Trojan-spy.Win32.keylogger.aa
eXon
-
eXon -
eXon -
Bonjour,
ayant eu le même problème que celui posté dans ce fil http://www.commentcamarche.net/forum/affich 8307834 trojan spy win32 keylogger aa ou greenscreen#0 , j'ai effectué les démarche qui y étaient recommandée et j'aurais aimé savoir si mon problème était réglé (vu que je suis un bille en info :o ) voici donc le rapport combo fix et hijackthis qui suivi.
ComboFix 08-09-12.06 - Valentin 2008-09-13 9:47:21.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2020 [GMT 2:00]
Lancé depuis: C:\Users\Valentin\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-13 au 2008-09-13 ))))))))))))))))))))))))))))))))))))
.
2008-09-12 23:51 . 2008-09-12 23:51 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Malwarebytes
2008-09-12 23:51 . 2008-09-12 23:51 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-12 23:51 . 2008-09-12 23:51 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-12 23:51 . 2008-09-12 23:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 23:51 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-12 23:51 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-12 23:24 . 2008-09-12 23:24 <REP> d-------- C:\Program Files\Alwil Software
2008-09-12 23:24 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-12 16:34 . 2008-09-12 16:36 <REP> d-------- C:\Users\All Users\Lavasoft
2008-09-12 16:34 . 2008-09-12 16:36 <REP> d-------- C:\ProgramData\Lavasoft
2008-09-12 16:34 . 2008-09-12 16:34 <REP> d-------- C:\Program Files\Lavasoft
2008-09-12 16:33 . 2008-09-12 16:33 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-12 15:51 . 2008-09-13 00:35 <REP> d-------- C:\Users\All Users\ChkAct
2008-09-12 15:51 . 2008-09-13 00:35 <REP> d-------- C:\ProgramData\ChkAct
2008-09-12 15:51 . 2008-09-12 15:51 <REP> d--h----- C:\$AVG8.VAULT$
2008-09-12 15:20 . 2008-09-13 00:35 <REP> d-------- C:\Users\All Users\fyvcxgve
2008-09-12 15:20 . 2008-09-13 00:35 <REP> d-------- C:\ProgramData\fyvcxgve
2008-09-10 21:12 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 21:12 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 21:12 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 21:12 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 21:12 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 21:12 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 21:12 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 21:12 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 21:12 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-08 15:34 . 2008-09-08 15:34 <REP> d-------- C:\Program Files\BitComet
2008-09-02 15:55 . 2008-09-08 15:09 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Azureus
2008-09-02 15:55 . 2008-09-02 15:55 <REP> d-------- C:\Users\All Users\Azureus
2008-09-02 15:55 . 2008-09-02 15:55 <REP> d-------- C:\ProgramData\Azureus
2008-09-02 15:54 . 2008-09-02 15:54 <REP> d-------- C:\Program Files\CCleaner
2008-09-02 15:53 . 2008-09-08 15:24 <REP> d-------- C:\Program Files\Azureus
2008-09-02 10:40 . 2008-09-12 22:55 <REP> d-------- C:\Windows\System32\drivers\Avg
2008-09-02 10:40 . 2008-09-02 10:40 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-02 10:40 . 2008-09-02 10:40 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-09-02 10:40 . 2008-09-02 10:40 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-01 11:42 . 2008-09-01 11:42 <REP> d-------- C:\Users\Valentin\AppData\Roaming\HP
2008-08-31 13:52 . 2008-08-31 13:52 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-29 15:25 . 2008-08-29 15:25 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-29 15:24 . 2008-08-29 15:24 <REP> d-------- C:\Program Files\iPod
2008-08-29 15:20 . 2008-08-29 15:20 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-29 15:11 . 2008-08-29 16:51 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Apple Computer
2008-08-29 15:11 . 2008-08-29 15:24 <REP> d-------- C:\Program Files\iTunes
2008-08-29 15:10 . 2008-08-29 15:24 <REP> d-------- C:\Users\All Users\Apple Computer
2008-08-29 15:10 . 2008-08-29 15:24 <REP> d-------- C:\ProgramData\Apple Computer
2008-08-29 15:10 . 2008-08-29 15:10 <REP> d-------- C:\Program Files\QuickTime
2008-08-29 15:10 . 2008-08-29 15:10 <REP> d-------- C:\Program Files\Bonjour
2008-08-29 15:09 . 2008-08-29 15:09 <REP> d-------- C:\Users\All Users\Apple
