDOWS\system32\wbem\wmipiprt.dll OK
C:\WINDOWS\system32\wbem\wmipjobj.dll OK
C:\WINDOWS\system32\wbem\wmiprov.dll OK
C:\WINDOWS\system32\wbem\wmiprvsd.dll OK
C:\WINDOWS\system32\wbem\wmiprvse.exe OK
C:\WINDOWS\system32\wbem\wmipsess.dll OK
C:\WINDOWS\system32\wbem\wmisvc.dll OK
C:\WINDOWS\system32\wbem\wmiutils.dll OK
C:\WINDOWS\system32\wbem\xml.xsl OK
C:\WINDOWS\system32\wbem\xsl-mappings.xml OK
C:\WINDOWS\system32\wbem\xsl-mappings.xml=>(unicode) OK
C:\WINDOWS\system32\wbem\cimwin32.mfl OK
C:\WINDOWS\system32\wbem\cimwin32.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\cimwin32.mof OK
C:\WINDOWS\system32\wbem\cimwin32.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\cli.mof OK
C:\WINDOWS\system32\wbem\cli.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\cliegaliases.mfl OK
C:\WINDOWS\system32\wbem\cliegaliases.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\cliegaliases.mof OK
C:\WINDOWS\system32\wbem\cliegaliases.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\licwmi.mfl OK
C:\WINDOWS\system32\wbem\licwmi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\licwmi.mof OK
C:\WINDOWS\system32\wbem\licwmi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\wmi.mof OK
C:\WINDOWS\system32\wbem\wmi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\tscfgwmi.mof OK
C:\WINDOWS\system32\wbem\tscfgwmi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\tscfgwmi.mfl OK
C:\WINDOWS\system32\wbem\tscfgwmi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\dsprov.dll OK
C:\WINDOWS\system32\wbem\fwdprov.dll OK
C:\WINDOWS\system32\wbem\htable-sortby.xsl OK
C:\WINDOWS\system32\wbem\msiprov.dll OK
C:\WINDOWS\system32\wbem\smtpcons.dll OK
C:\WINDOWS\system32\wbem\texttablewsys.xsl OK
C:\WINDOWS\system32\wbem\tmplprov.dll OK
C:\WINDOWS\system32\wbem\trnsprov.dll OK
C:\WINDOWS\system32\wbem\unsecapp.exe OK
C:\WINDOWS\system32\wbem\updprov.dll OK
C:\WINDOWS\system32\wbem\wbemads.dll OK
C:\WINDOWS\system32\wbem\wbemads.tlb OK
C:\WINDOWS\system32\wbem\wbemdisp.tlb OK
C:\WINDOWS\system32\wbem\winmgmt.exe OK
C:\WINDOWS\system32\wbem\winmgmtr.dll OK
C:\WINDOWS\system32\wbem\wmiclimofformat.xsl OK
C:\WINDOWS\system32\wbem\wmiclitableformat.xsl OK
C:\WINDOWS\system32\wbem\wmiclitableformatnosys.xsl OK
C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl OK
C:\WINDOWS\system32\wbem\wmimsg.dll OK
C:\WINDOWS\system32\wbem\wmipicmp.dll OK
C:\WINDOWS\system32\wbem\wmitimep.dll OK
C:\WINDOWS\system32\wbem\dsprov.mfl OK
C:\WINDOWS\system32\wbem\dsprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\dsprov.mof OK
C:\WINDOWS\system32\wbem\dsprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\fconprov.mfl OK
C:\WINDOWS\system32\wbem\fconprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\fconprov.mof OK
C:\WINDOWS\system32\wbem\fconprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\fevprov.mfl OK
C:\WINDOWS\system32\wbem\fevprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\fevprov.mof OK
C:\WINDOWS\system32\wbem\fevprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\krnlprov.mfl OK
C:\WINDOWS\system32\wbem\krnlprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\krnlprov.mof OK
C:\WINDOWS\system32\wbem\krnlprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\msi.mfl OK
C:\WINDOWS\system32\wbem\msi.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\msi.mof OK
C:\WINDOWS\system32\wbem\msi.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ncprov.mfl OK
C:\WINDOWS\system32\wbem\ncprov.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\ncprov.mof OK
C:\WINDOWS\system32\wbem\ncprov.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\ntevt.mfl OK
C:\WINDOWS\system32\wbem\ntevt.mfl=>(unicode) OK
