BAGLE - installation anti virus impossible
carospears
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,
Je viens d'acquérir il y a quelques jours un portable sous vista
sur lequel j'ai voulu installé l'antivirus AVG
j'ai systématiquement ce message d'erreur
Local machine: installation faileda
Initialization:
Warning: Windows Firewall activity checking failed.
Le mappeur de point final n'a plus de point final disponible. (1753)
Installation:
Error: Action failed for file avgrssvc.exe: starting service....
%1 n'est pas une application Win32 valide. (193)
J'ai fait un scan Bitdefender on line qui me donne
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Sat, Apr 12, 2008 - 17:06:08
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scannés
96074
Infectés Fichiers
1
Virus Détectés
Trojan.Downloader.Bagle.HD
1
J'ai ensuite fait ce scan avec un outils en espagnol
Sat Apr 12 17:39:18 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
Reinicie para Completar la Limpieza.
Sat Apr 12 17:39:52 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Eliminado Bagle
C:\Windows\System32\WINTEMS.EXE.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
C:\Windows\System32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\Windows\System32\drivers\downld\14895849.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1906535.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\81307.EXE --> Eliminado Bagle
Nº Total de Directorios: 12298
Nº Total de Ficheros: 96628
Nº de Ficheros Analizados: 12506
Nº de Ficheros Infectados: 6
Nº de Ficheros Limpiados: 6
Sat Apr 12 17:48:04 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12298
Nº Total de Ficheros: 96623
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 17:51:46 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96626
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 17:55:08 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96626
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 17:58:47 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96626
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 18:02:22 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96626
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 18:05:49 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96628
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 18:09:16 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96628
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
VOILA je suis infecté par BAGLE et je ne sais plus quoi faire?
Merci de votre aide
Je viens d'acquérir il y a quelques jours un portable sous vista
sur lequel j'ai voulu installé l'antivirus AVG
j'ai systématiquement ce message d'erreur
Local machine: installation faileda
Initialization:
Warning: Windows Firewall activity checking failed.
Le mappeur de point final n'a plus de point final disponible. (1753)
Installation:
Error: Action failed for file avgrssvc.exe: starting service....
%1 n'est pas une application Win32 valide. (193)
J'ai fait un scan Bitdefender on line qui me donne
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Sat, Apr 12, 2008 - 17:06:08
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scannés
96074
Infectés Fichiers
1
Virus Détectés
Trojan.Downloader.Bagle.HD
1
J'ai ensuite fait ce scan avec un outils en espagnol
Sat Apr 12 17:39:18 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
Reinicie para Completar la Limpieza.
Sat Apr 12 17:39:52 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Eliminado Bagle
C:\Windows\System32\WINTEMS.EXE.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
C:\Windows\System32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\Windows\System32\drivers\downld\14895849.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1906535.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\81307.EXE --> Eliminado Bagle
Nº Total de Directorios: 12298
Nº Total de Ficheros: 96628
Nº de Ficheros Analizados: 12506
Nº de Ficheros Infectados: 6
Nº de Ficheros Limpiados: 6
Sat Apr 12 17:48:04 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12298
Nº Total de Ficheros: 96623
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 17:51:46 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96626
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 17:55:08 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96626
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 17:58:47 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96626
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 18:02:22 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96626
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 18:05:49 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96628
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
Sat Apr 12 18:09:16 2008
EliBagle v11.25 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\WINTEMS.EXE.VIR.VIR.VIR.VIR.VIR.VIR.VIR.VIR --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
Nº Total de Directorios: 12299
Nº Total de Ficheros: 96628
Nº de Ficheros Analizados: 12501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
VOILA je suis infecté par BAGLE et je ne sais plus quoi faire?
