Message démarrage VISTA
Résolu/Fermé
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
-
8 oct. 2009 à 20:49
Seb1989 Messages postés 57 Date d'inscription jeudi 10 septembre 2009 Statut Membre Dernière intervention 10 janvier 2011 - 13 oct. 2009 à 21:06
Seb1989 Messages postés 57 Date d'inscription jeudi 10 septembre 2009 Statut Membre Dernière intervention 10 janvier 2011 - 13 oct. 2009 à 21:06
A voir également:
- Message démarrage VISTA
- Pc lent au démarrage - Guide
- Recuperer message whatsapp - Guide
- Forcer demarrage pc - Guide
- Message d'absence thunderbird - Guide
- Ecran noir demarrage pc - Guide
19 réponses
Utilisateur anonyme
8 oct. 2009 à 20:59
8 oct. 2009 à 20:59
Bonsoir
1)=> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
2)1- Télécharge et installe le logiciel HijackThis :
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
(Ne lance pas ce prg pour l'instant et fais la suite ... )
2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer.
Clic droit sous VISTA (exécuter en tant que…)
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).
Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Merci
1)=> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
2)1- Télécharge et installe le logiciel HijackThis :
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
(Ne lance pas ce prg pour l'instant et fais la suite ... )
2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer.
Clic droit sous VISTA (exécuter en tant que…)
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).
Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Merci
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
8 oct. 2009 à 21:21
8 oct. 2009 à 21:21
" log.txt "
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sébastien at 2009-10-08 21:19:11
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 39 GB (26%) free of 148 GB
Total RAM: 3066 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:16, on 08/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\Spy-Net\server.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\Cerberus12\server95.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Users\Sébastien\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sébastien.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Spy-Net] C:\Windows\System32\Spy-Net\server.exe
O4 - HKLM\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spy-Net] C:\Windows\System32\Spy-Net\server.exe
O4 - HKCU\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sébastien at 2009-10-08 21:19:11
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 39 GB (26%) free of 148 GB
Total RAM: 3066 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:16, on 08/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\Spy-Net\server.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\Cerberus12\server95.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Users\Sébastien\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sébastien.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Spy-Net] C:\Windows\System32\Spy-Net\server.exe
O4 - HKLM\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spy-Net] C:\Windows\System32\Spy-Net\server.exe
O4 - HKCU\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Re
1)Sous Windows Vista, la barre des menus n'étant pas présente par défaut, il faut d'abord la faire apparaitre.
Pour cela,
• pressez la touche ALT du clavier. La barre des menus apparait.
• Dans le menu Outils, choisissez Options des dossiers.
• Choisissez l'onglet Affichage.
• Cochez Afficher les fichiers et dossiers cachés.
Décochez Cachez les fichiers système.
Décochez Cacher les extensions dont le type est connu.
• Validez les modifications en cliquant sur OK.
2)● Rends toi sur ce site :
https://www.virustotal.com/gui/
● Clique sur " parcourir ", cherche ces fichiers :
C:\Windows\System32\Spy-Net\server.exe
C:\Windows\System32\Cerberus12\server95.exe
● Clique sur Send File.
● Un rapport va s'élaborer ligne à ligne.
● Attends la fin. Il doit comprendre la taille du fichier envoyé.
● Sauvegarde le rapport avec le bloc-note.
● Copie le dans ta réponse.
(!) Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Réanalyser le fichier maintenant
@+
1)Sous Windows Vista, la barre des menus n'étant pas présente par défaut, il faut d'abord la faire apparaitre.
Pour cela,
• pressez la touche ALT du clavier. La barre des menus apparait.
• Dans le menu Outils, choisissez Options des dossiers.
• Choisissez l'onglet Affichage.
• Cochez Afficher les fichiers et dossiers cachés.
Décochez Cachez les fichiers système.
Décochez Cacher les extensions dont le type est connu.
• Validez les modifications en cliquant sur OK.
2)● Rends toi sur ce site :
https://www.virustotal.com/gui/
● Clique sur " parcourir ", cherche ces fichiers :
C:\Windows\System32\Spy-Net\server.exe
C:\Windows\System32\Cerberus12\server95.exe
● Clique sur Send File.
● Un rapport va s'élaborer ligne à ligne.
● Attends la fin. Il doit comprendre la taille du fichier envoyé.
● Sauvegarde le rapport avec le bloc-note.
● Copie le dans ta réponse.
(!) Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Réanalyser le fichier maintenant
@+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
8 oct. 2009 à 21:22
8 oct. 2009 à 21:22
" info.txt "
info.txt logfile of random's system information tool 1.06 2009-10-08 21:07:35
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
abgx360 v1.0.1-->"C:\Program Files\abgx360\uninstall.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Bio Protection
AAU 6.0.00.17-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe"
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x40c -removeonly
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"
Antidote RX v8-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
gBurner-->"C:\Program Files\gBurner\uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth Plug-in-->MsiExec.exe /X{FE24D361-A3E8-11DE-88F3-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Ipulp 1.1-->"C:\Program Files\Ipulp\unins000.exe"
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
Lecteur CANAL-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-3081E67009BA}
Ma Videothèque V1.5-->"C:\Program Files\MaVideotheque\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Megavideo Video Downloader 3.14-->"C:\Program Files\DownloadToolz\Megavideo Video Downloader\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\mbtmdm.inf_afb0631d\mbtmdm.inf
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{231A1A09-FDF2-45F2-B3D1-964CECE372BC}\setup.exe" -runfromtemp -l0x040c -removeonly
Seagate Manager Installer-->MsiExec.exe /X{231A1A09-FDF2-45F2-B3D1-964CECE372BC}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
SpeedyFox-->"C:\Program Files\SpeedyFox\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Transcode 360 for Windows Vista-->"C:\Program Files\Transcode360\uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
WIDCOMM Bluetooth Software 6.0.1.6400-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe
======Hosts File======
127.0.0.1 activate.adobe.com
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: PC-de-Sébastien
Event Code: 134
Message: NtpClient n'a pas pu définir d'homologue manuel à utiliser comme source de temps en raison d'une erreur de résolution DNS sur " time.windows.com,0x1 ". NtpClient réessaiera dans 15 minutes, et à nouveau une fois le double de l'intervalle de nouvelle tentative écoulé. L'erreur était : Hôte inconnu. (0x80072AF9)
Record Number: 65881
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090608071021.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Sébastien
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.
Record Number: 65866
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090607215351.795836-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Sébastien
Event Code: 10002
Message: Le module d’extensibilité WLAN s’est arrêté.
Chemin d’accès du module : C:\Windows\System32\IWMSSvc.dll
Record Number: 65865
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090607215351.125036-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Sébastien
Event Code: 7022
Message: Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Record Number: 65815
Source Name: Service Control Manager
Time Written: 20090607080653.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Sébastien
Event Code: 7022
Message: Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Record Number: 65649
Source Name: Service Control Manager
Time Written: 20090606093601.000000-000
Event Type: Erreur
User:
=====Application event log=====
Computer Name: PC-de-Sébastien
Event Code: 11500
Message: Produit : Java(TM) 6 Update 11 -- Erreur 1500. Une autre installation est en cours. Vous de
info.txt logfile of random's system information tool 1.06 2009-10-08 21:07:35
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
abgx360 v1.0.1-->"C:\Program Files\abgx360\uninstall.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Bio Protection
AAU 6.0.00.17-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe"
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x40c -removeonly
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"
Antidote RX v8-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
gBurner-->"C:\Program Files\gBurner\uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth Plug-in-->MsiExec.exe /X{FE24D361-A3E8-11DE-88F3-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Ipulp 1.1-->"C:\Program Files\Ipulp\unins000.exe"
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
Lecteur CANAL-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-3081E67009BA}
Ma Videothèque V1.5-->"C:\Program Files\MaVideotheque\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Megavideo Video Downloader 3.14-->"C:\Program Files\DownloadToolz\Megavideo Video Downloader\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\mbtmdm.inf_afb0631d\mbtmdm.inf
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{231A1A09-FDF2-45F2-B3D1-964CECE372BC}\setup.exe" -runfromtemp -l0x040c -removeonly
Seagate Manager Installer-->MsiExec.exe /X{231A1A09-FDF2-45F2-B3D1-964CECE372BC}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
SpeedyFox-->"C:\Program Files\SpeedyFox\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Transcode 360 for Windows Vista-->"C:\Program Files\Transcode360\uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
WIDCOMM Bluetooth Software 6.0.1.6400-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe
======Hosts File======
127.0.0.1 activate.adobe.com
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: PC-de-Sébastien
Event Code: 134
Message: NtpClient n'a pas pu définir d'homologue manuel à utiliser comme source de temps en raison d'une erreur de résolution DNS sur " time.windows.com,0x1 ". NtpClient réessaiera dans 15 minutes, et à nouveau une fois le double de l'intervalle de nouvelle tentative écoulé. L'erreur était : Hôte inconnu. (0x80072AF9)
Record Number: 65881
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090608071021.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Sébastien
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.
Record Number: 65866
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090607215351.795836-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Sébastien
Event Code: 10002
Message: Le module d’extensibilité WLAN s’est arrêté.