C:\WINDOWS\system32\wbem\ntevt.mof OK
C:\WINDOWS\system32\wbem\ntevt.mof=>(unicode) OK
C:\WINDOWS\system32\wbem\policman.mfl OK
C:\WINDOWS\system32\wbem\policman.mfl=>(unicode) OK
C:\WINDOWS\system32\npp\ OK
C:\WINDOWS\system32\npp\ndisnpp.dll OK
C:\WINDOWS\system32\npp\nppagent.exe OK
C:\WINDOWS\system32\ias\ OK
C:\WINDOWS\system32\ias\dnary.mdb OK
C:\WINDOWS\system32\ias\ias.mdb OK
C:\WINDOWS\system32\dllcache\ OK
C:\WINDOWS\system32\dllcache\inetmgr.dll OK
C:\WINDOWS\system32\dllcache\NT5INF.CAT OK
C:\WINDOWS\system32\dllcache\inetmgr.exe OK
C:\WINDOWS\system32\dllcache\NT5.CAT OK
C:\WINDOWS\system32\dllcache\inetsloc.dll OK
C:\WINDOWS\system32\dllcache\SP2.CAT OK
C:\WINDOWS\system32\dllcache\infoadmn.dll OK
C:\WINDOWS\system32\dllcache\NTPRINT.CAT OK
C:\WINDOWS\system32\dllcache\ipsec.sys OK
C:\WINDOWS\system32\dllcache\NT5IIS.CAT OK
C:\WINDOWS\system32\dllcache\isatq.dll OK
C:\WINDOWS\system32\dllcache\MAPIMIG.CAT OK
C:\WINDOWS\system32\dllcache\iertutil.dll OK
C:\WINDOWS\system32\dllcache\FP4.CAT OK
C:\WINDOWS\system32\dllcache\ieudinit.exe OK
C:\WINDOWS\system32\dllcache\IMS.CAT OK
C:\WINDOWS\system32\dllcache\iexplore.exe OK
C:\WINDOWS\system32\dllcache\MSMSGS.CAT
ils ont été mis en quarantaine , supprime ce qui est en quarantaine dans bitdefender
-------------
AVG antispyxare
https://www.01net.com/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
__________
puis refait un scan avec bitdefender
__________
et recolle hijackthis
-------------
AVG antispyxare
https://www.01net.com/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
__________
puis refait un scan avec bitdefender
__________
et recolle hijackthis
a la fin du scan avg il ma demander de redemarer donc j'ai pas put l'enregistrer
comment faire pour de donner les details de se qu'il a trouver et qui sont en quarantaine
Logfile of HijackThis v1.99.1
Scan saved at 18:06:00, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
comment faire pour de donner les details de se qu'il a trouver et qui sont en quarantaine
Logfile of HijackThis v1.99.1
Scan saved at 18:06:00, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Bonjour
il y a des trucs dans la quarantaine est ce que je les suprime ---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 11:21:21 12/07/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Acer\Cookies\acer@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
Fin du rapport
il y a des trucs dans la quarantaine est ce que je les suprime ---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 11:21:21 12/07/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Acer\Cookies\acer@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 12:24:23, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 12:24:23, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
ais ceci,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
--------------------
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
· Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
· Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
· Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
http://kerio.probb.fr/tuto-Clean-h37.html
-----------
refait un scan bitdefender et colle lerapport
-------------
puis colle hijackthis
--------------
ca devrait etre bon!
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
--------------------
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
· Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
· Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
· Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
http://kerio.probb.fr/tuto-Clean-h37.html
-----------
refait un scan bitdefender et colle lerapport
-------------
puis colle hijackthis
--------------
ca devrait etre bon!