2008-08-29 15:09 . 2008-08-29 15:09 <REP> d-------- C:\ProgramData\Apple
2008-08-29 15:09 . 2008-08-29 15:09 <REP> d-------- C:\Program Files\Common Files\Apple
2008-08-28 18:23 . 2008-08-28 18:23 <REP> d-------- C:\Users\All Users\WEBREG
2008-08-28 18:23 . 2008-08-28 18:23 <REP> d-------- C:\ProgramData\WEBREG
2008-08-28 18:14 . 2008-08-28 18:14 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-08-28 18:14 . 2008-08-28 18:14 <REP> d-------- C:\ProgramData\Hewlett-Packard
2008-08-28 18:13 . 2008-08-28 18:13 <REP> d-------- C:\Users\Valentin\AppData\Roaming\HPAppData
2008-08-28 18:13 . 2008-08-28 18:13 <REP> d-------- C:\Users\All Users\HPSSUPPLY
2008-08-28 18:13 . 2008-08-28 18:13 <REP> d-------- C:\ProgramData\HPSSUPPLY
2008-08-28 18:12 . 2008-08-28 18:12 <REP> d-------- C:\Users\All Users\HP Product Assistant
2008-08-28 18:12 . 2008-08-28 18:12 <REP> d-------- C:\ProgramData\HP Product Assistant
2008-08-28 18:11 . 2008-08-28 18:11 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-08-28 18:11 . 2008-08-28 18:11 <REP> d-------- C:\Program Files\Common Files\HP
2008-08-28 18:11 . 2008-08-28 18:11 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-28 18:09 . 2008-08-28 18:13 <REP> d-------- C:\Program Files\HP
2008-08-28 18:09 . 2007-05-02 10:56 954,368 --a------ C:\Windows\System32\hpotiop5.dll
2008-08-28 18:09 . 2007-05-02 11:01 675,840 --a------ C:\Windows\System32\hpowiax5.dll
2008-08-28 18:09 . 2007-03-08 06:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-08-28 18:09 . 2007-03-08 06:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-08-28 18:09 . 2007-05-02 11:00 303,104 --a------ C:\Windows\System32\hpovst12.dll
2008-08-28 18:08 . 2008-08-28 18:15 <REP> d-------- C:\Users\All Users\HP
2008-08-28 18:08 . 2008-08-28 18:15 <REP> d-------- C:\ProgramData\HP
2008-08-28 18:08 . 2008-08-28 18:15 166,753 --a------ C:\Windows\hpoins21.dat
2008-08-26 18:18 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 18:18 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 18:18 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 18:18 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 18:17 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 18:17 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 18:17 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 18:17 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 18:17 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-22 10:22 . 2008-09-08 20:36 <REP> d-------- C:\Users\Valentin\AppData\Roaming\mIRC
2008-08-22 10:22 . 2008-08-22 10:22 <REP> d-------- C:\Program Files\mIRC
2008-08-14 14:30 . 2008-08-14 14:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-14 01:49 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 13:12 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 13:12 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 13:12 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 13:12 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 13:11 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 07:44 --------- d-----w C:\ProgramData\NVIDIA
2008-09-11 00:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 00:03 --------- d-----w C:\Program Files\Microsoft Works
2008-09-05 17:37 --------- d-----w C:\Users\Valentin\AppData\Roaming\Hamachi
2008-09-02 13:46 --------- d-----w C:\ProgramData\WLInstaller
2008-09-02 08:40 --------- d-----w C:\ProgramData\avg8
2008-08-13 23:48 --------- d-----w C:\Program Files\Windows Mail
2008-08-04 18:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 18:31 --------- d-----w C:\Program Files\Call of Duty 4
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 15:57 152 ----a-w C:\Users\Valentin\AppData\Roaming\wklnhst.dat
2008-07-25 15:57 --------- d-----w C:\Users\Valentin\AppData\Roaming\Template
2008-07-24 10:25 --------- d-----w C:\Users\Valentin\AppData\Roaming\vlc
2008-07-24 09:43 --------- d-----w C:\Program Files\VideoLAN
2008-07-23 13:11 --------- d-----w C:\Users\Valentin\AppData\Roaming\DivX
2008-07-23 13:11 --------- d-----w C:\Program Files\DivX
2008-07-23 13:11 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-08 18:38 174 --sha-w C:\Program Files\desktop.ini