Chemin d’accès du module : C:\Windows\System32\IWMSSvc.dll
Record Number: 65865
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090607215351.125036-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Sébastien
Event Code: 7022
Message: Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Record Number: 65815
Source Name: Service Control Manager
Time Written: 20090607080653.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Sébastien
Event Code: 7022
Message: Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Record Number: 65649
Source Name: Service Control Manager
Time Written: 20090606093601.000000-000
Event Type: Erreur
User:
=====Application event log=====
Computer Name: PC-de-Sébastien
Event Code: 11500
Message: Produit : Java(TM) 6 Update 11 -- Erreur 1500. Une autre installation est en cours. Vous de
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
8 oct. 2009 à 21:54
8 oct. 2009 à 21:54
Cerberus12
Fichier server95.exe reçu le 2009.10.08 19:45:33 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 5/41 (12.2%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.08 Trojan.Win32.Buzus!IK
AhnLab-V3 5.0.0.2 2009.10.08 -
AntiVir 7.9.1.35 2009.10.08 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.08 -
Avast 4.8.1351.0 2009.10.08 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.08 -
CAT-QuickHeal 10.00 2009.10.08 -
ClamAV 0.94.1 2009.10.08 -
Comodo 2539 2009.10.08 -
DrWeb 5.0.0.12182 2009.10.08 -
eSafe 7.0.17.0 2009.10.08 -
eTrust-Vet 35.1.7057 2009.10.08 -
F-Prot 4.5.1.85 2009.10.08 -
F-Secure 8.0.14470.0 2009.10.08 -
Fortinet 3.120.0.0 2009.10.08 -
GData 19 2009.10.08 -
Ikarus T3.1.1.72.0 2009.10.08 Trojan.Win32.Buzus
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.865 2009.10.08 -
Kaspersky 7.0.0.125 2009.10.08 -
McAfee 5765 2009.10.08 -
McAfee+Artemis 5765 2009.10.08 -
McAfee-GW-Edition 6.8.5 2009.10.08 Trojan.Dropper.Gen
Microsoft 1.5101 2009.10.08 VirTool:Win32/VBInject.gen!CE
NOD32 4491 2009.10.08 -
Norman 6.01.09 2009.10.08 -
nProtect 2009.1.8.0 2009.10.08 -
Panda 10.0.2.2 2009.10.08 -
PCTools 4.4.2.0 2009.10.08 -
Prevx 3.0 2009.10.08 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.08 -
Sunbelt 3.2.1858.2 2009.10.08 -
Symantec 1.4.4.12 2009.10.08 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.08 -
VBA32 3.12.10.11 2009.10.08 -
ViRobot 2009.10.8.1976 2009.10.08 -
VirusBuster 4.6.5.0 2009.10.08 -
Information additionnelle
File size: 167936 bytes
MD5...: 1b322f4558f95c690f42421f32a7e140
SHA1..: f6773f4ec170917673848307c3a8742f49b93ac3
SHA256: 7ee8e83d9d915d09d3b591dc4eb6d0cbd2b22bed8f752594b692201f26a344b1
ssdeep: 3072:3Te4EQ3hZBpTUndB3+AnD8fVIGN3y+c2+uBu4rE+VURbnbLt:3Te4EUBxUn
dBXuCGN35cYrExfLt
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x15b0
timedatestamp.....: 0x4abfbf5c (Sun Sep 27 19:39:08 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd4c4 0xe000 5.29 4d710721154d5d46cd89820bb3a4a376
.data 0xf000 0x3ec 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x10000 0x1832d 0x19000 7.79 710323400a8b82269195e07408d77a32
( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, _adj_fdiv_m32, __vbaAryDestruct, __vbaExitProc, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, _CIsin, -, __vbaErase, __vbaVarZero, __vbaChkstk, __vbaFileClose, __vbaStrCmp, __vbaPutOwner3, __vbaAryConstruct2, -, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, -, _CIsqrt, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaInStrVar, __vbaStrVarVal, __vbaUbound, __vbaGetOwner3, __vbaVarCat, -, _CIlog, __vbaFileOpen, -, -, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaI4Var, __vbaVarCmpEq, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, -, _CIatan, __vbaStrMove, __vbaStrVarCopy, -, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaI4ErrVar
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Realtek Semiconductor Corp.
copyright....: Copyright (c) 2004 Realtek Semiconductor Corp.
product......: Realtek AC97 Audio - Event Monitor
description..: Realtek Azalia Audio - Event Monitor
original name: Alcxmntr.exe
internal name: Alcxmntr
file version.: 1.6.0.2
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
Fichier server95.exe reçu le 2009.10.08 19:45:33 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 5/41 (12.2%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.08 Trojan.Win32.Buzus!IK
AhnLab-V3 5.0.0.2 2009.10.08 -
AntiVir 7.9.1.35 2009.10.08 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.08 -
Avast 4.8.1351.0 2009.10.08 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.08 -
CAT-QuickHeal 10.00 2009.10.08 -
ClamAV 0.94.1 2009.10.08 -
Comodo 2539 2009.10.08 -
DrWeb 5.0.0.12182 2009.10.08 -
eSafe 7.0.17.0 2009.10.08 -
eTrust-Vet 35.1.7057 2009.10.08 -
F-Prot 4.5.1.85 2009.10.08 -
F-Secure 8.0.14470.0 2009.10.08 -
Fortinet 3.120.0.0 2009.10.08 -
GData 19 2009.10.08 -
Ikarus T3.1.1.72.0 2009.10.08 Trojan.Win32.Buzus
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.865 2009.10.08 -
Kaspersky 7.0.0.125 2009.10.08 -
McAfee 5765 2009.10.08 -
McAfee+Artemis 5765 2009.10.08 -
McAfee-GW-Edition 6.8.5 2009.10.08 Trojan.Dropper.Gen
Microsoft 1.5101 2009.10.08 VirTool:Win32/VBInject.gen!CE
NOD32 4491 2009.10.08 -
Norman 6.01.09 2009.10.08 -
nProtect 2009.1.8.0 2009.10.08 -
Panda 10.0.2.2 2009.10.08 -
PCTools 4.4.2.0 2009.10.08 -
Prevx 3.0 2009.10.08 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.08 -
Sunbelt 3.2.1858.2 2009.10.08 -
Symantec 1.4.4.12 2009.10.08 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.08 -
VBA32 3.12.10.11 2009.10.08 -
ViRobot 2009.10.8.1976 2009.10.08 -
VirusBuster 4.6.5.0 2009.10.08 -
Information additionnelle
File size: 167936 bytes
MD5...: 1b322f4558f95c690f42421f32a7e140
SHA1..: f6773f4ec170917673848307c3a8742f49b93ac3
SHA256: 7ee8e83d9d915d09d3b591dc4eb6d0cbd2b22bed8f752594b692201f26a344b1
ssdeep: 3072:3Te4EQ3hZBpTUndB3+AnD8fVIGN3y+c2+uBu4rE+VURbnbLt:3Te4EUBxUn
dBXuCGN35cYrExfLt
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x15b0
timedatestamp.....: 0x4abfbf5c (Sun Sep 27 19:39:08 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd4c4 0xe000 5.29 4d710721154d5d46cd89820bb3a4a376
.data 0xf000 0x3ec 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x10000 0x1832d 0x19000 7.79 710323400a8b82269195e07408d77a32
( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, _adj_fdiv_m32, __vbaAryDestruct, __vbaExitProc, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, _CIsin, -, __vbaErase, __vbaVarZero, __vbaChkstk, __vbaFileClose, __vbaStrCmp, __vbaPutOwner3, __vbaAryConstruct2, -, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, -, _CIsqrt, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaInStrVar, __vbaStrVarVal, __vbaUbound, __vbaGetOwner3, __vbaVarCat, -, _CIlog, __vbaFileOpen, -, -, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaI4Var, __vbaVarCmpEq, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, -, _CIatan, __vbaStrMove, __vbaStrVarCopy, -, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaI4ErrVar
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Realtek Semiconductor Corp.
copyright....: Copyright (c) 2004 Realtek Semiconductor Corp.
product......: Realtek AC97 Audio - Event Monitor
description..: Realtek Azalia Audio - Event Monitor
original name: Alcxmntr.exe
internal name: Alcxmntr
file version.: 1.6.0.2
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
8 oct. 2009 à 21:56
8 oct. 2009 à 21:56
Spy-net
j'ai parfois un message au démarrage accompagnant la fenetre dont le post est question où spy-net est mise en cause.
