Nettoyer virus sans perdre fichier?? HELP
duffer2205
Messages postés
2
Statut
Membre
-
sKe69 Messages postés 21955 Statut Contributeur sécurité -
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
Mon memory stick USB a ete infecte par un virus (type win32.trojan) lors de mon recent sejour en Inde.
Toutes mes photos de voyage se trouvent dessus et ont donc ete infecte.
Comment faire pour nettoyer ce virus sans perdre mes photos?
Mon anti virus est AVG 8.0.
De plus n'est t'il pas dangereux pour moi de mettre ma clef USB sur mon PC alors que celle ci est infectee?
Toute aide sera plus que bienvenue.
Cordialement
Frank
Mon memory stick USB a ete infecte par un virus (type win32.trojan) lors de mon recent sejour en Inde.
Toutes mes photos de voyage se trouvent dessus et ont donc ete infecte.
Comment faire pour nettoyer ce virus sans perdre mes photos?
Mon anti virus est AVG 8.0.
De plus n'est t'il pas dangereux pour moi de mettre ma clef USB sur mon PC alors que celle ci est infectee?
Toute aide sera plus que bienvenue.
Cordialement
Frank
A voir également:
- Nettoyer virus sans perdre fichier?? HELP
- Nettoyer ordinateur portable lent - Guide
- Fichier bin - Guide
- Fichier epub - Guide
- Nettoyer son mac - Guide
- Fichier rar - Guide
11 réponses
Ben essye de metre malawarebyte sur ton ordi apres avoir brancher ta prise usb puis scan personnaliser dans l'usb est voila ..Rien de plus compliquer franky .salut
bonjour ,
là est le gros problème que si tu la met sur ton pc , tu va sans aucun doute charger le virus avec !
là est le gros problème que si tu la met sur ton pc , tu va sans aucun doute charger le virus avec !
Oui s'est clair mais je pense que de toute facon il na pas le choix ?Si se n'est pas le cas je suis la pour apprendre alors continuez et excusez moi si je ne fait que l'enfoncer (Mais bon Mbam etait relativement performant cela te tuera personne si il a 2 min le virus ,au pire il debrance sa conexion internet puis fait sa )non??
même , mais quand il va faire le transfert de ses fichiers , il va transférer le virus avec !
parce que où se trouve t'il , dans quel fichier est-il dans sa clé ? ?
mystère ? ?
parce que où se trouve t'il , dans quel fichier est-il dans sa clé ? ?
mystère ? ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut,
On va s'en occuper ... ^^
dans l'ordre :
1- protocole à suivre pour Windows Vista :
*Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :
Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
* Important :
Pour installer ou pour lancer les outils, que tu utiliseras au court de la désinfection, fais toujours ainsi :
clique DROIT ( sur le setup d'installe ou l'outil ) -> choisis " Exécuter entant qu'administrateur " .
Fais ce-ci systématiquement ! ...
une fois ceci fait et pris en compte , commence par ce qui suit :
2- branche physiquement ta mémory stick infecté sur ton PC à l'endroit habituel mais sans l'ouvrir ! C.a.d ne l'ouvre pas avec le poste de travail , si une fenêtre s'ouvre t'indiquant qu'un élément est connecté à ton PC ect . tu la fermes !
3- Télécharge et installe le logiciel HijackThis :
ici HijackThis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( ne lance pas ce prg pour l'instant et fais la suite ... )
4- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
On va s'en occuper ... ^^
dans l'ordre :
1- protocole à suivre pour Windows Vista :
*Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :
Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
* Important :
Pour installer ou pour lancer les outils, que tu utiliseras au court de la désinfection, fais toujours ainsi :
clique DROIT ( sur le setup d'installe ou l'outil ) -> choisis " Exécuter entant qu'administrateur " .
Fais ce-ci systématiquement ! ...
une fois ceci fait et pris en compte , commence par ce qui suit :
2- branche physiquement ta mémory stick infecté sur ton PC à l'endroit habituel mais sans l'ouvrir ! C.a.d ne l'ouvre pas avec le poste de travail , si une fenêtre s'ouvre t'indiquant qu'un élément est connecté à ton PC ect . tu la fermes !
3- Télécharge et installe le logiciel HijackThis :
ici HijackThis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( ne lance pas ce prg pour l'instant et fais la suite ... )
4- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Merci beaucoup,
Voila le premier rapport:
-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
3ivx D4 4.5.1 Decoder (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.EXE" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Advanced System Optimizer 2.01-->"C:\Program Files\Advanced System Optimizer\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Kahuna Reef 2-->"C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
ccPublisher-->C:\Program Files\ccPublisher\uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD-lab PRO 2.5-->"C:\Program Files\DVDlabPro2\unins000.exe"
Dynasty-->"C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EphPod-->C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
FreeAgent Pro Tools-->C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
Gimp 2.6.1-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gears-->MsiExec.exe /I{A45BDB01-7BE4-3F3C-A02F-317D07F4C436}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Video Uploader-->"C:\Program Files\Google Video\Uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImTOO MPEG Encoder Standard-->C:\Program Files\ImTOO\MPEG Encoder Standard\Uninstall.exe
Intel® Turbo Memory and Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
ISO Recorder-->MsiExec.exe /I{0F6A7971-0F11-4A79-A0E9-133D0963A570}
ISO Recorder-->MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Prime Suspects-->"C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst-->"C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Orion-->MsiExec.exe /X{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}
PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Safari-->MsiExec.exe /I{34F85A4D-03CC-428A-80A4-880228646518}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SonicWALL SSL-VPN NetExtender-->C:\Program Files\SonicWALL\SSL-VPN\NetExtender\uninst.exe
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Treasures of the Deep-->"C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.4.0.1-->C:\Program Files\TVUPlayer\uninst.exe
Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x040c
Veetle TV Player 0.9.9-->C:\Program Files\Veetle\VLC\uninstall.exe
Veetle TV Player 0.9.9-->C:\Windows\UninstVeetleTVPlayer.exe
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox-->"C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wdlii89o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Winbond CIR Drivers-->MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\common\unyt.exe
YouTube Uploader-->MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}
Zattoo 3.2.0 Beta-->C:\Program Files\Zattoo\uninst.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Internet Security
FW: AVG Firewall
AS: SpywareBot
AS: AVG Internet Security (disabled)
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender (disabled)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
Voila le premier rapport:
-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
3ivx D4 4.5.1 Decoder (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.EXE" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Advanced System Optimizer 2.01-->"C:\Program Files\Advanced System Optimizer\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Kahuna Reef 2-->"C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
ccPublisher-->C:\Program Files\ccPublisher\uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD-lab PRO 2.5-->"C:\Program Files\DVDlabPro2\unins000.exe"
Dynasty-->"C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EphPod-->C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
FreeAgent Pro Tools-->C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
Gimp 2.6.1-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gears-->MsiExec.exe /I{A45BDB01-7BE4-3F3C-A02F-317D07F4C436}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Video Uploader-->"C:\Program Files\Google Video\Uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImTOO MPEG Encoder Standard-->C:\Program Files\ImTOO\MPEG Encoder Standard\Uninstall.exe
Intel® Turbo Memory and Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
ISO Recorder-->MsiExec.exe /I{0F6A7971-0F11-4A79-A0E9-133D0963A570}
ISO Recorder-->MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Prime Suspects-->"C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst-->"C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Orion-->MsiExec.exe /X{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}
PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Safari-->MsiExec.exe /I{34F85A4D-03CC-428A-80A4-880228646518}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SonicWALL SSL-VPN NetExtender-->C:\Program Files\SonicWALL\SSL-VPN\NetExtender\uninst.exe
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Treasures of the Deep-->"C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.4.0.1-->C:\Program Files\TVUPlayer\uninst.exe
Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x040c
Veetle TV Player 0.9.9-->C:\Program Files\Veetle\VLC\uninstall.exe
Veetle TV Player 0.9.9-->C:\Windows\UninstVeetleTVPlayer.exe
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox-->"C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wdlii89o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Winbond CIR Drivers-->MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\common\unyt.exe
YouTube Uploader-->MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}
Zattoo 3.2.0 Beta-->C:\Program Files\Zattoo\uninst.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Internet Security
FW: AVG Firewall
AS: SpywareBot
AS: AVG Internet Security (disabled)
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender (disabled)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
et le 2ieme:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Frank at 2008-11-26 10:21:21
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 68 GB (60%) free of 114 GB
Total RAM: 2046 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:43, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Frank\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Users\Frank\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Frank.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*https://uk.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*https://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://webvpn.acis.com/NELX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c91444a41e8ccd) (gupdate1c91444a41e8ccd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of random's system information tool 1.04 (written by random/random)
Run by Frank at 2008-11-26 10:21:21
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 68 GB (60%) free of 114 GB
Total RAM: 2046 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:43, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Frank\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Users\Frank\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Frank.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*https://uk.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*https://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://webvpn.acis.com/NELX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c91444a41e8ccd) (gupdate1c91444a41e8ccd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Bien ...