2008-07-08 17:33 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-08 17:33 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-01 08:40 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-01 08:40 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-01 08:40 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-01 08:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-01 08:40 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-01 08:40 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-01 08:40 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-01 08:40 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-01 08:40 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-01 08:40 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-01 08:40 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-01 08:39 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-01 08:39 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-01 08:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-01 08:38 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-01 08:38 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-01 08:37 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-07-01 08:37 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-06-30 09:08 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2008-06-30 09:07 81,920 ----a-w C:\Windows\System32\W32N50.DLL
2008-06-30 09:07 17,134 ----a-w C:\Windows\System32\PCANDIS5.SYS
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-12-07 196128]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-02 1177368]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-12-03 535336]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-06-30 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C1A94978-9C4A-44D9-85CC-976E4B256685}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17250F27-816F-4293-8E80-6C4A899E07AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB9E81CD-E999-4D30-9431-905A8CDF3057}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{FDE3C5A9-20A2-4666-80CD-094CBF37C993}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{2ED47240-F206-4606-8CDA-2F141807082E}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{BA7F183C-0260-4659-8C57-3CF842FF30AA}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F61E8216-CE21-44D7-A083-8FD9EF88C629}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{BF0CA79C-7413-4F0F-9748-2C0D248E81FE}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{0AD08F8E-B3ED-46FC-B87C-7A84EEA9A857}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{94D8628D-A4BF-41B1-99F3-A382E5C2B1FC}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{8E9E4F5B-7E34-495F-811A-0B30930FB416}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A87FBDE7-2BE5-45FB-BC46-D13D07BCFF4D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D6C34808-90D7-4DEF-9866-FF75DCF0F450}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{17AA77FF-3423-4114-9E70-D4312695AAFE}J:\\warcraft iii\\war3.exe"= UDP:J:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{D92ED4C3-D7D0-431B-AFDD-E04FE68D5A96}J:\\warcraft iii\\war3.exe"= TCP:J:\warcraft iii\war3.exe:Warcraft III
"TCP Query User{C8A5EE33-1DA3-4271-9A0B-13A60962D099}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{FD03109C-45A5-458A-AD19-9817A8D73AF0}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{98F1C717-F5A9-4880-9FAE-68B222345F67}C:\\program files\\call of duty 4\\iw3mphamachi 1.6.exe"= UDP:C:\program files\call of duty 4\iw3mphamachi 1.6.exe:iw3mpHAMACHI 1.6
"UDP Query User{4FE37647-5143-4132-A465-C51BC7DBD59C}C:\\program files\\call of duty 4\\iw3mphamachi 1.6.exe"= TCP:C:\program files\call of duty 4\iw3mphamachi 1.6.exe:iw3mpHAMACHI 1.6
"{91A3D88D-7C78-48E3-A06E-D4DA2D84A4F4}"= UDP:C:\Program Files\Call of Duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B9A5341A-4787-4BF8-9003-2CD38DD0B686}"= TCP:C:\Program Files\Call of Duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7A409A5C-2460-4FDC-A91F-C24B4EC817D4}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{E4A5FAC6-FFD6-476C-8271-77B90EA9CA0F}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{118770E4-2070-4B3D-8DF6-B6F0D14C2446}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{9FB2F790-F64C-4867-BDB6-D5B4F585A5C0}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"{1D0167EC-1858-4BB2-8BA4-DCABCE1DDB45}"= Disabled:UDP:E:\setup\HPZNUI01.EXE:hpznui01.exe