Fichier server.exe reçu le 2009.10.08 19:50:44 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 5/41 (12.2%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.08 -
AhnLab-V3 5.0.0.2 2009.10.08 -
AntiVir 7.9.1.35 2009.10.08 -
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.08 -
Avast 4.8.1351.0 2009.10.08 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.08 -
CAT-QuickHeal 10.00 2009.10.08 Trojan.Buzus.cdnm
ClamAV 0.94.1 2009.10.08 -
Comodo 2539 2009.10.08 -
DrWeb 5.0.0.12182 2009.10.08 -
eSafe 7.0.17.0 2009.10.08 -
eTrust-Vet 35.1.7057 2009.10.08 -
F-Prot 4.5.1.85 2009.10.08 -
F-Secure 8.0.14470.0 2009.10.08 Trojan.Win32.Buzus.cdnm
Fortinet 3.120.0.0 2009.10.08 -
GData 19 2009.10.08 -
Ikarus T3.1.1.72.0 2009.10.08 -
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.865 2009.10.08 -
Kaspersky 7.0.0.125 2009.10.08 Trojan.Win32.Buzus.cdnm
McAfee 5765 2009.10.08 -
McAfee+Artemis 5765 2009.10.08 -
McAfee-GW-Edition 6.8.5 2009.10.08 Heuristic.LooksLike.Win32.Suspicious.C
Microsoft 1.5101 2009.10.08 -
NOD32 4491 2009.10.08 -
Norman 6.01.09 2009.10.08 -
nProtect 2009.1.8.0 2009.10.08 -
Panda 10.0.2.2 2009.10.08 -
PCTools 4.4.2.0 2009.10.08 -
Prevx 3.0 2009.10.08 High Risk Cloaked Malware
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.08 -
Sunbelt 3.2.1858.2 2009.10.08 -
Symantec 1.4.4.12 2009.10.08 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.08 -
VBA32 3.12.10.11 2009.10.08 -
ViRobot 2009.10.8.1976 2009.10.08 -
VirusBuster 4.6.5.0 2009.10.08 -
Information additionnelle
File size: 258560 bytes
MD5...: b1786e3a0647d77eacc34685ff582baf
SHA1..: 6c15483797390c7ee0e2641d70015bf3a0bd1a6d
SHA256: 8d992077a878af9bda4bba3b2e1616b6bcd1a522cb7e78f08ba1fd5423eef6c4
ssdeep: 6144:PseZymvhuuC8JlLfaPxnNg65WyvnV+EVRLCcyq+jqGGFVIAVt:EenJuuCoL
faXC0V3j/yq+jqGCIUt
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4aa998db (Fri Sep 11 00:24:59 2009)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x6000 0x1c00 7.97 c1fb151271211cb7f01d084631c6b964
0x7000 0x1000 0x200 7.55 ffa7c3a2dd03a750db87a328a38fde83
.rsrc 0x8000 0x18000 0x18000 7.98 5f7330dc9b0bcea2605bd8b31bb3c137
.data 0x20000 0x5c000 0x24400 7.84 9581b29acd04a04db0c891f05bbd410a
.adata 0x7c000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 4 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> msvbvm60.dll: _CIcos
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: cd
copyright....: gh
product......: kl
description..: ef
original name: bong.exe
internal name: bong
file version.: 1.00
comments.....: ab
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Aspack
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B6436CD00014EF1FF28603A1F6EA0500929C7ABC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B6436CD00014EF1FF28603A1F6EA0500929C7ABC</a>
j'ai parfois un message au démarrage accompagnant la fenetre dont le post est question où spy-net est mise en cause.
Fichier server.exe reçu le 2009.10.08 19:50:44 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 5/41 (12.2%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.08 -
AhnLab-V3 5.0.0.2 2009.10.08 -
AntiVir 7.9.1.35 2009.10.08 -
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.08 -
Avast 4.8.1351.0 2009.10.08 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.08 -
CAT-QuickHeal 10.00 2009.10.08 Trojan.Buzus.cdnm
ClamAV 0.94.1 2009.10.08 -
Comodo 2539 2009.10.08 -
DrWeb 5.0.0.12182 2009.10.08 -
eSafe 7.0.17.0 2009.10.08 -
eTrust-Vet 35.1.7057 2009.10.08 -
F-Prot 4.5.1.85 2009.10.08 -
F-Secure 8.0.14470.0 2009.10.08 Trojan.Win32.Buzus.cdnm
Fortinet 3.120.0.0 2009.10.08 -
GData 19 2009.10.08 -
Ikarus T3.1.1.72.0 2009.10.08 -
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.865 2009.10.08 -
Kaspersky 7.0.0.125 2009.10.08 Trojan.Win32.Buzus.cdnm
McAfee 5765 2009.10.08 -
McAfee+Artemis 5765 2009.10.08 -
McAfee-GW-Edition 6.8.5 2009.10.08 Heuristic.LooksLike.Win32.Suspicious.C
Microsoft 1.5101 2009.10.08 -
NOD32 4491 2009.10.08 -
Norman 6.01.09 2009.10.08 -
nProtect 2009.1.8.0 2009.10.08 -
Panda 10.0.2.2 2009.10.08 -
PCTools 4.4.2.0 2009.10.08 -
Prevx 3.0 2009.10.08 High Risk Cloaked Malware
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.08 -
Sunbelt 3.2.1858.2 2009.10.08 -
Symantec 1.4.4.12 2009.10.08 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.08 -
VBA32 3.12.10.11 2009.10.08 -
ViRobot 2009.10.8.1976 2009.10.08 -
VirusBuster 4.6.5.0 2009.10.08 -
Information additionnelle
File size: 258560 bytes
MD5...: b1786e3a0647d77eacc34685ff582baf
SHA1..: 6c15483797390c7ee0e2641d70015bf3a0bd1a6d
SHA256: 8d992077a878af9bda4bba3b2e1616b6bcd1a522cb7e78f08ba1fd5423eef6c4
ssdeep: 6144:PseZymvhuuC8JlLfaPxnNg65WyvnV+EVRLCcyq+jqGGFVIAVt:EenJuuCoL
faXC0V3j/yq+jqGCIUt
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4aa998db (Fri Sep 11 00:24:59 2009)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x6000 0x1c00 7.97 c1fb151271211cb7f01d084631c6b964
0x7000 0x1000 0x200 7.55 ffa7c3a2dd03a750db87a328a38fde83
.rsrc 0x8000 0x18000 0x18000 7.98 5f7330dc9b0bcea2605bd8b31bb3c137
.data 0x20000 0x5c000 0x24400 7.84 9581b29acd04a04db0c891f05bbd410a
.adata 0x7c000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 4 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> msvbvm60.dll: _CIcos
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: cd
copyright....: gh
product......: kl
description..: ef
original name: bong.exe
internal name: bong
file version.: 1.00
comments.....: ab
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Aspack
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B6436CD00014EF1FF28603A1F6EA0500929C7ABC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B6436CD00014EF1FF28603A1F6EA0500929C7ABC</a>
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
9 oct. 2009 à 12:22
9 oct. 2009 à 12:22
complément d'information en image :
http://img198.imageshack.us/img198/1399/bug2xb.jpg
maintenant je fait quoi ?
http://img198.imageshack.us/img198/1399/bug2xb.jpg
maintenant je fait quoi ?
Bonjour
1)Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
! Déconnectes toi et fermes toute tes applications en cours !
Double cliques sur "OTMoveIt" pour ouvrir le programme.
Puis copies ce qui se trouve en gras ci-dessous:
:Services
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Spy-Net"=-
"Cerberus45"=-
:files
C:\Windows\System32\Cerberus12\server95.exe
C:\Windows\System32\Spy-Net\server.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for Items to be Moved.
(ne touche à rien d'autre !)
-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...
(Note : ton bureau va disparaître puis réapparaître, c'est normal.)
-> Une fois finis, un petite fenêtre s'ouvre : cliques sur " Yes " .
Ton PC va redémarrer de lui même ...
-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
@+
1)Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
! Déconnectes toi et fermes toute tes applications en cours !
Double cliques sur "OTMoveIt" pour ouvrir le programme.
Puis copies ce qui se trouve en gras ci-dessous:
:Services
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Spy-Net"=-
"Cerberus45"=-
:files
C:\Windows\System32\Cerberus12\server95.exe
C:\Windows\System32\Spy-Net\server.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for Items to be Moved.
(ne touche à rien d'autre !)
-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...
(Note : ton bureau va disparaître puis réapparaître, c'est normal.)
-> Une fois finis, un petite fenêtre s'ouvre : cliques sur " Yes " .
Ton PC va redémarrer de lui même ...
-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
@+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
9 oct. 2009 à 14:20
9 oct. 2009 à 14:20
All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Spy-Net deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cerberus45 deleted successfully.
========== FILES ==========
C:\Windows\System32\Cerberus12\server95.exe moved successfully.
C:\Windows\System32\Spy-Net\server.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
User: Mcx1
User: Mcx1.PC-de-Sébastien
->Temp folder emptied: 0 bytes
User: Public
User: Sébastien
User: Sébastien
->Temp folder emptied: 735680 bytes
->Java cache emptied: 26470782 bytes
->FireFox cache emptied: 78554165 bytes
User: SÚbastien
%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 47717 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 100,91 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10092009_141447
Files moved on Reboot...
Registry entries deleted on Reboot...
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Spy-Net deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cerberus45 deleted successfully.
========== FILES ==========
C:\Windows\System32\Cerberus12\server95.exe moved successfully.