voila pour SDFix
je continue
SDFix: Version 1.90
Run by Acer on 12/07/2007 at 15:38
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Acer\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Files with Hidden Attributes:
C:\WINDOWS\system32\NTICDMK7.dll
C:\WINDOWS\system32\NTIMP3.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\WINDOWS\system32\NTIFCD3.dll
C:\WINDOWS\system32\NTIBUN4.dll
C:\Program Files\Picasa2\setup.exe
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001146.exe
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001147.exe
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001148.exe
Finished
je continue
SDFix: Version 1.90
Run by Acer on 12/07/2007 at 15:38
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Acer\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Files with Hidden Attributes:
C:\WINDOWS\system32\NTICDMK7.dll
C:\WINDOWS\system32\NTIMP3.dll
C:\WINDOWS\system32\NTIMPEG2.dll
C:\WINDOWS\system32\NTIFCD3.dll
C:\WINDOWS\system32\NTIBUN4.dll
C:\Program Files\Picasa2\setup.exe
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001146.exe
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001147.exe
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001148.exe
Finished
Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 12/07/2007 16:08:04
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
Folders : 3430
Files : 122299
Archives : 7201
Packed files : 7823
Identified viruses : 1
Infected files : 3
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 3
Renamed files : 0
I/O errors : 29
Scan time : 00:15:05
Scan speed (files/sec) : 135
Virus definitions : 671817
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001146.exe=>(AutoIT) Infected Trojan.Virtumod.IZ
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001146.exe=>(AutoIT) Disinfection failed
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001146.exe Moved
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001147.exe=>(AutoIT) Infected Trojan.Virtumod.IZ
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001147.exe=>(AutoIT) Disinfection failed
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001147.exe Moved
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001148.exe=>(AutoIT) Infected Trojan.Virtumod.IZ
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001148.exe=>(AutoIT) Disinfection failed
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001148.exe Moved
Logfile of HijackThis v1.99.1
Scan saved at 16:24:43, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
// Version: 8.0
//
// Created on: 12/07/2007 16:08:04
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
Folders : 3430
Files : 122299
Archives : 7201
Packed files : 7823
Identified viruses : 1
Infected files : 3
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 3
Renamed files : 0
I/O errors : 29
Scan time : 00:15:05
Scan speed (files/sec) : 135
Virus definitions : 671817
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001146.exe=>(AutoIT) Infected Trojan.Virtumod.IZ
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001146.exe=>(AutoIT) Disinfection failed
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001146.exe Moved
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001147.exe=>(AutoIT) Infected Trojan.Virtumod.IZ
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001147.exe=>(AutoIT) Disinfection failed
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001147.exe Moved
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001148.exe=>(AutoIT) Infected Trojan.Virtumod.IZ
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001148.exe=>(AutoIT) Disinfection failed
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\A0001148.exe Moved
Logfile of HijackThis v1.99.1
Scan saved at 16:24:43, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?36caf859ac6843ac9712c5ffea890929
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?36caf859ac6843ac9712c5ffea890929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
_________
refait ccleaner
___________
vire ce qui est en quarantaine dans bit defender
--------
ComboFix
Télécharge Combofix sUBs :
http://mickael.barroux.free.fr/securite/combofix.php
et sauvegarde le sur ton bureau et pas ailleurs!
lance le et colle les rapports
____________
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
_________
refait ccleaner
___________
vire ce qui est en quarantaine dans bit defender
--------
ComboFix
Télécharge Combofix sUBs :
http://mickael.barroux.free.fr/securite/combofix.php
et sauvegarde le sur ton bureau et pas ailleurs!
lance le et colle les rapports
____________
[07/12/2007, 17:30:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\8Z745VW3\VirtumundoBeGone[1].exe" )
[07/12/2007, 17:30:47] - Detected System Information:
[07/12/2007, 17:30:47] - Windows Version: 5.1.2600, Service Pack 2
[07/12/2007, 17:30:47] - Current Username: Acer (Admin)
[07/12/2007, 17:30:47] - Windows is in NORMAL mode.
[07/12/2007, 17:30:47] - Searching for Browser Helper Objects:
[07/12/2007, 17:30:47] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/12/2007, 17:30:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/12/2007, 17:30:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/12/2007, 17:30:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/12/2007, 17:30:47] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/12/2007, 17:30:47] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/12/2007, 17:30:47] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/12/2007, 17:30:47] - Finished Searching Browser Helper Objects
[07/12/2007, 17:30:47] - Finishing up...
[07/12/2007, 17:30:47] - Nothing found! Exiting...
[07/12/2007, 17:44:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\AOHOHNMF\VirtumundoBeGone[1].exe" )
[07/12/2007, 17:44:37] - Detected System Information:
[07/12/2007, 17:44:37] - Windows Version: 5.1.2600, Service Pack 2
[07/12/2007, 17:44:37] - Current Username: Acer (Admin)
[07/12/2007, 17:44:37] - Windows is in NORMAL mode.