"{F385599C-E0F3-4CCF-AF89-86C7BD3A7D32}"= Disabled:TCP:E:\setup\HPZNUI01.EXE:hpznui01.exe
"{89703420-F0E7-41DB-AC66-85AC9125CDE7}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{08B44414-E2EF-42BA-9973-921FB491D3FF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{9E9357BF-80D4-40DE-A343-D3BF2FFA997F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{72BB8474-9615-4705-86BF-1AD343A61322}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{521E75B6-F72F-42E1-930C-B8973C529E9D}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{5132017E-C64B-456D-9600-798C9DBD606C}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{80EDF24E-5840-4C04-9D89-A76121CBF18B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{CF799511-FAE3-4735-B126-9B68C6CB65DC}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{22576EE0-B785-458B-AF2E-D2DFE8C13854}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{F5EC4559-E405-4000-887B-3745EC85E609}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{4B72094F-E2F5-434E-9D06-9A7EE6A7283A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{5819D772-F76D-41BE-AA3E-9609F89A48AB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{CDDDE72E-EA36-4233-AED9-BE8272323D7C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{8CB0B8E5-70FE-4474-9A21-930C084809A1}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{97BD48B4-A9AA-4FD0-9E50-37182B7DCF61}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{11541CB0-03F7-4C0E-B5D5-8D65CC222B4E}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{00E5FF4E-6402-467F-B439-A44E31E6744C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{306C825F-CA46-4666-BE62-903D6E24F5DF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{C46CF8A6-84D9-4130-9D9C-AA5C71FE1619}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{3BFB4FEA-1FAF-4EEC-A339-3B6BB074A920}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{90C51FAD-FBB6-4930-B46C-9A7205BC8B88}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CA983F96-7EE1-4F98-A769-37F7A8552AD5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{110DD572-9F6A-40B5-A7B5-E2BE33A23C54}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F8D65B90-868E-48BE-BF2F-0D05AA827537}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{83BDAFC6-1E12-4897-B8CD-ED3A129AF0E6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A53A10E0-183D-4931-8F16-B35963C0D518}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{C85B4C2F-E568-479E-B9CE-7B3489265952}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{7FDB8B86-1B5C-484C-8369-A5177B808070}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{6BBB1833-3706-45A1-B1E5-58A7DEF552BF}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8D338AA6-7C60-4844-8AA8-439CD78B92E7}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{52AB4D7A-BEFF-4C77-B670-9EFB3C95D343}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{9FEF8F09-D333-4F12-903A-CC19F56084F9}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-02 96520]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 902424]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 282904]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-02 67080]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 217600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a0166fe-eb3e-11dc-b459-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
\shell\directx\command - E:\DirectX9\dxsetup.exe
\shell\setup\command - E:\install.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKLM-Run-Apanel - C:\ACERSW\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Valentin\AppData\Roaming\Mozilla\Firefox\Profiles\dpica6nj.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 09:49:20
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-13 9:50:35
ComboFix-quarantined-files.txt 2008-09-13 07:50:32
Avant-CF: 66,610,581,504 octets libres
Après-CF: 66,649,194,496 octets libres
304 --- E O F --- 2008-09-13 00:10:45
ayant eu le même problème que celui posté dans ce fil http://www.commentcamarche.net/forum/affich 8307834 trojan spy win32 keylogger aa ou greenscreen#0 , j'ai effectué les démarche qui y étaient recommandée et j'aurais aimé savoir si mon problème était réglé (vu que je suis un bille en info :o ) voici donc le rapport combo fix et hijackthis qui suivi.