C:\Windows\System32\Spy-Net\server.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
User: Mcx1
User: Mcx1.PC-de-Sébastien
->Temp folder emptied: 0 bytes
User: Public
User: Sébastien
User: Sébastien
->Temp folder emptied: 735680 bytes
->Java cache emptied: 26470782 bytes
->FireFox cache emptied: 78554165 bytes
User: SÚbastien
%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 47717 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 100,91 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10092009_141447
Files moved on Reboot...
Registry entries deleted on Reboot...
Re
Télécharge Malwarebytes anti malware ici
http://www.malwarebytes.org/mbam.php
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(cela dis, il est très simple d’utilisation).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Complet" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
@+
Télécharge Malwarebytes anti malware ici
http://www.malwarebytes.org/mbam.php
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(cela dis, il est très simple d’utilisation).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Complet" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
@+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
9 oct. 2009 à 17:26
9 oct. 2009 à 17:26
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2928
Windows 6.0.6002 Service Pack 2
09/10/2009 16:40:35
mbam-log-2009-10-09 (16-40-35).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 293956
Temps écoulé: 2 hour(s), 1 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ibg8e86j-se86-n3oi-aeeb-bc6727m553r1} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{q24dw6q2-06i4-ij3c-0xc1-f3kcx17100mj} (Generic.Bot.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spy-Net (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spy-Net (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\System32\Cerberus12\server95.exe (Generic.Bot.H) -> Delete on reboot.
C:\Windows\System32\Spy-Net\server.exe (Generic.Bot.H) -> Delete on reboot.
Version de la base de données: 2928
Windows 6.0.6002 Service Pack 2
09/10/2009 16:40:35
mbam-log-2009-10-09 (16-40-35).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 293956
Temps écoulé: 2 hour(s), 1 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ibg8e86j-se86-n3oi-aeeb-bc6727m553r1} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{q24dw6q2-06i4-ij3c-0xc1-f3kcx17100mj} (Generic.Bot.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spy-Net (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spy-Net (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\System32\Cerberus12\server95.exe (Generic.Bot.H) -> Delete on reboot.
C:\Windows\System32\Spy-Net\server.exe (Generic.Bot.H) -> Delete on reboot.
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
9 oct. 2009 à 21:30
9 oct. 2009 à 21:30
re, comme demandé le RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sébastien at 2009-10-09 21:27:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 42 GB (28%) free of 148 GB
Total RAM: 3066 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:22, on 09/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Sébastien\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sébastien.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sébastien at 2009-10-09 21:27:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 42 GB (28%) free of 148 GB
Total RAM: 3066 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:22, on 09/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Sébastien\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sébastien.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Bonjour
Tu es toujours infecté.
Passons à la vitesse supérieure.
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
->Renomme le pour l’enregistrer sur ton bureau en asdehi(tout simplement pour que l’infection ne le contre pas)
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
-Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
Tu es toujours infecté.
Passons à la vitesse supérieure.
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
->Renomme le pour l’enregistrer sur ton bureau en asdehi(tout simplement pour que l’infection ne le contre pas)
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
-Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
11 oct. 2009 à 11:50
11 oct. 2009 à 11:50
Bonjour,
le rapport demandé :
ComboFix 09-10-10.02 - Sébastien 11/10/2009 11:15.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1835 [GMT 2:00]
Lancé depuis: c:\users\Sébastien\Desktop\asdehi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-811835293-1638113248-1029637537-1001
c:\$recycle.bin\S-1-5-21-811835293-1638113248-1029637537-500
c:\windows\Installer\13da50.msi
c:\windows\Installer\34e063.msi
c:\windows\Installer\34e067.msi
c:\windows\Installer\5e6444.msi
c:\windows\Installer\5e71db.msi
c:\windows\Installer\6a77b3.msi
c:\windows\Installer\6a77b7.msi
c:\windows\Suyin.reg
Une copie infectée de c:\windows\System32\calc.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.0.6000.16386_none_a7873f3f1dd0e729\calc.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-11 au 2009-10-11 ))))))))))))))))))))))))))))))))))))
.
2009-10-11 09:35 . 2009-10-11 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-09 12:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 12:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 12:29 . 2009-10-09 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 12:14 . 2009-10-09 12:14 -------- d-----w- C:\_OTM
2009-10-08 19:07 . 2009-10-08 19:07 -------- d-----w- C:\rsit
2009-10-08 19:01 . 2009-10-08 19:01 -------- d-----w- c:\program files\Trend Micro
2009-10-08 18:07 . 2009-10-08 18:07 -------- d-sh--w- c:\users\SÚbastien
2009-10-08 18:05 . 2009-10-08 18:08 -------- d-----w- C:\GenProc
2009-10-07 12:15 . 2009-10-08 06:44 146314 ----a-w- c:\windows\hpoins18.dat
2009-10-07 12:14 . 2007-03-01 00:35 6600 ----a-w- c:\windows\hpomdl18.dat
2009-10-06 09:20 . 2009-10-08 17:35 -------- d-----w- c:\program files\Ad-Remover
2009-10-04 10:31 . 2009-10-04 10:31 -------- d-----w- c:\program files\Microsoft
2009-10-04 10:30 . 2009-10-04 10:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-02 10:39 . 2009-10-02 10:39 -------- d-----w- c:\windows\system32\URTTEMP
2009-09-28 11:10 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Cerberus12
2009-09-25 15:27 . 2009-09-25 15:27 -------- d-----w- c:\program files\Druide
2009-09-25 15:21 . 2009-09-25 15:21 -------- d-----w- c:\program files\7-Zip
2009-09-25 14:08 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Spy-Net
2009-09-24 09:08 . 2009-09-24 09:08 -------- d-----w- c:\program files\iPod
2009-09-24 09:08 . 2009-09-24 09:10 -------- d-----w- c:\program files\iTunes
2009-09-23 22:07 . 2009-10-04 18:58 -------- d-----w- C:\Mes Sites Web
2009-09-17 09:38 . 2009-09-17 09:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-14 09:45 . 2009-09-14 10:01 -------- d-----w- c:\program files\abgx360
2009-09-12 08:48 . 2009-09-12 08:48 -------- d-----w- c:\programdata\Malwarebytes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 09:38 . 2009-03-13 13:35 28219 ----a-w- c:\programdata\nvModes.dat
2009-10-11 09:36 . 2008-09-30 01:30 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-11 08:54 . 2009-05-14 20:00 -------- d-----w- c:\programdata\Google Updater
2009-10-09 20:00 . 2008-01-21 08:40 679418 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-09 20:00 . 2008-01-21 08:40 128418 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-09 07:24 . 2009-03-13 19:20 -------- d-----w- c:\program files\MSECache
2009-10-06 12:44 . 2008-09-30 01:43 -------- d-----w- c:\program files\Launch Manager
2009-10-06 12:19 . 2008-09-30 01:57 -------- d-----w- c:\programdata\CyberLink
2009-10-06 09:40 . 2009-08-17 20:33 -------- d-----w- c:\program files\JDownloader 0.6.193
2009-10-04 10:54 . 2009-03-13 12:45 -------- d-----w- c:\program files\Patch MsnCreative
2009-09-29 15:58 . 2009-03-13 13:14 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-29 15:46 . 2009-07-09 16:37 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-29 15:44 . 2009-03-13 14:51 -------- d-----w- c:\program files\Google
2009-09-29 15:44 . 2008-07-25 13:04 -------- d-----w- c:\program files\Acer GameZone
2009-09-29 15:43 . 2008-07-25 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 09:08 . 2009-06-13 12:35 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 08:58 . 2009-03-13 12:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 08:51 . 2009-09-10 08:49 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 08:46 . 2009-09-10 08:45 -------- d-----w- c:\program files\QuickTime
2009-09-10 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-07 17:50 . 2009-09-07 17:50 89088 ----a-w- c:\windows\system32\atl71.dll
2009-09-07 17:50 . 2009-09-07 17:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-07 17:50 . 2009-09-07 17:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-07 17:50 . 2009-09-07 17:50 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-07 17:50 . 2009-09-07 17:50 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-09-06 20:16 . 2009-09-06 20:16 -------- d-----w- c:\program files\Ipulp
2009-09-04 11:09 . 2009-09-04 11:09 -------- d-----w- c:\program files\SpeedyFox
2009-08-29 00:27 . 2009-09-02 20:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 15:02 . 2009-08-27 12:39 -------- d-----w- c:\program files\ImgBurn
2009-08-27 12:42 . 2009-08-27 12:42 -------- d-----w- c:\programdata\WindowsSearch
2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\programdata\Seagate
2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\program files\Seagate
2009-08-25 22:09 . 2009-05-02 10:02 -------- d-----w- c:\program files\McAfee
2009-08-24 09:11 . 2009-03-18 14:50 164389 ----a-w- c:\windows\hpoins19.dat
2009-08-14 16:27 . 2009-09-09 08:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 08:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 08:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 08:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 08:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 08:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 08:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 08:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 08:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2009-03-14 12:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-30 08:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 08:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 08:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 08:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 07:03 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 10:32 . 2009-05-02 10:04 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 12:40 . 2009-08-13 07:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 07:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 07:03 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 07:03 7680 ----a-w- c:\windows\system32\spwmp.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-04 3883856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-30 3676160]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-09-30 01:56 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,24,1c,96,ee,e5,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9B95664-C1B4-4028-9CDC-757525CFF306}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8BC06121-A75B-42B8-BB02-516D92ECA5ED}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{D5FD47F0-B674-4133-AFE0-AEBE4F1F3542}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{21E6A589-2D86-4D77-8514-414F27E90DE2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E85E5F47-1A4C-4281-A1F4-F5FFDE3813EA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{747104A9-A58C-4264-BDB2-3D9DEF32DF3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A574124D-8C8B-4071-9666-3EA3F48E0543}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{F1102A3F-E8B1-440A-8F5F-E996241ADF80}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{58081E78-6D67-44E4-9B37-B2755DDFD2D6}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{B70E3C13-0BF9-4B46-A35B-6671090439B9}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{B6C0D282-FB43-4016-88B2-D983ADB3EE7D}"= UDP:5353:Adobe CSI CS4