fais ceci :
1- Télécharge UsbFix ( de Chiquitine29 et Chimay8 ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
! Déconnecte toi d'internet et ferme toutes applications en cours !
--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .
Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés, ainsi que les CD et DVD rom dont tu te sers éventuellement le plus souvent ( mais sans les ouvrir ! ) .
--> Double-clique sur le raccourci "UsbFix" qui est sur ton bureau pour lancer l'outil :
* Tape sur 1 ( option " nettoyage " ) puis sur [entrée] et suis les instructions ...
--> Le pc va redémarrer ... laisse travailler l'outil et ne touche à rien ...
( Note : pour les unités externes non utlisées, clique sur "continuer" lors du message d'avertissement )
--> Une fois de retour à ton bureau , attends le message de fin du nettoyage ,
puis appuie sur une touche pour que le rapport "UsbFix.txt" s'affiche .
Fais un copier/coller de son contenu dans ta prochaine réponse pour analyse et attends la suite ....
( Note : le rapport UsbFix.txt est sauvegardé a la racine du disque dur > C:\UsbFix.txt )
PS : Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tape explorer.exe et valides .
2- refais un nouveau scan RSIT et poste le rapport "log.txt" obtenu et attends la suite ....
fais ceci :
1- Télécharge UsbFix ( de Chiquitine29 et Chimay8 ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
! Déconnecte toi d'internet et ferme toutes applications en cours !
--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .
Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés, ainsi que les CD et DVD rom dont tu te sers éventuellement le plus souvent ( mais sans les ouvrir ! ) .
--> Double-clique sur le raccourci "UsbFix" qui est sur ton bureau pour lancer l'outil :
* Tape sur 1 ( option " nettoyage " ) puis sur [entrée] et suis les instructions ...
--> Le pc va redémarrer ... laisse travailler l'outil et ne touche à rien ...
( Note : pour les unités externes non utlisées, clique sur "continuer" lors du message d'avertissement )
--> Une fois de retour à ton bureau , attends le message de fin du nettoyage ,
puis appuie sur une touche pour que le rapport "UsbFix.txt" s'affiche .
Fais un copier/coller de son contenu dans ta prochaine réponse pour analyse et attends la suite ....
( Note : le rapport UsbFix.txt est sauvegardé a la racine du disque dur > C:\UsbFix.txt )
PS : Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tape explorer.exe et valides .
2- refais un nouveau scan RSIT et poste le rapport "log.txt" obtenu et attends la suite ....
Merci encore.
Le rapport USBfix
-------------- UsbFix V2.413.1 ---------------
* User : Frank - FRANK-PC
* Outils mis a jours le 24/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:59:32 le 26/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\LxrSII1s.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Frank\AppData\Local\Temp\5466.tmp\b2e.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
--------------- [ Informations lecteurs ] ----------------
C: - Fixed Drive
D: - Fixed Drive
E: - Removable Drive
+- Contenu de l'autorun : E:\autorun.inf
[autorun]
open = advirs.exe
;shell\open=Open(&O)
Shell\open\command = advirs.exe
Shell\open\Default = 1
;shell\explore=Manager(&X)
Shell\Explore\command = advirs.exe
Shell\Explore\command = advirs.exe
;timeout=30
;default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
;[operating systems]
;multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
;timeout=30
;default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
;[operating systems]
;multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
--------------- [ Lecteur C ] ----------------
C: - Fixed Drive
+- Listing des fichiers présents :
[18/09/2006 21:43][--a------] C:\autoexec.bat
[16/08/2005 15:49][---------] C:\junction.exe
[28/09/2007 15:59][--a------] C:\Medion.ini
[28/09/2007 15:56][--a------] C:\Partition.txt
[28/09/2007 15:56][--a------] C:\UsbFix.txt
[18/09/2006 21:43][--a------] C:\config.sys
[18/09/2006 21:43][--a------] C:\hiberfil.sys
[18/09/2006 21:43][--a------] C:\IO.SYS
[18/09/2006 21:43][--a------] C:\MSDOS.SYS
[18/09/2006 21:43][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Fixed Drive
+- Listing des fichiers présents :
--------------- [ Lecteur E ] ----------------
E: - Removable Drive
+- Listing des fichiers présents :
[11/03/2008 11:56][-r-hs----] E:\b.com
[02/04/2001 03:49][--a------] E:\Conversor.exe
[02/04/2001 03:49][--a------] E:\New Folder(2).exe
[02/04/2001 03:49][--a------] E:\ADVIRS.exe
[02/10/2008 21:48][--a------] E:\pmp_usb.ini
[27/05/2008 23:00][-rahs----] E:\autorun.inf
[10/02/2007 16:29][--a------] E:\Mumbai .scr
[10/02/2007 16:29][--a------] E:\Ahmenabad .scr
[04/10/2008 14:15][--a------] E:\saedulead.txt
[10/02/2007 16:29][--a------] E:\Mumbai .scr
[10/02/2007 16:29][--a------] E:\Ahmenabad .scr
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SEARCH PAGE"="http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*https://uk.yahoo.com/"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder=
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
Systweak Ad and Popup Blocker="C:\Program Files\Advanced System Optimizer\adblock.exe"
swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch=C:\Acer\ALaunch\AlaunchClient.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio="C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour=
RtHDVCpl=RtHDVCpl.exe
PLFSet=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
eRecoveryService=
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
IaNvSrv=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
MSConfig="C:\Windows\System32\msconfig.exe" /auto
AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
UVS11 Preload=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
LManager=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
SonicWALLNetExtender=C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27f48d47-2a53-11dd-a55f-ee24ab22b324}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27f48d47-2a53-11dd-a55f-ee24ab22b324}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27f48d47-2a53-11dd-a55f-ee24ab22b324}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d43e9b1-db37-11dc-8820-cc625755d224}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{688a123f-1d97-11dd-91b1-d0e83136f724}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{688a123f-1d97-11dd-91b1-d0e83136f724}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{688a123f-1d97-11dd-91b1-d0e83136f724}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b0b2ecd-5ff4-11dd-bcea-000000000000}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - C:\Users\Frank\AppData\Local\Temp\Temp1_ WinRAR 3.30 + Key + Crack.zip
Supprimé ! - C:\Users\Frank\AppData\Local\Temp\Temp1_ WinRAR 3.30 + Key + Crack.zip\IsoBuster.Professional.v1.7.0.0-ROR
E:\autorun.inf ~> fichier appelé : "E:\ advirs.exe" ( absent ! )
Supprimé ! - [27/05/2008 23:00][-rahs----] E:\autorun.inf
Supprimé ! - [11/03/2008 11:56][-r-hs----] E:\b.com
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[18/09/2006 21:43][--a------] C:\autoexec.bat