[07/12/2007, 17:44:37] - Searching for Browser Helper Objects:
[07/12/2007, 17:44:37] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/12/2007, 17:44:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/12/2007, 17:44:37] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/12/2007, 17:44:37] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/12/2007, 17:44:37] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/12/2007, 17:44:37] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/12/2007, 17:44:37] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/12/2007, 17:44:37] - Finished Searching Browser Helper Objects
[07/12/2007, 17:44:37] - Finishing up...
[07/12/2007, 17:44:37] - Nothing found! Exiting...
"Acer" - 2007-07-12 17:34:31 - ComboFix 07-07-12.3 - Service Pack 2 [color=red][b]FAT32 [/b][/color]
/wow section - STAGE #8
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))
2007-07-12 17:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 15:37 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-12 11:16 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-11 16:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-11 16:28 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-07-11 13:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-11 12:45 <REP> d-------- C:\VundoFix Backups
2007-07-11 11:07 <REP> d-------- C:\Program Files\Navilog1
2007-07-11 10:56 <REP> d-------- C:\Program Files\CCleaner
2007-07-07 20:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-04 21:32 269 --a------ C:\winsft.exe
2007-07-03 15:32 200 --a------ C:\winbbs.exe
2007-07-01 10:42 <REP> d-------- C:\Program Files\Mindscape
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-12 13:52:50 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-10 15:14:48 1,392 ----a-w C:\DOCUME~1\Acer\APPLIC~1\wklnhst.dat
2007-05-19 12:08:18 -------- d-----w C:\Program Files\orange
2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-01 19:07:22 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-01 19:07:10 2,308 ----a-w C:\WINDOWS\mozver.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:36 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 C:\WINDOWS\system32\bthprops.cpl]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-01 03:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-05 19:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da4b34e-ea73-11db-8e05-0018de66bcd5}]
AutoRun\command- F:\setupSNK.exe
Contents of the 'Scheduled Tasks' folder
2007-07-12 15:13:02 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 17:40:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-12 17:43:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-12 17:43
--- E O F ---
[07/12/2007, 17:30:47] - Detected System Information:
[07/12/2007, 17:30:47] - Windows Version: 5.1.2600, Service Pack 2
[07/12/2007, 17:30:47] - Current Username: Acer (Admin)
[07/12/2007, 17:30:47] - Windows is in NORMAL mode.
[07/12/2007, 17:30:47] - Searching for Browser Helper Objects:
[07/12/2007, 17:30:47] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/12/2007, 17:30:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/12/2007, 17:30:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/12/2007, 17:30:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/12/2007, 17:30:47] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/12/2007, 17:30:47] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/12/2007, 17:30:47] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/12/2007, 17:30:47] - Finished Searching Browser Helper Objects
[07/12/2007, 17:30:47] - Finishing up...
[07/12/2007, 17:30:47] - Nothing found! Exiting...
[07/12/2007, 17:44:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\AOHOHNMF\VirtumundoBeGone[1].exe" )
[07/12/2007, 17:44:37] - Detected System Information:
[07/12/2007, 17:44:37] - Windows Version: 5.1.2600, Service Pack 2
[07/12/2007, 17:44:37] - Current Username: Acer (Admin)
[07/12/2007, 17:44:37] - Windows is in NORMAL mode.
[07/12/2007, 17:44:37] - Searching for Browser Helper Objects:
[07/12/2007, 17:44:37] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/12/2007, 17:44:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/12/2007, 17:44:37] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/12/2007, 17:44:37] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/12/2007, 17:44:37] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/12/2007, 17:44:37] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/12/2007, 17:44:37] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/12/2007, 17:44:37] - Finished Searching Browser Helper Objects
[07/12/2007, 17:44:37] - Finishing up...
[07/12/2007, 17:44:37] - Nothing found! Exiting...