Merci de votre aide
A voir également:
- BAGLE - installation anti virus impossible
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Norton anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Anti pub youtube - Accueil - Streaming
30 réponses
ComboFix 08-04-12.7 - SYSTEM 2008-04-13 18:37:40.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1725 [GMT 2:00]
Endroit: C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 12:03 174 --sha-w C:\Program Files\desktop.ini
2008-04-13 12:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-13 12:00 --------- d-----w C:\Program Files\Windows Calendar
2008-04-13 11:34 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-13 11:21 --------- d-----w C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\AVG7
2008-04-13 11:20 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-04-13 11:20 --------- d-----w C:\PROGRA~2\Grisoft
2008-04-13 11:20 --------- d-----w C:\PROGRA~2\avg7
2008-04-13 10:19 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 09:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-13 09:52 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-04-12 15:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-12 14:03 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-10 02:08 --------- d-----w C:\Program Files\ItsLabel
2008-04-10 02:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-09 20:46 --------- d-----w C:\PROGRA~2\Symantec
2008-04-09 19:14 806 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-09 19:14 10,652 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-09 18:50 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-09 17:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-06 16:10 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 15:29 --------- d-----w C:\Program Files\Microsoft Works
2008-04-06 15:29 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-06 15:18 --------- d-----w C:\Program Files\MSECache
2008-04-06 15:17 --------- d-----w C:\Program Files\EoRezo
2008-04-06 14:06 --------- d-----w C:\Program Files\SLD Codec Pack
2008-04-05 16:24 --------- d-----w C:\Program Files\Lavasoft
2008-04-05 16:24 --------- d-----w C:\PROGRA~2\Lavasoft
2008-04-05 16:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 15:11 --------- d-----w C:\Program Files\CCleaner
2008-04-05 09:45 --------- d-----w C:\Program Files\Alwil Software
2008-04-05 09:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 20:52 --------- d-----w C:\PROGRA~2\Forge of Games
2008-04-03 20:04 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-03 20:04 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-03 20:04 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-03 20:04 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-04-03 20:04 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-03 20:04 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-03 20:01 --------- d-----w C:\PROGRA~2\Yahoo! Companion
2008-04-03 19:58 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 19:58 --------- d-----w C:\Program Files\Windows Live
2008-04-03 19:53 --------- d-----w C:\PROGRA~2\WLInstaller
2008-04-03 16:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-03 16:38 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-03 16:38 --------- d-sh--w C:\PROGRA~2\Modèles
2008-04-03 16:38 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-04-03 16:38 --------- d-sh--w C:\PROGRA~2\Favoris
2008-04-03 16:38 --------- d-sh--w C:\PROGRA~2\Bureau
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-13 13:20 219136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-10 08:58 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 13:35 94208]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-04-03 17:47 561152]
"ItsTV"="C:\Program Files\ItsLabel\ItsTV.exe" [2007-04-26 16:19 2908160]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-13 13:20 579072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-13 13:20 219136]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-13 13:20 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-32657837-3195804750-840997833-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= Profile=Public|C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= Profile=Public|C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{647BEEBF-1702-4B7D-B44D-635EF1669066}"= Profile=Public|C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{E61A4B07-04B7-4AD0-A2D2-B290D668900B}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{96D3D31D-F579-478B-B04A-AFF286FF1274}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{4D3B2B7F-C597-48D7-85E3-4E1C50EC7442}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E1C1CCA2-BDB6-4144-A5AC-2F7D63988267}F:\\emule\\emule.exe"= UDP:F:\emule\emule.exe:eMule
"UDP Query User{A8787CF2-593B-499B-9912-64AE4CB1E992}F:\\emule\\emule.exe"= TCP:F:\emule\emule.exe:eMule
"{3D1883C5-E0E3-40D7-9377-27C32B2CE467}"= Disabled:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{99438046-B574-40E7-87BA-63A208798803}"= Disabled:C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{8846E3AF-245F-4887-8B98-A164DD0708DF}"= Disabled:C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {16B8C993-FC52-4DB8-BC23-BCB4264B97BC},{C0F5D793-E3DB-40BD-BDA8-DCAEC611D4B9}
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51]
S2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
S2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
S2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
S2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
S2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 14:32]
S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 18:39:36
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-13 18:40:04
ComboFix-quarantined-files.txt 2008-04-13 16:40:02
ComboFix2.txt 2008-04-13 09:43:43
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-13 11:47:37 --- E O F ---
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1725 [GMT 2:00]
Endroit: C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 12:03 174 --sha-w C:\Program Files\desktop.ini
2008-04-13 12:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-13 12:00 --------- d-----w C:\Program Files\Windows Calendar
2008-04-13 11:34 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-13 11:21 --------- d-----w C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\AVG7
2008-04-13 11:20 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-04-13 11:20 --------- d-----w C:\PROGRA~2\Grisoft
2008-04-13 11:20 --------- d-----w C:\PROGRA~2\avg7
2008-04-13 10:19 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 09:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-13 09:52 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-04-12 15:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-12 14:03 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-10 02:08 --------- d-----w C:\Program Files\ItsLabel
2008-04-10 02:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-09 20:46 --------- d-----w C:\PROGRA~2\Symantec