"{2232CA97-E53E-4A7C-BE73-30794DA992FF}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D729BA9F-3C21-4A7A-8A4C-8C2682F2B189}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3DFC2EBE-4A49-4D48-A095-81800DEB312F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3D6B6C19-90E2-4BA1-AFEF-A25B30E3A5DB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{595BD36C-87B8-4223-AFD9-B74F84C0949F}"= UDP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (TCP-In)
"{70EA60D2-47F6-4694-903A-76FDD2D6BBF4}"= TCP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (UDP-In)
"{FE9BE8E1-FDFD-4563-A418-BA9D035BBD71}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FC281911-2EB7-4DA5-A900-19C8F6C61DF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{07F3E981-3AC2-48DC-B90B-877B71004FD1}"= UDP:35430:µT 35430
"{7C0375C3-48DB-43EE-A04C-A6A47F1F15F2}"= TCP:35430:35430
"{E8A5C04B-35E7-4740-A36B-BD1D047BFBA0}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"{DAB81D34-E5A1-497D-AA8B-367DDB237AA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"TCP Query User{7A88F352-BFF7-4C4F-A384-0AE9326A4EC4}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
"UDP Query User{AFA8DCDB-9B95-42DD-998B-8E76CDB0E699}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
"{7D7E9280-BEF5-48EB-8BA3-59527C87798A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{025B3AD4-AB85-4D2F-BB15-F7F5F38BB959}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{0D7D3184-0965-4C4C-BB4C-6CDC77404C33}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{D677B84E-08CC-4F75-A302-952B91B961C8}"= TCP:1041:Transcode 360
"{3C04E86C-E85C-40E6-8165-F441F57452B7}"= TCP:10244:Transcode 360
"{05D59994-4E96-4224-BC26-35A8CEDEEF22}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B20D2C1D-5181-4B47-B2F5-CCD6250F545D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A2118446-3593-4E56-B577-E2A7926590DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B6C5B99-6E1D-4457-B589-82992710C55D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{093296A4-9BEE-40F8-970F-26D698A052E9}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{11419E0C-FF18-415D-9273-0F1C6C86207A}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{FF58D495-9620-4AC7-8021-F219B82E2107}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{14AED605-58A9-495F-8CEE-7653A19E3E9C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9A55B352-63C2-467B-AE22-B5872CD8FC12}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{604050F3-FB6E-4A41-9E6B-CDFB32E8FBCA}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{D8127E1B-7717-4838-80F0-B7995264CCB7}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9147E7F4-5707-4575-9B5E-AFA877D24744}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{7F18A312-B532-4A06-8F73-09C228508C27}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60714ECD-E57A-4C0C-BCC3-874C27DA7132}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8905B12F-D465-47B3-B380-E5954A39BF98}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{92CEF1AC-3F53-4967-9D3B-1414DC6F1361}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{4DDD3242-6133-41FB-86DD-1ED97337BF67}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{3AD12867-F1B6-4C88-98A7-DFA95368E90A}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{E8A0E8C7-1B2E-43F9-A85F-A8B3EFE012EF}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{83A08EF7-F3FB-46B4-A738-247104885DB7}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30/09/2008 03:56 42608]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/10/06 14:21];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [06/10/2009 14:20 87536]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 15:38 188416]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30/09/2008 04:04 75048]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [25/07/2008 14:51 24576]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 14:35 181544]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [09/07/2009 18:39 233472]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/10/2009 14:29 269648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/05/2009 12:08 206112]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30/09/2008 04:04 122368]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30/09/2008 04:19 233472]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 13:40 14336]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [09/07/2009 18:39 36608]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [20/05/2009 06:02 48640]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [09/10/2009 14:29 19160]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 08:40 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 07:05 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 07:51 43008]
S2 gupdate1c9d4ccfe26ad22;Google Update Service (gupdate1c9d4ccfe26ad22);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 21:48 133104]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/09/2008 03:56 3602432]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 16:51 24064]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [15/09/2008 14:26 7168]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [09/10/2009 14:29 38224]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [30/07/2009 16:01 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [30/07/2009 16:01 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [30/07/2009 16:01 121856]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [06/07/2009 22:26 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [06/07/2009 22:26 104960]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-10-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 20:00]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]
2009-05-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]
2009-05-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]
2009-10-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Sébastien_Sébastien.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 07:59]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\wfb5fe5d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Cerberus45 - c:\windows\System32\Cerberus12\server95.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Cerberus45 - c:\windows\System32\Cerberus12\server95.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NPSStartup - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 11:38
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3024)
c:\program files\RocketDock\RocketDock.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
c:\progra~1\mcafee\VIRUSS~1\scriptsn.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
.
------------------------ Autres processus actifs ------------------------
.
SystemRoot\System32\smss.exe [544]
c:\windows\system32\csrss.exe [612]
c:\windows\system32\wininit.exe [664]
c:\windows\system32\csrss.exe [672]
c:\windows\system32\services.exe [712]
c:\windows\system32\lsass.exe [724]
c:\windows\system32\lsm.exe [732]
c:\windows\system32\svchost.exe [892]
c:\windows\system32\nvvsvc.exe [936]
c:\windows\system32\svchost.exe [964]
c:\windows\System32\svchost.exe [1060]
c:\windows\System32\svchost.exe [1092]
c:\windows\system32\svchost.exe [1104]
c:\windows\system32\svchost.exe [1200]
c:\windows\system32\SLsvc.exe [1216]
c:\windows\system32\winlogon.exe [1252]
c:\windows\system32\svchost.exe [1300]
c:\windows\system32\svchost.exe [1420]
c:\windows\system32\WLANExt.exe [1556]
c:\windows\System32\spoolsv.exe [1616]
c:\windows\system32\svchost.exe [1660]
c:\windows\system32\rundll32.exe [1832]
c:\program files\Common Files\SPBA\upeksvr.exe [1896]
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe [572]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [364]
c:\program files\Bonjour\mDNSResponder.exe [532]
c:\windows\system32\svchost.exe [616]
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [960]
c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [1856]
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2064]
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2116]
c:\program files\Acer\Empowering Technology\Service\ETService.exe [2140]
c:\program files\Intel\WiFi\bin\EvtEng.exe [2232]
c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2276]
c:\windows\system32\FsUsbExService.Exe [2340]
c:\windows\system32\svchost.exe [2520]
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2560]
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe [2620]
c:\program files\Common Files\LightScribe\LSSrvc.exe [2684]
c:\program files\McAfee\SiteAdvisor\McSACore.exe [2696]
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2748]
c:\windows\system32\rundll32.exe [2792]
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe [2816]
c:\acer\Mobility Center\MobilityService.exe [2924]
c:\program files\McAfee\MPF\MPFSrv.exe [3160]
c:\program files\McAfee\MSK\MskSrver.exe [3180]
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [3220]
c:\windows\System32\svchost.exe [3364]
c:\program files\CDBurnerXP\NMSAccessU.exe [3412]
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [3428]
c:\windows\system32\Dwm.exe [3660]
c:\windows\System32\svchost.exe [3692]
c:\windows\system32\PnkBstrA.exe [3720]
c:\windows\system32\svchost.exe [3760]
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe [3812]
c:\program files\Cyberlink\Shared files\RichVideo.exe [3864]
c:\program files\Acer\Acer VCM\RS_Service.exe [3888]
c:\windows\system32\svchost.exe [3944]
c:\windows\System32\svchost.exe [4016]
c:\windows\system32\SearchIndexer.exe [4056]
c:\windows\system32\DRIVERS\xaudio.exe [1944]
c:\windows\system32\taskeng.exe [2476]
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2452]
c:\windows\system32\wbem\wmiprvse.exe [2596]
c:\windows\system32\CF6725.exe [4328]
c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [4456]
c:\windows\RtHDVCpl.exe [4464]
c:\program files\Synaptics\SynTP\SynTPEnh.exe [4472]
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [4480]
c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe [4520]
c:\windows\System32\rundll32.exe [4628]
c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe [4648]
c:\program files\Acer\Acer Bio Protection\PdtWzd.exe [4656]
c:\program files\HP\HP Software Update\hpwuSchd2.exe [4708]
c:\program files\Launch Manager\QtZgAcer.EXE [4724]
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [4768]
c:\program files\Java\jre6\bin\jusched.exe [4832]
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [4856]
c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [4864]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [4872]
c:\windows\ehome\ehtray.exe [4884]
c:\program files\RocketDock\RocketDock.exe [4928]
c:\program files\Windows Sidebar\sidebar.exe [4984]
c:\windows\ehome\ehmsas.exe [5192]
c:\users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe [5380]
c:\windows\system32\wbem\unsecapp.exe [6128]
c:\windows\system32\wbem\wmiprvse.exe [4092]
c:\progra~1\McAfee\MSC\mcmscsvc.exe [5988]
c:\progra~1\mcafee.com\agent\mcagent.exe [1280]
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe [5228]
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe [1088]
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2368]
c:\program files\Windows Media Player\wmpnetwk.exe [2740]
c:\progra~1\mcafee\msc\mcupdmgr.exe [2772]
c:\windows\Explorer.exe [3024]
c:\windows\system32\DllHost.exe [5156]
c:\windows\system32\NOTEPAD.EXE [3124]
c:\asdehi\catchme.cfxxe [3684]
.