[16/08/2005 15:49][---------] C:\junction.exe
[28/09/2007 15:59][--a------] C:\Medion.ini
[02/04/2001 03:49][--a------] E:\Conversor.exe
[02/04/2001 03:49][--a------] E:\New Folder(2).exe
[02/04/2001 03:49][--a------] E:\ADVIRS.exe
[02/10/2008 21:48][--a------] E:\pmp_usb.ini
[10/02/2007 16:29][--a------] E:\Mumbai .scr
[10/02/2007 16:29][--a------] E:\Ahmenabad .scr
[10/02/2007 16:29][--a------] E:\Mumbai .scr
[10/02/2007 16:29][--a------] E:\Ahmenabad .scr
--------------- ! Fin du rapport ! ----------------
Le rapport USBfix
-------------- UsbFix V2.413.1 ---------------
* User : Frank - FRANK-PC
* Outils mis a jours le 24/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:59:32 le 26/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\LxrSII1s.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Frank\AppData\Local\Temp\5466.tmp\b2e.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
--------------- [ Informations lecteurs ] ----------------
C: - Fixed Drive
D: - Fixed Drive
E: - Removable Drive
+- Contenu de l'autorun : E:\autorun.inf
[autorun]
open = advirs.exe
;shell\open=Open(&O)
Shell\open\command = advirs.exe
Shell\open\Default = 1
;shell\explore=Manager(&X)
Shell\Explore\command = advirs.exe
Shell\Explore\command = advirs.exe
;timeout=30
;default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
;[operating systems]
;multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
;timeout=30
;default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
;[operating systems]
;multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
--------------- [ Lecteur C ] ----------------
C: - Fixed Drive
+- Listing des fichiers présents :
[18/09/2006 21:43][--a------] C:\autoexec.bat
[16/08/2005 15:49][---------] C:\junction.exe
[28/09/2007 15:59][--a------] C:\Medion.ini
[28/09/2007 15:56][--a------] C:\Partition.txt
[28/09/2007 15:56][--a------] C:\UsbFix.txt
[18/09/2006 21:43][--a------] C:\config.sys
[18/09/2006 21:43][--a------] C:\hiberfil.sys
[18/09/2006 21:43][--a------] C:\IO.SYS
[18/09/2006 21:43][--a------] C:\MSDOS.SYS
[18/09/2006 21:43][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Fixed Drive
+- Listing des fichiers présents :
--------------- [ Lecteur E ] ----------------
E: - Removable Drive
+- Listing des fichiers présents :
[11/03/2008 11:56][-r-hs----] E:\b.com
[02/04/2001 03:49][--a------] E:\Conversor.exe
[02/04/2001 03:49][--a------] E:\New Folder(2).exe
[02/04/2001 03:49][--a------] E:\ADVIRS.exe
[02/10/2008 21:48][--a------] E:\pmp_usb.ini
[27/05/2008 23:00][-rahs----] E:\autorun.inf
[10/02/2007 16:29][--a------] E:\Mumbai .scr
[10/02/2007 16:29][--a------] E:\Ahmenabad .scr
[04/10/2008 14:15][--a------] E:\saedulead.txt
[10/02/2007 16:29][--a------] E:\Mumbai .scr
[10/02/2007 16:29][--a------] E:\Ahmenabad .scr
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SEARCH PAGE"="http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*https://uk.yahoo.com/"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Acer Tour Reminder=
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
Systweak Ad and Popup Blocker="C:\Program Files\Advanced System Optimizer\adblock.exe"
swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
ALaunch=C:\Acer\ALaunch\AlaunchClient.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
eAudio="C:\Acer\Empowering Technology\eAudio\eAudio.exe"
Acer Tour=
RtHDVCpl=RtHDVCpl.exe
PLFSet=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
eRecoveryService=
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
IaNvSrv=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
MSConfig="C:\Windows\System32\msconfig.exe" /auto
AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
UVS11 Preload=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
LManager=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
SonicWALLNetExtender=C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27f48d47-2a53-11dd-a55f-ee24ab22b324}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27f48d47-2a53-11dd-a55f-ee24ab22b324}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27f48d47-2a53-11dd-a55f-ee24ab22b324}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d43e9b1-db37-11dc-8820-cc625755d224}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{688a123f-1d97-11dd-91b1-d0e83136f724}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{688a123f-1d97-11dd-91b1-d0e83136f724}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{688a123f-1d97-11dd-91b1-d0e83136f724}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b0b2ecd-5ff4-11dd-bcea-000000000000}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - C:\Users\Frank\AppData\Local\Temp\Temp1_ WinRAR 3.30 + Key + Crack.zip
Supprimé ! - C:\Users\Frank\AppData\Local\Temp\Temp1_ WinRAR 3.30 + Key + Crack.zip\IsoBuster.Professional.v1.7.0.0-ROR
E:\autorun.inf ~> fichier appelé : "E:\ advirs.exe" ( absent ! )
Supprimé ! - [27/05/2008 23:00][-rahs----] E:\autorun.inf
Supprimé ! - [11/03/2008 11:56][-r-hs----] E:\b.com
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[18/09/2006 21:43][--a------] C:\autoexec.bat
[16/08/2005 15:49][---------] C:\junction.exe
[28/09/2007 15:59][--a------] C:\Medion.ini
[02/04/2001 03:49][--a------] E:\Conversor.exe
[02/04/2001 03:49][--a------] E:\New Folder(2).exe
[02/04/2001 03:49][--a------] E:\ADVIRS.exe
[02/10/2008 21:48][--a------] E:\pmp_usb.ini
[10/02/2007 16:29][--a------] E:\Mumbai .scr
[10/02/2007 16:29][--a------] E:\Ahmenabad .scr
[10/02/2007 16:29][--a------] E:\Mumbai .scr
[10/02/2007 16:29][--a------] E:\Ahmenabad .scr
--------------- ! Fin du rapport ! ----------------
Le rapport RSIT
Logfile of random's system information tool 1.04 (written by random/random)
Run by Frank at 2008-11-26 16:05:35
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 68 GB (60%) free of 114 GB
Total RAM: 2046 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:58, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Frank\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Frank.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*https://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://webvpn.acis.com/NELX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c91444a41e8ccd) (gupdate1c91444a41e8ccd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of random's system information tool 1.04 (written by random/random)
Run by Frank at 2008-11-26 16:05:35
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 68 GB (60%) free of 114 GB
Total RAM: 2046 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:58, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Frank\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Frank.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*https://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://webvpn.acis.com/NELX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c91444a41e8ccd) (gupdate1c91444a41e8ccd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Bien ...
dans l'ordre :
1- Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "francais" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.
Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
---> Utilisation:
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .
( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )
2- Avoir accès aux fichiers cachés :
Va dans Menu Démarrer->panneau de config.("affichage classique")-> Options des dossiers
--> vas sur l'onglet " Affichage " .
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
3- toujours tes unités externes branchés aux PC :
Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\Windows\system32\DRIVERS\winbondcir.sys
Clique sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Fais de même pour :
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\Drivers\LxrSII1d.sys
C:\junction.exe
C:\Medion.ini
E:\Conversor.exe
E:\New Folder(2).exe
E:\ADVIRS.exe
E:\pmp_usb.ini
E:\Mumbai .scr
E:\Ahmenabad .scr
E:\Mumbai .scr
E:\Ahmenabad .scr
Poste moi donc ces 13 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...
dans l'ordre :
1- Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "francais" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.
Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
---> Utilisation:
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .
( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )
2- Avoir accès aux fichiers cachés :
Va dans Menu Démarrer->panneau de config.("affichage classique")-> Options des dossiers
--> vas sur l'onglet " Affichage " .
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
3- toujours tes unités externes branchés aux PC :
Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\Windows\system32\DRIVERS\winbondcir.sys
Clique sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Fais de même pour :
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\Drivers\LxrSII1d.sys
C:\junction.exe
C:\Medion.ini
E:\Conversor.exe
E:\New Folder(2).exe
E:\ADVIRS.exe
E:\pmp_usb.ini
E:\Mumbai .scr
E:\Ahmenabad .scr
E:\Mumbai .scr
E:\Ahmenabad .scr
Poste moi donc ces 13 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...
Alors voila les rapports pour les 6 premiers fichiers.
Pour les autres fichiers:
E:\New Folder(2).exe
E:\ADVIRS.exe
E:\pmp_usb.ini
E:\Mumbai .scr
E:\Ahmenabad .scr
E:\Mumbai .scr
E:\Ahmenabad .scr
Ca me dit: you do not have authorisation to access those files. Que faire?
Les rapports:
1)
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 43008 bytes
MD5...: 3fa87d56769838aac82fafc3e78fc732
SHA1..: 501e9e65c44610e2555cf1877667b4ced0e55899
SHA256: e1d942d59a7edb1768d39d87d637c6f87c84711d0776ff2c69161350d037663b
SHA512: e6a34fb91e3d2800d544201623f4fd445b758060b3a87ce036589864cf29867c
21462f5be378d95dfe1e56fee05e8c1b8181d7f4aa93db1c4b1e81c9b7cb84b7
ssdeep: 768:IrI/nbSq2Esev0kPIpCACUAOXuzoCTiObrhjnB2W:IrI/n+q2EsW7hACOuUC
TThnBB
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x173e8
timedatestamp.....: 0x460a0264 (Wed Mar 28 05:51:32 2007)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x88bd 0x8a00 6.45 dbfdd2556285cfbcbb31cdeec8732688
.rdata 0xa000 0x131 0x200 3.57 637dd8dbd280fea851001daade6dca54
.data 0xb000 0x68ac 0x200 0.78 126ef66c8ceab7d3f9f41f7233f87934
INIT 0x12000 0x2ce 0x400 4.31 52529193336ea7022c596c3171f032bc
.rsrc 0x13000 0x410 0x600 2.49 4cef3e5af054202af76682df427747db
.reloc 0x14000 0xae0 0xc00 5.95 7e2798b3ef09937419621083523d51b9
( 3 imports )
> ntoskrnl.exe: KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, KeQuerySystemTime, KeTickCount, KeBugCheckEx, memcpy, IoGetDeviceProperty, wcsstr, KeInitializeSpinLock, PoSetSystemState, RtlInitUnicodeString, memset, ExAllocatePoolWithTag, RtlCopyUnicodeString, DbgPrint, ExFreePoolWithTag
> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, WRITE_PORT_UCHAR, READ_PORT_UCHAR
> WDFLDR.SYS: WdfVersionUnbind, WdfVersionBind
( 0 exports )
Rapport 2
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 49152 bytes
MD5...: 38149affab4c4e8e06fb32b9cf1ebdaa
SHA1..: 23762d59da3af792e7c655075c8ca9573d511171
SHA256: 000940dc995b73958b075764cbbdaf417fe33c682abe9bae96c6812482029ede
SHA512: bf58384f46813717876b34fb29c84202c28bd578478697731ac1e5d02b825e2c
d7a9a43bddc9acb94e2fa7c122f9c68cece12ac25ca2bc453606482e8ba6e79c
ssdeep: 768:WMqslllxiEGggJzCWHTSvgjsRj91xdRLy+1Blkf0boJjc:W7VgUCuTSvgjE/
jlhoJjc
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x401db9
timedatestamp.....: 0x43c2dbf3 (Mon Jan 09 21:56:03 2006)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6da2 0x7000 6.53 fe76494fae6aaba331f5558d99347ad8
.rdata 0x8000 0xdbe 0x1000 4.89 0d6064acfc246b0142d4e9f07deb6dd3
.data 0x9000 0x4680 0x3000 0.90 edb611908c5319708cf17fb5deeafb84
( 2 imports )
> KERNEL32.dll: WriteFile, ReadFile, WaitForMultipleObjects, ConnectNamedPipe, ResetEvent, CreateNamedPipeA, CreateFileA, CreateEventA, SetEvent, DeviceIoControl, Sleep, HeapFree, HeapAlloc, GetCommandLineA, GetVersion, ExitProcess, GetModuleHandleA, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, DisconnectNamedPipe, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, SetFilePointer, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, SetStdHandle, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, FlushFileBuffers, CloseHandle, DefineDosDeviceA, GetLastError, FormatMessageA, GetEnvironmentStrings, OutputDebugStringA
> ADVAPI32.dll: SetSecurityDescriptorDacl, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, InitializeSecurityDescriptor
( 0 exports )
Rapport 3
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 72672 bytes
MD5...: 7c12f93c005021861a36c11df951891a
SHA1..: 08ed9b3936e3fb883093645a288f9a36880ec2c9
SHA256: cfe2e6a1c4a54d34e93ec67b93aef4e5127340ea905ee91b4e3da32f65d89288
SHA512: 910df4e815f4e75b6b673a65a9403ae6025c6a5f4a7c09d8cb78dbc8df94513a
b63a1e3d10453144b0404dc79621a6cfab77523b9cd3e44372f67d18f155ff95
ssdeep: 1536:TMqqU+2bbbAV2/S2ewlpEr+8++HHHt1MmGU+WLDIH:TMqqDL2/pQrFMWvLD
I
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x20ac0