ComboFix 08-09-12.06 - Valentin 2008-09-13 9:47:21.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2020 [GMT 2:00]
Lancé depuis: C:\Users\Valentin\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-13 au 2008-09-13 ))))))))))))))))))))))))))))))))))))
.
2008-09-12 23:51 . 2008-09-12 23:51 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Malwarebytes
2008-09-12 23:51 . 2008-09-12 23:51 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-12 23:51 . 2008-09-12 23:51 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-12 23:51 . 2008-09-12 23:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 23:51 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-12 23:51 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-12 23:24 . 2008-09-12 23:24 <REP> d-------- C:\Program Files\Alwil Software
2008-09-12 23:24 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-12 16:34 . 2008-09-12 16:36 <REP> d-------- C:\Users\All Users\Lavasoft
2008-09-12 16:34 . 2008-09-12 16:36 <REP> d-------- C:\ProgramData\Lavasoft
2008-09-12 16:34 . 2008-09-12 16:34 <REP> d-------- C:\Program Files\Lavasoft
2008-09-12 16:33 . 2008-09-12 16:33 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-12 15:51 . 2008-09-13 00:35 <REP> d-------- C:\Users\All Users\ChkAct
2008-09-12 15:51 . 2008-09-13 00:35 <REP> d-------- C:\ProgramData\ChkAct
2008-09-12 15:51 . 2008-09-12 15:51 <REP> d--h----- C:\$AVG8.VAULT$
2008-09-12 15:20 . 2008-09-13 00:35 <REP> d-------- C:\Users\All Users\fyvcxgve
2008-09-12 15:20 . 2008-09-13 00:35 <REP> d-------- C:\ProgramData\fyvcxgve
2008-09-10 21:12 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 21:12 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 21:12 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 21:12 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 21:12 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 21:12 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 21:12 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 21:12 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 21:12 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-08 15:34 . 2008-09-08 15:34 <REP> d-------- C:\Program Files\BitComet
2008-09-02 15:55 . 2008-09-08 15:09 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Azureus
2008-09-02 15:55 . 2008-09-02 15:55 <REP> d-------- C:\Users\All Users\Azureus
2008-09-02 15:55 . 2008-09-02 15:55 <REP> d-------- C:\ProgramData\Azureus
2008-09-02 15:54 . 2008-09-02 15:54 <REP> d-------- C:\Program Files\CCleaner
2008-09-02 15:53 . 2008-09-08 15:24 <REP> d-------- C:\Program Files\Azureus
2008-09-02 10:40 . 2008-09-12 22:55 <REP> d-------- C:\Windows\System32\drivers\Avg
2008-09-02 10:40 . 2008-09-02 10:40 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-02 10:40 . 2008-09-02 10:40 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-09-02 10:40 . 2008-09-02 10:40 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-01 11:42 . 2008-09-01 11:42 <REP> d-------- C:\Users\Valentin\AppData\Roaming\HP
2008-08-31 13:52 . 2008-08-31 13:52 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-29 15:25 . 2008-08-29 15:25 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-29 15:24 . 2008-08-29 15:24 <REP> d-------- C:\Program Files\iPod
2008-08-29 15:20 . 2008-08-29 15:20 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-29 15:11 . 2008-08-29 16:51 <REP> d-------- C:\Users\Valentin\AppData\Roaming\Apple Computer
2008-08-29 15:11 . 2008-08-29 15:24 <REP> d-------- C:\Program Files\iTunes
2008-08-29 15:10 . 2008-08-29 15:24 <REP> d-------- C:\Users\All Users\Apple Computer
2008-08-29 15:10 . 2008-08-29 15:24 <REP> d-------- C:\ProgramData\Apple Computer
2008-08-29 15:10 . 2008-08-29 15:10 <REP> d-------- C:\Program Files\QuickTime
2008-08-29 15:10 . 2008-08-29 15:10 <REP> d-------- C:\Program Files\Bonjour
2008-08-29 15:09 . 2008-08-29 15:09 <REP> d-------- C:\Users\All Users\Apple
2008-08-29 15:09 . 2008-08-29 15:09 <REP> d-------- C:\ProgramData\Apple
2008-08-29 15:09 . 2008-08-29 15:09 <REP> d-------- C:\Program Files\Common Files\Apple
2008-08-28 18:23 . 2008-08-28 18:23 <REP> d-------- C:\Users\All Users\WEBREG
2008-08-28 18:23 . 2008-08-28 18:23 <REP> d-------- C:\ProgramData\WEBREG