**************************************************************************
.
Heure de fin: 2009-10-11 11:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-11 09:47
Avant-CF: 43 326 074 880 octets libres
Après-CF: 43 140 534 272 octets libres
516 --- E O F --- 2009-10-04 10:30
le rapport demandé :
ComboFix 09-10-10.02 - Sébastien 11/10/2009 11:15.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1835 [GMT 2:00]
Lancé depuis: c:\users\Sébastien\Desktop\asdehi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-811835293-1638113248-1029637537-1001
c:\$recycle.bin\S-1-5-21-811835293-1638113248-1029637537-500
c:\windows\Installer\13da50.msi
c:\windows\Installer\34e063.msi
c:\windows\Installer\34e067.msi
c:\windows\Installer\5e6444.msi
c:\windows\Installer\5e71db.msi
c:\windows\Installer\6a77b3.msi
c:\windows\Installer\6a77b7.msi
c:\windows\Suyin.reg
Une copie infectée de c:\windows\System32\calc.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.0.6000.16386_none_a7873f3f1dd0e729\calc.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-11 au 2009-10-11 ))))))))))))))))))))))))))))))))))))
.
2009-10-11 09:35 . 2009-10-11 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-09 12:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 12:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 12:29 . 2009-10-09 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 12:14 . 2009-10-09 12:14 -------- d-----w- C:\_OTM
2009-10-08 19:07 . 2009-10-08 19:07 -------- d-----w- C:\rsit
2009-10-08 19:01 . 2009-10-08 19:01 -------- d-----w- c:\program files\Trend Micro
2009-10-08 18:07 . 2009-10-08 18:07 -------- d-sh--w- c:\users\SÚbastien
2009-10-08 18:05 . 2009-10-08 18:08 -------- d-----w- C:\GenProc
2009-10-07 12:15 . 2009-10-08 06:44 146314 ----a-w- c:\windows\hpoins18.dat
2009-10-07 12:14 . 2007-03-01 00:35 6600 ----a-w- c:\windows\hpomdl18.dat
2009-10-06 09:20 . 2009-10-08 17:35 -------- d-----w- c:\program files\Ad-Remover
2009-10-04 10:31 . 2009-10-04 10:31 -------- d-----w- c:\program files\Microsoft
2009-10-04 10:30 . 2009-10-04 10:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-02 10:39 . 2009-10-02 10:39 -------- d-----w- c:\windows\system32\URTTEMP
2009-09-28 11:10 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Cerberus12
2009-09-25 15:27 . 2009-09-25 15:27 -------- d-----w- c:\program files\Druide
2009-09-25 15:21 . 2009-09-25 15:21 -------- d-----w- c:\program files\7-Zip
2009-09-25 14:08 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Spy-Net
2009-09-24 09:08 . 2009-09-24 09:08 -------- d-----w- c:\program files\iPod
2009-09-24 09:08 . 2009-09-24 09:10 -------- d-----w- c:\program files\iTunes
2009-09-23 22:07 . 2009-10-04 18:58 -------- d-----w- C:\Mes Sites Web
2009-09-17 09:38 . 2009-09-17 09:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-14 09:45 . 2009-09-14 10:01 -------- d-----w- c:\program files\abgx360
2009-09-12 08:48 . 2009-09-12 08:48 -------- d-----w- c:\programdata\Malwarebytes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 09:38 . 2009-03-13 13:35 28219 ----a-w- c:\programdata\nvModes.dat
2009-10-11 09:36 . 2008-09-30 01:30 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-11 08:54 . 2009-05-14 20:00 -------- d-----w- c:\programdata\Google Updater
2009-10-09 20:00 . 2008-01-21 08:40 679418 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-09 20:00 . 2008-01-21 08:40 128418 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-09 07:24 . 2009-03-13 19:20 -------- d-----w- c:\program files\MSECache
2009-10-06 12:44 . 2008-09-30 01:43 -------- d-----w- c:\program files\Launch Manager
2009-10-06 12:19 . 2008-09-30 01:57 -------- d-----w- c:\programdata\CyberLink
2009-10-06 09:40 . 2009-08-17 20:33 -------- d-----w- c:\program files\JDownloader 0.6.193
2009-10-04 10:54 . 2009-03-13 12:45 -------- d-----w- c:\program files\Patch MsnCreative
2009-09-29 15:58 . 2009-03-13 13:14 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-29 15:46 . 2009-07-09 16:37 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-29 15:44 . 2009-03-13 14:51 -------- d-----w- c:\program files\Google
2009-09-29 15:44 . 2008-07-25 13:04 -------- d-----w- c:\program files\Acer GameZone
2009-09-29 15:43 . 2008-07-25 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 09:08 . 2009-06-13 12:35 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 08:58 . 2009-03-13 12:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 08:51 . 2009-09-10 08:49 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 08:46 . 2009-09-10 08:45 -------- d-----w- c:\program files\QuickTime
2009-09-10 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-07 17:50 . 2009-09-07 17:50 89088 ----a-w- c:\windows\system32\atl71.dll
2009-09-07 17:50 . 2009-09-07 17:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-07 17:50 . 2009-09-07 17:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-07 17:50 . 2009-09-07 17:50 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-07 17:50 . 2009-09-07 17:50 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-09-06 20:16 . 2009-09-06 20:16 -------- d-----w- c:\program files\Ipulp
2009-09-04 11:09 . 2009-09-04 11:09 -------- d-----w- c:\program files\SpeedyFox
2009-08-29 00:27 . 2009-09-02 20:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 15:02 . 2009-08-27 12:39 -------- d-----w- c:\program files\ImgBurn
2009-08-27 12:42 . 2009-08-27 12:42 -------- d-----w- c:\programdata\WindowsSearch
2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\programdata\Seagate
2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\program files\Seagate
2009-08-25 22:09 . 2009-05-02 10:02 -------- d-----w- c:\program files\McAfee
2009-08-24 09:11 . 2009-03-18 14:50 164389 ----a-w- c:\windows\hpoins19.dat
2009-08-14 16:27 . 2009-09-09 08:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 08:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 08:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 08:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 08:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 08:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 08:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 08:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 08:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2009-03-14 12:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-30 08:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 08:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 08:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 08:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 07:03 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 10:32 . 2009-05-02 10:04 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 12:40 . 2009-08-13 07:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 07:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 07:03 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 07:03 7680 ----a-w- c:\windows\system32\spwmp.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-04 3883856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-30 3676160]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-09-30 01:56 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,24,1c,96,ee,e5,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9B95664-C1B4-4028-9CDC-757525CFF306}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8BC06121-A75B-42B8-BB02-516D92ECA5ED}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{D5FD47F0-B674-4133-AFE0-AEBE4F1F3542}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{21E6A589-2D86-4D77-8514-414F27E90DE2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E85E5F47-1A4C-4281-A1F4-F5FFDE3813EA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{747104A9-A58C-4264-BDB2-3D9DEF32DF3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A574124D-8C8B-4071-9666-3EA3F48E0543}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{F1102A3F-E8B1-440A-8F5F-E996241ADF80}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{58081E78-6D67-44E4-9B37-B2755DDFD2D6}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{B70E3C13-0BF9-4B46-A35B-6671090439B9}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{B6C0D282-FB43-4016-88B2-D983ADB3EE7D}"= UDP:5353:Adobe CSI CS4
"{2232CA97-E53E-4A7C-BE73-30794DA992FF}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D729BA9F-3C21-4A7A-8A4C-8C2682F2B189}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3DFC2EBE-4A49-4D48-A095-81800DEB312F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3D6B6C19-90E2-4BA1-AFEF-A25B30E3A5DB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{595BD36C-87B8-4223-AFD9-B74F84C0949F}"= UDP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (TCP-In)
"{70EA60D2-47F6-4694-903A-76FDD2D6BBF4}"= TCP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (UDP-In)
"{FE9BE8E1-FDFD-4563-A418-BA9D035BBD71}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FC281911-2EB7-4DA5-A900-19C8F6C61DF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{07F3E981-3AC2-48DC-B90B-877B71004FD1}"= UDP:35430:µT 35430
"{7C0375C3-48DB-43EE-A04C-A6A47F1F15F2}"= TCP:35430:35430
"{E8A5C04B-35E7-4740-A36B-BD1D047BFBA0}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"{DAB81D34-E5A1-497D-AA8B-367DDB237AA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"TCP Query User{7A88F352-BFF7-4C4F-A384-0AE9326A4EC4}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
"UDP Query User{AFA8DCDB-9B95-42DD-998B-8E76CDB0E699}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
"{7D7E9280-BEF5-48EB-8BA3-59527C87798A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{025B3AD4-AB85-4D2F-BB15-F7F5F38BB959}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{0D7D3184-0965-4C4C-BB4C-6CDC77404C33}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{D677B84E-08CC-4F75-A302-952B91B961C8}"= TCP:1041:Transcode 360
"{3C04E86C-E85C-40E6-8165-F441F57452B7}"= TCP:10244:Transcode 360