timedatestamp.....: 0x457779df (Thu Dec 07 02:18:07 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x260 0x10335 0x10340 6.37 72c094e8cc6c700caed051a6b5192ec6
.data 0x105a0 0x520 0x520 6.77 af714748696c53896f11c01331920fe5
INIT 0x10ac0 0x6bc 0x6c0 5.71 c19613d3065b220afa59c190eef1d2f6
.reloc 0x11180 0xa44 0xa60 6.55 8cb4334b9fb1fdf6578b079ecc0b911b
( 1 imports )
> ntoskrnl.exe: KeGetCurrentThread, KeReleaseSemaphore, ExfInterlockedInsertTailList, IofCompleteRequest, IoSetHardErrorOrVerifyDevice, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, wcscpy, KeInitializeSpinLock, KeInitializeSemaphore, KeInitializeEvent, DbgPrint, KeWaitForSingleObject, ZwClose, ObReferenceObjectByHandle, ExFreePool, PsCreateSystemThread, ExAllocatePoolWithTag, ObfDereferenceObject, ExfInterlockedRemoveHeadList, PsTerminateSystemThread, KeSetEvent, wcscat, KeSetPriorityThread, KeInitializeMutex, wcsncat, IoDeleteSymbolicLink, wcslen, KeReleaseMutex, wcscmp, IoGetDeviceObjectPointer, IoGetRelatedDeviceObject, IoFileObjectType, ZwQueryInformationFile, ZwReadFile, ZwCreateFile, sprintf, _allmul, IoFreeIrp, IoFreeMdl, MmUnlockPages, MmUnmapLockedPages, MmMapLockedPages, MmBuildMdlForNonPagedPool, IoAllocateMdl, IofCallDriver, IoBuildDeviceIoControlRequest, KeClearEvent, IoAllocateIrp
( 0 exports )
Rapport 4
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 40960 bytes
MD5...: b25b81716aaca69eecd0eedbf7891ad1
SHA1..: 0c82ba7a351048200a188893adf51075fa99e611
SHA256: c0bbd0f5e72ca330ad9ae54096628e4c518a49de21d67c5d9f2deee47e2c50fe
SHA512: 459f92af04a079d8b202c8d3154b932113e90b6d8859d25cc722dcd3c29c07ec
d5db3e6c69905ce8437a0eadf607d65fe97366e62056bdc54c2a55a5ca5a47e2
ssdeep: 384:czkPohisjJsmBF9zQ6nl8o9JhptToIaBaHy2ZmlPOPJ89JskZ6q5Rjgchvec
5tch:+kcT5BFe48OtToJWuO6OStt5ec5t0J
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (58.7%)
Win32 Executable MS Visual C++ (generic) (25.8%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.2%)
Win32 Executable MS Visual FoxPro 7 (1.5%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4022c8
timedatestamp.....: 0x4301eed7 (Tue Aug 16 13:49:11 2005)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4cae 0x5000 6.40 185d9855a48f961eae15e7a7ca772898
.rdata 0x6000 0x96e 0x1000 3.69 a631930dc124d15c655ef6fa70539790
.data 0x7000 0x26a4 0x2000 1.90 4226d18e625ba3a40f143a3d24953697
.rsrc 0xa000 0x3e8 0x1000 1.02 439758cbaa44ed366783e8db1b810481
( 1 imports )
> KERNEL32.dll: LocalFree, FormatMessageW, CloseHandle, DeviceIoControl, GetFileAttributesW, GetLastError, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, RemoveDirectoryW, CreateDirectoryW, GetVolumeInformationW, GetFullPathNameW, GetCurrentDirectoryW, GetVersion, ExitProcess, FlushFileBuffers, WriteFile, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetEnvironmentStrings, GetCommandLineW, GetCommandLineA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, GetModuleFileNameA, SetStdHandle, SetFilePointer, VirtualAlloc, HeapReAlloc, WideCharToMultiByte, LCMapStringA, LCMapStringW, GetProcAddress, LoadLibraryA, GetStringTypeA, GetStringTypeW
( 0 exports )
Rapport 5
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 20 bytes
MD5...: 7df6e005d7512deb40bce1d9a8abeb24
SHA1..: bd0dfd28609fb9dc261850d9450037c173b1032e
SHA256: b3faa37b71ec838f0851429ffe2d875c75b3ea911eb981837d878e337b8932e0
SHA512: d4adbe7e7eee3e5fcaac000779ade6ce88bf04234c11535bc67920ef8677ac7e
c79aeba9ea018bf2a5f5734e1ace90b14f8ff32b5b96c88702d751cbfd6cce95
ssdeep: 3:nRlvYTv:nRlvu
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
Rapport 6
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 423936 bytes
MD5...: 1ef1937f38127a607d98d2fce31e0b5d
SHA1..: ec2b73a7f092ef5c783aa4f0eb4deff5d5e052b3
SHA256: 1737d6983d0b952e87092c4a8f61f106d7e0f49276dc6b526d8e68f7c222c7e5
SHA512: b0b61d7ca87ae0a85681d14a1a3078614e233c9c13dfad40c3bee3931e941db5
8b49addcb2916d6002f29933dad41824a2770d025b7ffc18059aa14d85a8234a
ssdeep: 6144:PXPnhRxWtW/k/7mbRHyFTipYFEQAnej68jLWfjcFASflx1lLyk:PXPnFqqb
OTigEQAejfvKoFAKf
PEiD..: -
TrID..: File type identification
Win32 Executable Borland Delphi 5 (60.1%)
Win32 Executable Borland Delphi 3 (34.9%)
Win32 Executable Delphi generic (1.9%)
Win32 Executable Generic (1.1%)
Win32 Dynamic Link Library (generic) (1.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x456eac
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x55f30 0x56000 6.50 c63eec6603bddb84a2b4b9618c31033f
DATA 0x57000 0xf78 0x1000 3.86 ce192689b51e3ca76f782c75c16583fb
BSS 0x58000 0x881 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x59000 0x21f4 0x2200 5.04 1af5dfe9fa1f15680e3d258256ea246f
.tls 0x5c000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x5d000 0x18 0x200 0.20 0042fe5cd3839eff2d93957b0cd8540c
.reloc 0x5e000 0x6104 0x6200 6.65 6e514d2de2077e59b7830d5e819ab196
.rsrc 0x65000 0x7e00 0x7e00 5.14 761206895a302975a8b3b0a903ef0a08
( 14 imports )
> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> kernel32.dll: lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ReadFile, MulDiv, MoveFileA, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetProfileStringA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExtTextOutA, ExcludeClipRect, EnumFontFamiliesExA, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, SendDlgItemMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, BeginDeferWindowPos, CharLowerBuffA, CharLowerA, AdjustWindowRectEx, ActivateKeyboardLayout
> ole32.dll: IsEqualGUID
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
> shell32.dll: ShellExecuteA
> comdlg32.dll: ChooseFontA, ChooseColorA, GetSaveFileNameA, GetOpenFileNameA
( 0 exports )
Pour les autres fichiers:
E:\New Folder(2).exe
E:\ADVIRS.exe
E:\pmp_usb.ini
E:\Mumbai .scr
E:\Ahmenabad .scr
E:\Mumbai .scr
E:\Ahmenabad .scr
Ca me dit: you do not have authorisation to access those files. Que faire?