2008-08-28 18:14 . 2008-08-28 18:14 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-08-28 18:14 . 2008-08-28 18:14 <REP> d-------- C:\ProgramData\Hewlett-Packard
2008-08-28 18:13 . 2008-08-28 18:13 <REP> d-------- C:\Users\Valentin\AppData\Roaming\HPAppData
2008-08-28 18:13 . 2008-08-28 18:13 <REP> d-------- C:\Users\All Users\HPSSUPPLY
2008-08-28 18:13 . 2008-08-28 18:13 <REP> d-------- C:\ProgramData\HPSSUPPLY
2008-08-28 18:12 . 2008-08-28 18:12 <REP> d-------- C:\Users\All Users\HP Product Assistant
2008-08-28 18:12 . 2008-08-28 18:12 <REP> d-------- C:\ProgramData\HP Product Assistant
2008-08-28 18:11 . 2008-08-28 18:11 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-08-28 18:11 . 2008-08-28 18:11 <REP> d-------- C:\Program Files\Common Files\HP
2008-08-28 18:11 . 2008-08-28 18:11 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-28 18:09 . 2008-08-28 18:13 <REP> d-------- C:\Program Files\HP
2008-08-28 18:09 . 2007-05-02 10:56 954,368 --a------ C:\Windows\System32\hpotiop5.dll
2008-08-28 18:09 . 2007-05-02 11:01 675,840 --a------ C:\Windows\System32\hpowiax5.dll
2008-08-28 18:09 . 2007-03-08 06:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-08-28 18:09 . 2007-03-08 06:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-08-28 18:09 . 2007-05-02 11:00 303,104 --a------ C:\Windows\System32\hpovst12.dll
2008-08-28 18:08 . 2008-08-28 18:15 <REP> d-------- C:\Users\All Users\HP
2008-08-28 18:08 . 2008-08-28 18:15 <REP> d-------- C:\ProgramData\HP
2008-08-28 18:08 . 2008-08-28 18:15 166,753 --a------ C:\Windows\hpoins21.dat
2008-08-26 18:18 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 18:18 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 18:18 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 18:18 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 18:17 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 18:17 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 18:17 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 18:17 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 18:17 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-22 10:22 . 2008-09-08 20:36 <REP> d-------- C:\Users\Valentin\AppData\Roaming\mIRC
2008-08-22 10:22 . 2008-08-22 10:22 <REP> d-------- C:\Program Files\mIRC
2008-08-14 14:30 . 2008-08-14 14:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-14 01:49 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 13:12 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 13:12 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 13:12 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 13:12 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 13:11 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 07:44 --------- d-----w C:\ProgramData\NVIDIA
2008-09-11 00:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 00:03 --------- d-----w C:\Program Files\Microsoft Works
2008-09-05 17:37 --------- d-----w C:\Users\Valentin\AppData\Roaming\Hamachi
2008-09-02 13:46 --------- d-----w C:\ProgramData\WLInstaller
2008-09-02 08:40 --------- d-----w C:\ProgramData\avg8
2008-08-13 23:48 --------- d-----w C:\Program Files\Windows Mail
2008-08-04 18:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 18:31 --------- d-----w C:\Program Files\Call of Duty 4
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 15:57 152 ----a-w C:\Users\Valentin\AppData\Roaming\wklnhst.dat
2008-07-25 15:57 --------- d-----w C:\Users\Valentin\AppData\Roaming\Template
2008-07-24 10:25 --------- d-----w C:\Users\Valentin\AppData\Roaming\vlc
2008-07-24 09:43 --------- d-----w C:\Program Files\VideoLAN
2008-07-23 13:11 --------- d-----w C:\Users\Valentin\AppData\Roaming\DivX
2008-07-23 13:11 --------- d-----w C:\Program Files\DivX
2008-07-23 13:11 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-08 18:38 174 --sha-w C:\Program Files\desktop.ini