"Acer" - 2007-07-12 17:34:31 - ComboFix 07-07-12.3 - Service Pack 2 [color=red][b]FAT32 [/b][/color]
/wow section - STAGE #8
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))
2007-07-12 17:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 15:37 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-12 11:16 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-11 16:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-11 16:28 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-07-11 13:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-11 12:45 <REP> d-------- C:\VundoFix Backups
2007-07-11 11:07 <REP> d-------- C:\Program Files\Navilog1
2007-07-11 10:56 <REP> d-------- C:\Program Files\CCleaner
2007-07-07 20:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-04 21:32 269 --a------ C:\winsft.exe
2007-07-03 15:32 200 --a------ C:\winbbs.exe
2007-07-01 10:42 <REP> d-------- C:\Program Files\Mindscape
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-12 13:52:50 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-10 15:14:48 1,392 ----a-w C:\DOCUME~1\Acer\APPLIC~1\wklnhst.dat
2007-05-19 12:08:18 -------- d-----w C:\Program Files\orange
2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-01 19:07:22 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-01 19:07:10 2,308 ----a-w C:\WINDOWS\mozver.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:36 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 C:\WINDOWS\system32\bthprops.cpl]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-01 03:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-05 19:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da4b34e-ea73-11db-8e05-0018de66bcd5}]
AutoRun\command- F:\setupSNK.exe
Contents of the 'Scheduled Tasks' folder
2007-07-12 15:13:02 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 17:40:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-12 17:43:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-12 17:43
--- E O F ---
encore des signes d'infection?
--------
https://www.f-secure.com/en
* Télécharger Blacklight (de F-Secure)
* Sauvegardez-le sur le Bureau.
* Double-cliquez sur blbeta.exe et acceptez la licence
* Cliquez sur Scan puis Next
* Vous verrez une liste de fichiers détectés apparaître
* Vous verrez également un rapport, sur le Bureau , ouvrez-le :
* tuto : https://www.malekal.com/tutorial-f-secure-blacklight/#mozTocId411175
------------
--------
https://www.f-secure.com/en
* Télécharger Blacklight (de F-Secure)
* Sauvegardez-le sur le Bureau.
* Double-cliquez sur blbeta.exe et acceptez la licence
* Cliquez sur Scan puis Next
* Vous verrez une liste de fichiers détectés apparaître
* Vous verrez également un rapport, sur le Bureau , ouvrez-le :
* tuto : https://www.malekal.com/tutorial-f-secure-blacklight/#mozTocId411175
------------
Salut
07/13/07 10:31:39 [Info]: BlackLight Engine 1.0.64 initialized
07/13/07 10:31:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/13/07 10:31:39 [Note]: 7019 4
07/13/07 10:31:39 [Note]: 7005 0
07/13/07 10:31:43 [Note]: 7006 0
07/13/07 10:31:43 [Note]: 7011 1772
07/13/07 10:31:43 [Note]: 7026 0
07/13/07 10:31:43 [Note]: 7026 0
07/13/07 10:31:47 [Note]: FSRAW library version 1.7.1022
07/13/07 10:33:35 [Note]: 7007 0
07/13/07 10:31:39 [Info]: BlackLight Engine 1.0.64 initialized
07/13/07 10:31:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/13/07 10:31:39 [Note]: 7019 4
07/13/07 10:31:39 [Note]: 7005 0
07/13/07 10:31:43 [Note]: 7006 0
07/13/07 10:31:43 [Note]: 7011 1772
07/13/07 10:31:43 [Note]: 7026 0
07/13/07 10:31:43 [Note]: 7026 0
07/13/07 10:31:47 [Note]: FSRAW library version 1.7.1022
07/13/07 10:33:35 [Note]: 7007 0
J'ai fait ca je pense que je l'avez saper au 17
cript execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 13/07/2007 a 11:09:26,42
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\DivX\Google\Firefox\ffinstaller.exe"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
cript execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 13/07/2007 a 11:09:26,42
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\DivX\Google\Firefox\ffinstaller.exe"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
- 1
- 2
Suivant
merci pour ton aide
j'ai fait le debut de la manip
par contre est ce qu'il faut que je fix les 4 lignes avec hijack que tu m'indique au debut de ta reponse
Search Navipromo version 2.0.5 commencé le 11/07/2007 à 11:14:38,23
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Acer\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.
[+] Started on 07/11/07 at 11:14:44.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ...................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/11/07 at 11:15:17 (return code = 0).
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
C:\WINDOWS\system32\rstwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rstwa.bak2 trouvé ! infection Vundo possible non traité par cet outil !
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\system32\eclwwapn.exe trouvé !
3)Recherche Certificats :
*** Analyse Terminé le 11/07/2007 à 11:15:27,71 ***