"{05D59994-4E96-4224-BC26-35A8CEDEEF22}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B20D2C1D-5181-4B47-B2F5-CCD6250F545D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A2118446-3593-4E56-B577-E2A7926590DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B6C5B99-6E1D-4457-B589-82992710C55D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{093296A4-9BEE-40F8-970F-26D698A052E9}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{11419E0C-FF18-415D-9273-0F1C6C86207A}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{FF58D495-9620-4AC7-8021-F219B82E2107}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{14AED605-58A9-495F-8CEE-7653A19E3E9C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9A55B352-63C2-467B-AE22-B5872CD8FC12}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{604050F3-FB6E-4A41-9E6B-CDFB32E8FBCA}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{D8127E1B-7717-4838-80F0-B7995264CCB7}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9147E7F4-5707-4575-9B5E-AFA877D24744}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{7F18A312-B532-4A06-8F73-09C228508C27}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60714ECD-E57A-4C0C-BCC3-874C27DA7132}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8905B12F-D465-47B3-B380-E5954A39BF98}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{92CEF1AC-3F53-4967-9D3B-1414DC6F1361}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{4DDD3242-6133-41FB-86DD-1ED97337BF67}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{3AD12867-F1B6-4C88-98A7-DFA95368E90A}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{E8A0E8C7-1B2E-43F9-A85F-A8B3EFE012EF}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{83A08EF7-F3FB-46B4-A738-247104885DB7}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30/09/2008 03:56 42608]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/10/06 14:21];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [06/10/2009 14:20 87536]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 15:38 188416]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30/09/2008 04:04 75048]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [25/07/2008 14:51 24576]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 14:35 181544]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [09/07/2009 18:39 233472]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/10/2009 14:29 269648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/05/2009 12:08 206112]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30/09/2008 04:04 122368]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30/09/2008 04:19 233472]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 13:40 14336]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [09/07/2009 18:39 36608]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [20/05/2009 06:02 48640]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [09/10/2009 14:29 19160]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 08:40 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 07:05 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 07:51 43008]
S2 gupdate1c9d4ccfe26ad22;Google Update Service (gupdate1c9d4ccfe26ad22);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 21:48 133104]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/09/2008 03:56 3602432]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 16:51 24064]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [15/09/2008 14:26 7168]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [09/10/2009 14:29 38224]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [30/07/2009 16:01 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [30/07/2009 16:01 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [30/07/2009 16:01 121856]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [06/07/2009 22:26 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [06/07/2009 22:26 104960]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-10-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 20:00]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]
2009-05-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]
2009-05-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]
2009-10-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Sébastien_Sébastien.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 07:59]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\wfb5fe5d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Cerberus45 - c:\windows\System32\Cerberus12\server95.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Cerberus45 - c:\windows\System32\Cerberus12\server95.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NPSStartup - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 11:38
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3024)
c:\program files\RocketDock\RocketDock.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
c:\progra~1\mcafee\VIRUSS~1\scriptsn.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
.
------------------------ Autres processus actifs ------------------------
.
SystemRoot\System32\smss.exe [544]
c:\windows\system32\csrss.exe [612]
c:\windows\system32\wininit.exe [664]
c:\windows\system32\csrss.exe [672]
c:\windows\system32\services.exe [712]
c:\windows\system32\lsass.exe [724]
c:\windows\system32\lsm.exe [732]
c:\windows\system32\svchost.exe [892]
c:\windows\system32\nvvsvc.exe [936]
c:\windows\system32\svchost.exe [964]
c:\windows\System32\svchost.exe [1060]
c:\windows\System32\svchost.exe [1092]
c:\windows\system32\svchost.exe [1104]
c:\windows\system32\svchost.exe [1200]
c:\windows\system32\SLsvc.exe [1216]
c:\windows\system32\winlogon.exe [1252]
c:\windows\system32\svchost.exe [1300]
c:\windows\system32\svchost.exe [1420]
c:\windows\system32\WLANExt.exe [1556]
c:\windows\System32\spoolsv.exe [1616]
c:\windows\system32\svchost.exe [1660]
c:\windows\system32\rundll32.exe [1832]
c:\program files\Common Files\SPBA\upeksvr.exe [1896]
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe [572]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [364]
c:\program files\Bonjour\mDNSResponder.exe [532]
c:\windows\system32\svchost.exe [616]
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [960]
c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [1856]
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2064]
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2116]
c:\program files\Acer\Empowering Technology\Service\ETService.exe [2140]
c:\program files\Intel\WiFi\bin\EvtEng.exe [2232]
c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2276]
c:\windows\system32\FsUsbExService.Exe [2340]
c:\windows\system32\svchost.exe [2520]
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2560]
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe [2620]
c:\program files\Common Files\LightScribe\LSSrvc.exe [2684]
c:\program files\McAfee\SiteAdvisor\McSACore.exe [2696]
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2748]
c:\windows\system32\rundll32.exe [2792]
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe [2816]
c:\acer\Mobility Center\MobilityService.exe [2924]
c:\program files\McAfee\MPF\MPFSrv.exe [3160]
c:\program files\McAfee\MSK\MskSrver.exe [3180]
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [3220]
c:\windows\System32\svchost.exe [3364]
c:\program files\CDBurnerXP\NMSAccessU.exe [3412]
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [3428]
c:\windows\system32\Dwm.exe [3660]
c:\windows\System32\svchost.exe [3692]
c:\windows\system32\PnkBstrA.exe [3720]
c:\windows\system32\svchost.exe [3760]
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe [3812]
c:\program files\Cyberlink\Shared files\RichVideo.exe [3864]
c:\program files\Acer\Acer VCM\RS_Service.exe [3888]
c:\windows\system32\svchost.exe [3944]
c:\windows\System32\svchost.exe [4016]
c:\windows\system32\SearchIndexer.exe [4056]
c:\windows\system32\DRIVERS\xaudio.exe [1944]
c:\windows\system32\taskeng.exe [2476]
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2452]
c:\windows\system32\wbem\wmiprvse.exe [2596]
c:\windows\system32\CF6725.exe [4328]
c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [4456]
c:\windows\RtHDVCpl.exe [4464]
c:\program files\Synaptics\SynTP\SynTPEnh.exe [4472]
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [4480]
c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe [4520]
c:\windows\System32\rundll32.exe [4628]
c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe [4648]
c:\program files\Acer\Acer Bio Protection\PdtWzd.exe [4656]
c:\program files\HP\HP Software Update\hpwuSchd2.exe [4708]
c:\program files\Launch Manager\QtZgAcer.EXE [4724]
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [4768]
c:\program files\Java\jre6\bin\jusched.exe [4832]
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [4856]
c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [4864]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [4872]
c:\windows\ehome\ehtray.exe [4884]
c:\program files\RocketDock\RocketDock.exe [4928]
c:\program files\Windows Sidebar\sidebar.exe [4984]
c:\windows\ehome\ehmsas.exe [5192]
c:\users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe [5380]
c:\windows\system32\wbem\unsecapp.exe [6128]
c:\windows\system32\wbem\wmiprvse.exe [4092]
c:\progra~1\McAfee\MSC\mcmscsvc.exe [5988]
c:\progra~1\mcafee.com\agent\mcagent.exe [1280]
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe [5228]
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe [1088]
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2368]
c:\program files\Windows Media Player\wmpnetwk.exe [2740]
c:\progra~1\mcafee\msc\mcupdmgr.exe [2772]
c:\windows\Explorer.exe [3024]
c:\windows\system32\DllHost.exe [5156]
c:\windows\system32\NOTEPAD.EXE [3124]
c:\asdehi\catchme.cfxxe [3684]
.
**************************************************************************
.
Heure de fin: 2009-10-11 11:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-11 09:47
Avant-CF: 43 326 074 880 octets libres
Après-CF: 43 140 534 272 octets libres
516 --- E O F --- 2009-10-04 10:30
Bonjour
1)C - Ccleaner :
https://filehippo.com/download_ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.coches la première case vieilles données du perfetch ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.clique maintenant sur registre et puis sur rechercher les erreurs
.laisse tout coché et clique sur réparer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.clique sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner.