2008-07-08 17:33 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-08 17:33 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-01 08:40 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-01 08:40 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-01 08:40 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-01 08:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-01 08:40 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-01 08:40 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-01 08:40 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-01 08:40 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-01 08:40 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-01 08:40 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-01 08:40 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-01 08:39 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-01 08:39 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-01 08:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-01 08:38 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-01 08:38 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-01 08:37 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-07-01 08:37 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-06-30 09:08 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2008-06-30 09:07 81,920 ----a-w C:\Windows\System32\W32N50.DLL
2008-06-30 09:07 17,134 ----a-w C:\Windows\System32\PCANDIS5.SYS
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-12-07 196128]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-02 1177368]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-12-03 535336]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-06-30 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C1A94978-9C4A-44D9-85CC-976E4B256685}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17250F27-816F-4293-8E80-6C4A899E07AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB9E81CD-E999-4D30-9431-905A8CDF3057}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{FDE3C5A9-20A2-4666-80CD-094CBF37C993}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{2ED47240-F206-4606-8CDA-2F141807082E}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{BA7F183C-0260-4659-8C57-3CF842FF30AA}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F61E8216-CE21-44D7-A083-8FD9EF88C629}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{BF0CA79C-7413-4F0F-9748-2C0D248E81FE}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{0AD08F8E-B3ED-46FC-B87C-7A84EEA9A857}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{94D8628D-A4BF-41B1-99F3-A382E5C2B1FC}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{8E9E4F5B-7E34-495F-811A-0B30930FB416}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A87FBDE7-2BE5-45FB-BC46-D13D07BCFF4D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D6C34808-90D7-4DEF-9866-FF75DCF0F450}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{17AA77FF-3423-4114-9E70-D4312695AAFE}J:\\warcraft iii\\war3.exe"= UDP:J:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{D92ED4C3-D7D0-431B-AFDD-E04FE68D5A96}J:\\warcraft iii\\war3.exe"= TCP:J:\warcraft iii\war3.exe:Warcraft III
"TCP Query User{C8A5EE33-1DA3-4271-9A0B-13A60962D099}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{FD03109C-45A5-458A-AD19-9817A8D73AF0}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{98F1C717-F5A9-4880-9FAE-68B222345F67}C:\\program files\\call of duty 4\\iw3mphamachi 1.6.exe"= UDP:C:\program files\call of duty 4\iw3mphamachi 1.6.exe:iw3mpHAMACHI 1.6
"UDP Query User{4FE37647-5143-4132-A465-C51BC7DBD59C}C:\\program files\\call of duty 4\\iw3mphamachi 1.6.exe"= TCP:C:\program files\call of duty 4\iw3mphamachi 1.6.exe:iw3mpHAMACHI 1.6
"{91A3D88D-7C78-48E3-A06E-D4DA2D84A4F4}"= UDP:C:\Program Files\Call of Duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B9A5341A-4787-4BF8-9003-2CD38DD0B686}"= TCP:C:\Program Files\Call of Duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7A409A5C-2460-4FDC-A91F-C24B4EC817D4}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{E4A5FAC6-FFD6-476C-8271-77B90EA9CA0F}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{118770E4-2070-4B3D-8DF6-B6F0D14C2446}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{9FB2F790-F64C-4867-BDB6-D5B4F585A5C0}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"{1D0167EC-1858-4BB2-8BA4-DCABCE1DDB45}"= Disabled:UDP:E:\setup\HPZNUI01.EXE:hpznui01.exe
"{F385599C-E0F3-4CCF-AF89-86C7BD3A7D32}"= Disabled:TCP:E:\setup\HPZNUI01.EXE:hpznui01.exe