Les rapports:
1)
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 43008 bytes
MD5...: 3fa87d56769838aac82fafc3e78fc732
SHA1..: 501e9e65c44610e2555cf1877667b4ced0e55899
SHA256: e1d942d59a7edb1768d39d87d637c6f87c84711d0776ff2c69161350d037663b
SHA512: e6a34fb91e3d2800d544201623f4fd445b758060b3a87ce036589864cf29867c
21462f5be378d95dfe1e56fee05e8c1b8181d7f4aa93db1c4b1e81c9b7cb84b7
ssdeep: 768:IrI/nbSq2Esev0kPIpCACUAOXuzoCTiObrhjnB2W:IrI/n+q2EsW7hACOuUC
TThnBB
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x173e8
timedatestamp.....: 0x460a0264 (Wed Mar 28 05:51:32 2007)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x88bd 0x8a00 6.45 dbfdd2556285cfbcbb31cdeec8732688
.rdata 0xa000 0x131 0x200 3.57 637dd8dbd280fea851001daade6dca54
.data 0xb000 0x68ac 0x200 0.78 126ef66c8ceab7d3f9f41f7233f87934
INIT 0x12000 0x2ce 0x400 4.31 52529193336ea7022c596c3171f032bc
.rsrc 0x13000 0x410 0x600 2.49 4cef3e5af054202af76682df427747db
.reloc 0x14000 0xae0 0xc00 5.95 7e2798b3ef09937419621083523d51b9
( 3 imports )
> ntoskrnl.exe: KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, KeQuerySystemTime, KeTickCount, KeBugCheckEx, memcpy, IoGetDeviceProperty, wcsstr, KeInitializeSpinLock, PoSetSystemState, RtlInitUnicodeString, memset, ExAllocatePoolWithTag, RtlCopyUnicodeString, DbgPrint, ExFreePoolWithTag
> HAL.dll: KfAcquireSpinLock, KfReleaseSpinLock, WRITE_PORT_UCHAR, READ_PORT_UCHAR
> WDFLDR.SYS: WdfVersionUnbind, WdfVersionBind
( 0 exports )
Rapport 2
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 49152 bytes
MD5...: 38149affab4c4e8e06fb32b9cf1ebdaa
SHA1..: 23762d59da3af792e7c655075c8ca9573d511171
SHA256: 000940dc995b73958b075764cbbdaf417fe33c682abe9bae96c6812482029ede
SHA512: bf58384f46813717876b34fb29c84202c28bd578478697731ac1e5d02b825e2c
d7a9a43bddc9acb94e2fa7c122f9c68cece12ac25ca2bc453606482e8ba6e79c
ssdeep: 768:WMqslllxiEGggJzCWHTSvgjsRj91xdRLy+1Blkf0boJjc:W7VgUCuTSvgjE/
jlhoJjc
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x401db9
timedatestamp.....: 0x43c2dbf3 (Mon Jan 09 21:56:03 2006)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6da2 0x7000 6.53 fe76494fae6aaba331f5558d99347ad8
.rdata 0x8000 0xdbe 0x1000 4.89 0d6064acfc246b0142d4e9f07deb6dd3
.data 0x9000 0x4680 0x3000 0.90 edb611908c5319708cf17fb5deeafb84
( 2 imports )
> KERNEL32.dll: WriteFile, ReadFile, WaitForMultipleObjects, ConnectNamedPipe, ResetEvent, CreateNamedPipeA, CreateFileA, CreateEventA, SetEvent, DeviceIoControl, Sleep, HeapFree, HeapAlloc, GetCommandLineA, GetVersion, ExitProcess, GetModuleHandleA, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, DisconnectNamedPipe, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, SetFilePointer, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, SetStdHandle, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, FlushFileBuffers, CloseHandle, DefineDosDeviceA, GetLastError, FormatMessageA, GetEnvironmentStrings, OutputDebugStringA
> ADVAPI32.dll: SetSecurityDescriptorDacl, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, InitializeSecurityDescriptor
( 0 exports )
Rapport 3
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 72672 bytes
MD5...: 7c12f93c005021861a36c11df951891a
SHA1..: 08ed9b3936e3fb883093645a288f9a36880ec2c9
SHA256: cfe2e6a1c4a54d34e93ec67b93aef4e5127340ea905ee91b4e3da32f65d89288
SHA512: 910df4e815f4e75b6b673a65a9403ae6025c6a5f4a7c09d8cb78dbc8df94513a
b63a1e3d10453144b0404dc79621a6cfab77523b9cd3e44372f67d18f155ff95
ssdeep: 1536:TMqqU+2bbbAV2/S2ewlpEr+8++HHHt1MmGU+WLDIH:TMqqDL2/pQrFMWvLD
I
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x20ac0
timedatestamp.....: 0x457779df (Thu Dec 07 02:18:07 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x260 0x10335 0x10340 6.37 72c094e8cc6c700caed051a6b5192ec6
.data 0x105a0 0x520 0x520 6.77 af714748696c53896f11c01331920fe5
INIT 0x10ac0 0x6bc 0x6c0 5.71 c19613d3065b220afa59c190eef1d2f6
.reloc 0x11180 0xa44 0xa60 6.55 8cb4334b9fb1fdf6578b079ecc0b911b
( 1 imports )
> ntoskrnl.exe: KeGetCurrentThread, KeReleaseSemaphore, ExfInterlockedInsertTailList, IofCompleteRequest, IoSetHardErrorOrVerifyDevice, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, wcscpy, KeInitializeSpinLock, KeInitializeSemaphore, KeInitializeEvent, DbgPrint, KeWaitForSingleObject, ZwClose, ObReferenceObjectByHandle, ExFreePool, PsCreateSystemThread, ExAllocatePoolWithTag, ObfDereferenceObject, ExfInterlockedRemoveHeadList, PsTerminateSystemThread, KeSetEvent, wcscat, KeSetPriorityThread, KeInitializeMutex, wcsncat, IoDeleteSymbolicLink, wcslen, KeReleaseMutex, wcscmp, IoGetDeviceObjectPointer, IoGetRelatedDeviceObject, IoFileObjectType, ZwQueryInformationFile, ZwReadFile, ZwCreateFile, sprintf, _allmul, IoFreeIrp, IoFreeMdl, MmUnlockPages, MmUnmapLockedPages, MmMapLockedPages, MmBuildMdlForNonPagedPool, IoAllocateMdl, IofCallDriver, IoBuildDeviceIoControlRequest, KeClearEvent, IoAllocateIrp
( 0 exports )
Rapport 4
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 40960 bytes
MD5...: b25b81716aaca69eecd0eedbf7891ad1
SHA1..: 0c82ba7a351048200a188893adf51075fa99e611
SHA256: c0bbd0f5e72ca330ad9ae54096628e4c518a49de21d67c5d9f2deee47e2c50fe
SHA512: 459f92af04a079d8b202c8d3154b932113e90b6d8859d25cc722dcd3c29c07ec
d5db3e6c69905ce8437a0eadf607d65fe97366e62056bdc54c2a55a5ca5a47e2