2008-04-09 19:14 806 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-09 19:14 10,652 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-09 18:50 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-09 17:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-06 16:10 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 15:29 --------- d-----w C:\Program Files\Microsoft Works
2008-04-06 15:29 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-06 15:18 --------- d-----w C:\Program Files\MSECache
2008-04-06 15:17 --------- d-----w C:\Program Files\EoRezo
2008-04-06 14:06 --------- d-----w C:\Program Files\SLD Codec Pack
2008-04-05 16:24 --------- d-----w C:\Program Files\Lavasoft
2008-04-05 16:24 --------- d-----w C:\PROGRA~2\Lavasoft
2008-04-05 16:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 15:11 --------- d-----w C:\Program Files\CCleaner
2008-04-05 09:45 --------- d-----w C:\Program Files\Alwil Software
2008-04-05 09:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 20:52 --------- d-----w C:\PROGRA~2\Forge of Games
2008-04-03 20:04 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-03 20:04 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-03 20:04 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-03 20:04 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-04-03 20:04 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-03 20:04 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-03 20:01 --------- d-----w C:\PROGRA~2\Yahoo! Companion
2008-04-03 19:58 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 19:58 --------- d-----w C:\Program Files\Windows Live
2008-04-03 19:53 --------- d-----w C:\PROGRA~2\WLInstaller
2008-04-03 16:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-03 16:38 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-03 16:38 --------- d-sh--w C:\PROGRA~2\Modèles
2008-04-03 16:38 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-04-03 16:38 --------- d-sh--w C:\PROGRA~2\Favoris
2008-04-03 16:38 --------- d-sh--w C:\PROGRA~2\Bureau
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-13 13:20 219136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-10 08:58 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 13:35 94208]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-04-03 17:47 561152]
"ItsTV"="C:\Program Files\ItsLabel\ItsTV.exe" [2007-04-26 16:19 2908160]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-13 13:20 579072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-13 13:20 219136]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-13 13:20 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-32657837-3195804750-840997833-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= Profile=Public|C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= Profile=Public|C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{647BEEBF-1702-4B7D-B44D-635EF1669066}"= Profile=Public|C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{E61A4B07-04B7-4AD0-A2D2-B290D668900B}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{96D3D31D-F579-478B-B04A-AFF286FF1274}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{4D3B2B7F-C597-48D7-85E3-4E1C50EC7442}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E1C1CCA2-BDB6-4144-A5AC-2F7D63988267}F:\\emule\\emule.exe"= UDP:F:\emule\emule.exe:eMule
"UDP Query User{A8787CF2-593B-499B-9912-64AE4CB1E992}F:\\emule\\emule.exe"= TCP:F:\emule\emule.exe:eMule
"{3D1883C5-E0E3-40D7-9377-27C32B2CE467}"= Disabled:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{99438046-B574-40E7-87BA-63A208798803}"= Disabled:C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{8846E3AF-245F-4887-8B98-A164DD0708DF}"= Disabled:C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {16B8C993-FC52-4DB8-BC23-BCB4264B97BC},{C0F5D793-E3DB-40BD-BDA8-DCAEC611D4B9}
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51]
S2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
S2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
S2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
S2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
S2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 14:32]
S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 18:39:36
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-13 18:40:04
ComboFix-quarantined-files.txt 2008-04-13 16:40:02
ComboFix2.txt 2008-04-13 09:43:43
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-13 11:47:37 --- E O F ---
ok,
fais ce qui est indiqué ici stp :
http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr
++
fais ce qui est indiqué ici stp :
http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr
++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:34 2008-04-13
+ Résultat de l'analyse:
C:\Users\Damien\Desktop\mdelk.EXE -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\Windows\System32\config\systemprofile\Desktop\mdelk.EXE -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@media.adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@banquepopulairecendrillon.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@bnpparibasnet.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@cetelem.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@cetelem.solution.weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@conforamalancementsite.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@intermarcheselection8avr19avr.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@lecoqsportif.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@lexusisf26mars15avril.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@samsung.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@searchmobile.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@searchmobile.solution.weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:34 2008-04-13
+ Résultat de l'analyse:
C:\Users\Damien\Desktop\mdelk.EXE -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\Windows\System32\config\systemprofile\Desktop\mdelk.EXE -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@media.adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@banquepopulairecendrillon.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@bnpparibasnet.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@cetelem.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@cetelem.solution.weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@conforamalancementsite.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@intermarcheselection8avr19avr.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@lecoqsportif.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@lexusisf26mars15avril.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@samsung.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@searchmobile.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@searchmobile.solution.weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Cookies\damien@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27, on 2008-04-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Damien\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Scan saved at 20:27, on 2008-04-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Damien\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