"{89703420-F0E7-41DB-AC66-85AC9125CDE7}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{08B44414-E2EF-42BA-9973-921FB491D3FF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{9E9357BF-80D4-40DE-A343-D3BF2FFA997F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{72BB8474-9615-4705-86BF-1AD343A61322}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{521E75B6-F72F-42E1-930C-B8973C529E9D}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{5132017E-C64B-456D-9600-798C9DBD606C}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{80EDF24E-5840-4C04-9D89-A76121CBF18B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{CF799511-FAE3-4735-B126-9B68C6CB65DC}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{22576EE0-B785-458B-AF2E-D2DFE8C13854}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{F5EC4559-E405-4000-887B-3745EC85E609}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{4B72094F-E2F5-434E-9D06-9A7EE6A7283A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{5819D772-F76D-41BE-AA3E-9609F89A48AB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{CDDDE72E-EA36-4233-AED9-BE8272323D7C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{8CB0B8E5-70FE-4474-9A21-930C084809A1}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{97BD48B4-A9AA-4FD0-9E50-37182B7DCF61}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{11541CB0-03F7-4C0E-B5D5-8D65CC222B4E}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{00E5FF4E-6402-467F-B439-A44E31E6744C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{306C825F-CA46-4666-BE62-903D6E24F5DF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{C46CF8A6-84D9-4130-9D9C-AA5C71FE1619}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{3BFB4FEA-1FAF-4EEC-A339-3B6BB074A920}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{90C51FAD-FBB6-4930-B46C-9A7205BC8B88}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CA983F96-7EE1-4F98-A769-37F7A8552AD5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{110DD572-9F6A-40B5-A7B5-E2BE33A23C54}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F8D65B90-868E-48BE-BF2F-0D05AA827537}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{83BDAFC6-1E12-4897-B8CD-ED3A129AF0E6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A53A10E0-183D-4931-8F16-B35963C0D518}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{C85B4C2F-E568-479E-B9CE-7B3489265952}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{7FDB8B86-1B5C-484C-8369-A5177B808070}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{6BBB1833-3706-45A1-B1E5-58A7DEF552BF}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8D338AA6-7C60-4844-8AA8-439CD78B92E7}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{52AB4D7A-BEFF-4C77-B670-9EFB3C95D343}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{9FEF8F09-D333-4F12-903A-CC19F56084F9}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-02 96520]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 902424]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 282904]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-02 67080]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 217600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a0166fe-eb3e-11dc-b459-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
\shell\directx\command - E:\DirectX9\dxsetup.exe
\shell\setup\command - E:\install.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKLM-Run-Apanel - C:\ACERSW\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Valentin\AppData\Roaming\Mozilla\Firefox\Profiles\dpica6nj.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 09:49:20
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-13 9:50:35
ComboFix-quarantined-files.txt 2008-09-13 07:50:32
Avant-CF: 66,610,581,504 octets libres
Après-CF: 66,649,194,496 octets libres
304 --- E O F --- 2008-09-13 00:10:45
A voir également:
- Trojan-spy.Win32.keylogger.aa
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan al11 ✓ - Forum Virus
- Trojan impossible à supprimer! ✓ - Forum Virus
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan win32 - Forum Virus
2 réponses
et voici le rapport hikackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:30, on 13/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Valentin\Desktop\scanfile.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:30, on 13/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Valentin\Desktop\scanfile.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