ssdeep: 384:czkPohisjJsmBF9zQ6nl8o9JhptToIaBaHy2ZmlPOPJ89JskZ6q5Rjgchvec
5tch:+kcT5BFe48OtToJWuO6OStt5ec5t0J
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (58.7%)
Win32 Executable MS Visual C++ (generic) (25.8%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.2%)
Win32 Executable MS Visual FoxPro 7 (1.5%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4022c8
timedatestamp.....: 0x4301eed7 (Tue Aug 16 13:49:11 2005)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4cae 0x5000 6.40 185d9855a48f961eae15e7a7ca772898
.rdata 0x6000 0x96e 0x1000 3.69 a631930dc124d15c655ef6fa70539790
.data 0x7000 0x26a4 0x2000 1.90 4226d18e625ba3a40f143a3d24953697
.rsrc 0xa000 0x3e8 0x1000 1.02 439758cbaa44ed366783e8db1b810481
( 1 imports )
> KERNEL32.dll: LocalFree, FormatMessageW, CloseHandle, DeviceIoControl, GetFileAttributesW, GetLastError, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, RemoveDirectoryW, CreateDirectoryW, GetVolumeInformationW, GetFullPathNameW, GetCurrentDirectoryW, GetVersion, ExitProcess, FlushFileBuffers, WriteFile, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetEnvironmentStrings, GetCommandLineW, GetCommandLineA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, GetModuleFileNameA, SetStdHandle, SetFilePointer, VirtualAlloc, HeapReAlloc, WideCharToMultiByte, LCMapStringA, LCMapStringW, GetProcAddress, LoadLibraryA, GetStringTypeA, GetStringTypeW
( 0 exports )
Rapport 5
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 20 bytes
MD5...: 7df6e005d7512deb40bce1d9a8abeb24
SHA1..: bd0dfd28609fb9dc261850d9450037c173b1032e
SHA256: b3faa37b71ec838f0851429ffe2d875c75b3ea911eb981837d878e337b8932e0
SHA512: d4adbe7e7eee3e5fcaac000779ade6ce88bf04234c11535bc67920ef8677ac7e
c79aeba9ea018bf2a5f5734e1ace90b14f8ff32b5b96c88702d751cbfd6cce95
ssdeep: 3:nRlvYTv:nRlvu
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
Rapport 6
Antivirus
Version
Last Update
Result
AhnLab-V3
2008.11.24.3
2008.11.26
-
AntiVir
7.9.0.35
2008.11.26
-
Authentium
5.1.0.4
2008.11.26
-
Avast
4.8.1281.0
2008.11.26
-
AVG
8.0.0.199
2008.11.26
-
BitDefender
7.2
2008.11.26
-
CAT-QuickHeal
10.00
2008.11.26
-
ClamAV
0.94.1
2008.11.26
-
DrWeb
4.44.0.09170
2008.11.26
-
eSafe
7.0.17.0
2008.11.25
-
eTrust-Vet
31.6.6228
2008.11.26
-
Ewido
4.0
2008.11.26
-
F-Prot
4.4.4.56
2008.11.25
-
F-Secure
8.0.14332.0
2008.11.26
-
Fortinet
3.117.0.0
2008.11.26
-
GData
19
2008.11.26
-
Ikarus
T3.1.1.45.0
2008.11.26
-
K7AntiVirus
7.10.534
2008.11.26
-
Kaspersky
7.0.0.125
2008.11.26
-
McAfee
5445
2008.11.25
-
McAfee+Artemis
5445
2008.11.25
-
Microsoft
1.4104
2008.11.26
-
NOD32
3643
2008.11.26
-
Norman
5.80.02
2008.11.26
-
Panda
9.0.0.4
2008.11.25
-
PCTools
4.4.2.0
2008.11.26
-
Prevx1
V2
2008.11.26
-
Rising
21.05.22.00
2008.11.26
-
SecureWeb-Gateway
6.7.6
2008.11.26
-
Sophos
4.35.0
2008.11.26
-
Sunbelt
3.1.1830.2
2008.11.26
-
Symantec
10
2008.11.26
-
TheHacker
6.3.1.1.163
2008.11.25
-
TrendMicro
8.700.0.1004
2008.11.26
-
VBA32
3.12.8.9
2008.11.26
-
ViRobot
2008.11.26.1487
2008.11.26
-
VirusBuster
4.5.11.0
2008.11.26
-
Additional information
File size: 423936 bytes
MD5...: 1ef1937f38127a607d98d2fce31e0b5d
SHA1..: ec2b73a7f092ef5c783aa4f0eb4deff5d5e052b3
SHA256: 1737d6983d0b952e87092c4a8f61f106d7e0f49276dc6b526d8e68f7c222c7e5
SHA512: b0b61d7ca87ae0a85681d14a1a3078614e233c9c13dfad40c3bee3931e941db5
8b49addcb2916d6002f29933dad41824a2770d025b7ffc18059aa14d85a8234a
ssdeep: 6144:PXPnhRxWtW/k/7mbRHyFTipYFEQAnej68jLWfjcFASflx1lLyk:PXPnFqqb
OTigEQAejfvKoFAKf
PEiD..: -
TrID..: File type identification
Win32 Executable Borland Delphi 5 (60.1%)
Win32 Executable Borland Delphi 3 (34.9%)
Win32 Executable Delphi generic (1.9%)
Win32 Executable Generic (1.1%)
Win32 Dynamic Link Library (generic) (1.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x456eac
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x55f30 0x56000 6.50 c63eec6603bddb84a2b4b9618c31033f
DATA 0x57000 0xf78 0x1000 3.86 ce192689b51e3ca76f782c75c16583fb
BSS 0x58000 0x881 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x59000 0x21f4 0x2200 5.04 1af5dfe9fa1f15680e3d258256ea246f
.tls 0x5c000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x5d000 0x18 0x200 0.20 0042fe5cd3839eff2d93957b0cd8540c
.reloc 0x5e000 0x6104 0x6200 6.65 6e514d2de2077e59b7830d5e819ab196
.rsrc 0x65000 0x7e00 0x7e00 5.14 761206895a302975a8b3b0a903ef0a08
( 14 imports )
> kernel32.dll: GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> kernel32.dll: lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ReadFile, MulDiv, MoveFileA, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetProfileStringA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExtTextOutA, ExcludeClipRect, EnumFontFamiliesExA, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, SendDlgItemMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, BeginDeferWindowPos, CharLowerBuffA, CharLowerA, AdjustWindowRectEx, ActivateKeyboardLayout
> ole32.dll: IsEqualGUID
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
> winspool.drv: OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
> shell32.dll: ShellExecuteA
> comdlg32.dll: ChooseFontA, ChooseColorA, GetSaveFileNameA, GetOpenFileNameA
( 0 exports )
Ca me dit: you do not have authorisation to access those files. Que faire?
Bisard ... tu as bien désactivé l'UAC comme je te l' avais demandé au début ?
Bisard ... tu as bien désactivé l'UAC comme je te l' avais demandé au début ?
Non , l'UAC ... cad ceci :
*Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :
Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
*Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :
Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...
Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517
Bon ....
fais ceci pour approfondir le nettoyage :
Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "complet" ( sélectionne bien tous tes disks avant le scan ! ).
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport hijackthis pour analyse ...
fais ceci pour approfondir le nettoyage :
Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "complet" ( sélectionne bien tous tes disks avant le scan ! ).
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport hijackthis pour analyse ...
Ok rapport malware:
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 6.0.6001 Service Pack 1
26/11/2008 21:14:36
mbam-log-2008-11-26 (21-14-36).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 135116
Temps écoulé: 1 hour(s), 57 minute(s), 50 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Rapport Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:21, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*https://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://webvpn.acis.com/NELX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c91444a41e8ccd) (gupdate1c91444a41e8ccd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 6.0.6001 Service Pack 1
26/11/2008 21:14:36
mbam-log-2008-11-26 (21-14-36).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 135116
Temps écoulé: 1 hour(s), 57 minute(s), 50 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Rapport Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:21, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*https://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://webvpn.acis.com/NELX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c91444a41e8ccd) (gupdate1c91444a41e8ccd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
ok ...
MBAM n'a rien débusqué ( tant mieux quelque part ;) )
Tu as des restes de Norton sur ton PC , il faut les nettoyer correctement ainsi :
Télécharge Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
Déconnecte toi .
Ensuite désinstalle Norton avec "Norton removal tool": tu double-cliques dessus et tu te laisses guider ... il faut le désinstaller correctement ( fais la manipe 2 fois si possible ).
Ensuite fais ce qui suit dans l'ordre :
1-Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/
Déconnecte toi et ferme bien toutes tes applications en cours .
Clique droit sur le prg et choisis "éxécuter en tant que Administrateur"
*Clique sur Recherche et laisse le scan se terminer (cela peut être long).
*Clique sur Suppression pour finaliser.
*Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .
Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprime tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .
( garde CCleaner et Malwarebytes : très utiles ! )
2- Refais un coup de CCleaner ( registre compris ) .
3- Retélécharge et réinstalle hijackthis ( car supprimé par Toolscleaner2 ) ,
Télécharge et installe le logiciel HijackThis :
ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-> Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( ne fais pas de scan pour le moment )
4- Purge de la restauration système
-->Désactive ta restauration :
Dans démarrer, clique droit sur ordinateur/propriétés/protection du système : décoche la case devant ton disk dur maitre ( pour toi -> C ) , valide, applique et OK
Redémarre ton PC ...
-->Réactive ta restauration :
Clique droit sur ordinateur/propriétés/protection du système : coche la case devant ton disk dur maitre , valide, applique et OK
Redémarre ton PC ...
( tuto : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista )
5- Fais ce scan en ligne pour vérifier :
( ne rien faire d'autre avec le PC durant le scan ! )
Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :
https://www.bitdefender.fr/
* Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc ...
* pour le rapport : clique sur l'onglet "plus de détailles" . A la fin du scan, clique sur " problème détectés " .
-> juste au dessus à droite de la fenêtre des résultats , tu as " cliquer ici pour exporter le rapport " .
-> Clique dessus donc, et choisis d'enregistrer le rapport sur ton bureau .
--> Ouvre le document html que tu viens de sauvegarder ( le rapport ),
fais un copier/coller de tout son contenu et poste le dans ta prochaine réponse ...
Rappel : le scan en ligne ne fonctionne que sous Internet Exploreur ! ( et pas sur FireFox ou autres navigateurs )
Tutoriel en images ici :
http://perso.orange.fr/rginformatique/section%20virus/defender.htm (merci à Balltrap34 pour cette réalisation)
Et ici : http://www.commentcamarche.net/faq/sujet 8872 scanner en ligne avec bitdefender
MBAM n'a rien débusqué ( tant mieux quelque part ;) )
Tu as des restes de Norton sur ton PC , il faut les nettoyer correctement ainsi :
Télécharge Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
Déconnecte toi .
Ensuite désinstalle Norton avec "Norton removal tool": tu double-cliques dessus et tu te laisses guider ... il faut le désinstaller correctement ( fais la manipe 2 fois si possible ).
Ensuite fais ce qui suit dans l'ordre :
1-Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/
Déconnecte toi et ferme bien toutes tes applications en cours .
Clique droit sur le prg et choisis "éxécuter en tant que Administrateur"
*Clique sur Recherche et laisse le scan se terminer (cela peut être long).
*Clique sur Suppression pour finaliser.
*Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .
Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprime tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .
( garde CCleaner et Malwarebytes : très utiles ! )
2- Refais un coup de CCleaner ( registre compris ) .
3- Retélécharge et réinstalle hijackthis ( car supprimé par Toolscleaner2 ) ,
Télécharge et installe le logiciel HijackThis :
ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-> Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( ne fais pas de scan pour le moment )
4- Purge de la restauration système
-->Désactive ta restauration :
Dans démarrer, clique droit sur ordinateur/propriétés/protection du système : décoche la case devant ton disk dur maitre ( pour toi -> C ) , valide, applique et OK
Redémarre ton PC ...
-->Réactive ta restauration :
Clique droit sur ordinateur/propriétés/protection du système : coche la case devant ton disk dur maitre , valide, applique et OK
Redémarre ton PC ...
( tuto : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista )
5- Fais ce scan en ligne pour vérifier :
( ne rien faire d'autre avec le PC durant le scan ! )
Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :
https://www.bitdefender.fr/
* Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc ...
* pour le rapport : clique sur l'onglet "plus de détailles" . A la fin du scan, clique sur " problème détectés " .
-> juste au dessus à droite de la fenêtre des résultats , tu as " cliquer ici pour exporter le rapport " .
-> Clique dessus donc, et choisis d'enregistrer le rapport sur ton bureau .
--> Ouvre le document html que tu viens de sauvegarder ( le rapport ),
fais un copier/coller de tout son contenu et poste le dans ta prochaine réponse ...
Rappel : le scan en ligne ne fonctionne que sous Internet Exploreur ! ( et pas sur FireFox ou autres navigateurs )
Tutoriel en images ici :
http://perso.orange.fr/rginformatique/section%20virus/defender.htm (merci à Balltrap34 pour cette réalisation)
Et ici : http://www.commentcamarche.net/faq/sujet 8872 scanner en ligne avec bitdefender
Prob avec Bit defender.
Je click sur accepter ca se met a telecharger et au bout de 3 mins ca revient toujours a la meme fenetre avec "accepter".
Merci enormement pour ton aide. Vais devoir arreter pour ce soir. Dis moi si je dois continuer a faire des trucs demain. Je ferai ca au reveil.
Merci encore, vraiment
Je click sur accepter ca se met a telecharger et au bout de 3 mins ca revient toujours a la meme fenetre avec "accepter".
Merci enormement pour ton aide. Vais devoir arreter pour ce soir. Dis moi si je dois continuer a faire des trucs demain. Je ferai ca au reveil.
Merci encore, vraiment