Tuto : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm
2)Repasse MBAM stp
Merci et @+
1)C - Ccleaner :
https://filehippo.com/download_ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.coches la première case vieilles données du perfetch ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.clique maintenant sur registre et puis sur rechercher les erreurs
.laisse tout coché et clique sur réparer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.clique sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner.
Tuto : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm
2)Repasse MBAM stp
Merci et @+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
11 oct. 2009 à 15:59
11 oct. 2009 à 15:59
re,
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2928
Windows 6.0.6002 Service Pack 2
11/10/2009 15:59:27
mbam-log-2009-10-11 (15-59-27).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 299877
Temps écoulé: 2 hour(s), 11 minute(s), 20 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2928
Windows 6.0.6002 Service Pack 2
11/10/2009 15:59:27
mbam-log-2009-10-11 (15-59-27).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 299877
Temps écoulé: 2 hour(s), 11 minute(s), 20 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Utilisateur anonyme
11 oct. 2009 à 16:10
11 oct. 2009 à 16:10
Re
1)Reposte un RSIT stp
2)Lance une analyse complète avec ton antivirus;et poste moi le rapport
Merci et @+
1)Reposte un RSIT stp
2)Lance une analyse complète avec ton antivirus;et poste moi le rapport
Merci et @+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
11 oct. 2009 à 16:20
11 oct. 2009 à 16:20
1)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sébastien at 2009-10-11 16:18:02
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 41 GB (28%) free of 148 GB
Total RAM: 3066 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:42, on 11/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\notepad.exe
C:\Users\Sébastien\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sébastien.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sébastien at 2009-10-11 16:18:02
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 41 GB (28%) free of 148 GB
Total RAM: 3066 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:42, on 11/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\notepad.exe
C:\Users\Sébastien\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sébastien.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Re
As tu lancé l'analyse antivirus?
Si c'est le cas ,fini
et passe seulement aprés à ceci:
|==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
|===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
Driver::
File::
C:\Windows\system32\Cerberus12\server95.exe
Rootkit ::
Folder::
Registry:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cerberus45]
. -----------------------------------------------------------------
• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
• Quitte le Bloc Notes
• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
@+
As tu lancé l'analyse antivirus?
Si c'est le cas ,fini
et passe seulement aprés à ceci:
|==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
|===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
Driver::
File::
C:\Windows\system32\Cerberus12\server95.exe
Rootkit ::
Folder::
Registry:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cerberus45]
. -----------------------------------------------------------------
• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
• Quitte le Bloc Notes
• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
@+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
11 oct. 2009 à 17:35
11 oct. 2009 à 17:35
Je fait la manipe dès que McAfee aura finit son analyse complète.
Merci pour cette aide précieuse.
Merci pour cette aide précieuse.
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
11 oct. 2009 à 20:32
11 oct. 2009 à 20:32
c'est tout ce dont je dispose comme rapport McAfee :
Analyse terminée.
Date de début : 11/10/2009 16:22:23
Date de fin : 11/10/2009 20:23:20
nbr total de fichier analysés : 172058
nbr total de fichier détectés : 0
nbr total des fichiers mis en quarantaine : 0
Cookies analysés : 1
Cookie de suivi détectés : 0
Entrées de base de registre analysées : 142410
Entrées de base de registre détectées : 0
Processus analysés : 102
Processus détectés : 0
Version du moteur : 5301.4018
DAT version : 5767.0000
Analyse terminée.
Date de début : 11/10/2009 16:22:23
Date de fin : 11/10/2009 20:23:20
nbr total de fichier analysés : 172058
nbr total de fichier détectés : 0
nbr total des fichiers mis en quarantaine : 0
Cookies analysés : 1
Cookie de suivi détectés : 0
Entrées de base de registre analysées : 142410
Entrées de base de registre détectées : 0
Processus analysés : 102
Processus détectés : 0
Version du moteur : 5301.4018
DAT version : 5767.0000
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
11 oct. 2009 à 21:07
11 oct. 2009 à 21:07
ComboFix 09-10-10.02 - Sébastien 11/10/2009 20:40.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1511 [GMT 2:00]
Lancé depuis: c:\users\Sébastien\Desktop\asdehi.exe
Commutateurs utilisés :: c:\users\Sébastien\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\Cerberus12\server95.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
E:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-11 au 2009-10-11 ))))))))))))))))))))))))))))))))))))
.
2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-11 16:42 . 2009-10-11 16:42 -------- d-----w- c:\windows\BDOSCAN8
2009-10-09 12:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 12:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 12:29 . 2009-10-09 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 12:14 . 2009-10-09 12:14 -------- d-----w- C:\_OTM
2009-10-08 19:07 . 2009-10-08 19:07 -------- d-----w- C:\rsit
2009-10-08 19:01 . 2009-10-08 19:01 -------- d-----w- c:\program files\Trend Micro
2009-10-08 18:07 . 2009-10-08 18:07 -------- d-sh--w- c:\users\SÚbastien
2009-10-08 18:05 . 2009-10-08 18:08 -------- d-----w- C:\GenProc
2009-10-07 12:15 . 2009-10-08 06:44 146314 ----a-w- c:\windows\hpoins18.dat
2009-10-07 12:14 . 2007-03-01 00:35 6600 ----a-w- c:\windows\hpomdl18.dat
2009-10-06 09:20 . 2009-10-08 17:35 -------- d-----w- c:\program files\Ad-Remover
2009-10-04 10:31 . 2009-10-04 10:31 -------- d-----w- c:\program files\Microsoft
2009-10-04 10:30 . 2009-10-04 10:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-02 10:39 . 2009-10-02 10:39 -------- d-----w- c:\windows\system32\URTTEMP
2009-09-28 11:10 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Cerberus12
2009-09-25 15:27 . 2009-09-25 15:27 -------- d-----w- c:\program files\Druide
2009-09-25 15:21 . 2009-09-25 15:21 -------- d-----w- c:\program files\7-Zip
2009-09-25 14:08 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Spy-Net
2009-09-24 09:08 . 2009-09-24 09:08 -------- d-----w- c:\program files\iPod
2009-09-24 09:08 . 2009-09-24 09:10 -------- d-----w- c:\program files\iTunes
2009-09-23 22:07 . 2009-10-04 18:58 -------- d-----w- C:\Mes Sites Web
2009-09-17 09:38 . 2009-09-17 09:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-14 09:45 . 2009-09-14 10:01 -------- d-----w- c:\program files\abgx360
2009-09-12 08:48 . 2009-09-12 08:48 -------- d-----w- c:\programdata\Malwarebytes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 18:56 . 2009-03-13 13:35 28219 ----a-w- c:\programdata\nvModes.dat
2009-10-11 18:53 . 2008-09-30 01:30 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-11 18:12 . 2008-01-21 08:40 679418 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-11 18:12 . 2008-01-21 08:40 128418 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-11 08:54 . 2009-05-14 20:00 -------- d-----w- c:\programdata\Google Updater
2009-10-09 07:24 . 2009-03-13 19:20 -------- d-----w- c:\program files\MSECache
2009-10-06 12:44 . 2008-09-30 01:43 -------- d-----w- c:\program files\Launch Manager
2009-10-06 12:19 . 2008-09-30 01:57 -------- d-----w- c:\programdata\CyberLink
2009-10-06 09:40 . 2009-08-17 20:33 -------- d-----w- c:\program files\JDownloader 0.6.193
2009-10-04 10:54 . 2009-03-13 12:45 -------- d-----w- c:\program files\Patch MsnCreative
2009-09-29 15:58 . 2009-03-13 13:14 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-29 15:46 . 2009-07-09 16:37 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-29 15:44 . 2009-03-13 14:51 -------- d-----w- c:\program files\Google
2009-09-29 15:44 . 2008-07-25 13:04 -------- d-----w- c:\program files\Acer GameZone
2009-09-29 15:43 . 2008-07-25 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 09:08 . 2009-06-13 12:35 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 08:58 . 2009-03-13 12:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 08:51 . 2009-09-10 08:49 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 08:46 . 2009-09-10 08:45 -------- d-----w- c:\program files\QuickTime
2009-09-10 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-07 17:50 . 2009-09-07 17:50 89088 ----a-w- c:\windows\system32\atl71.dll
2009-09-07 17:50 . 2009-09-07 17:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-07 17:50 . 2009-09-07 17:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-07 17:50 . 2009-09-07 17:50 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-07 17:50 . 2009-09-07 17:50 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-09-06 20:16 . 2009-09-06 20:16 -------- d-----w- c:\program files\Ipulp
2009-09-04 11:09 . 2009-09-04 11:09 -------- d-----w- c:\program files\SpeedyFox
2009-08-29 00:27 . 2009-09-02 20:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 15:02 . 2009-08-27 12:39 -------- d-----w- c:\program files\ImgBurn
2009-08-27 12:42 . 2009-08-27 12:42 -------- d-----w- c:\programdata\WindowsSearch
2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\programdata\Seagate
2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\program files\Seagate
2009-08-25 22:09 . 2009-05-02 10:02 -------- d-----w- c:\program files\McAfee
2009-08-24 09:11 . 2009-03-18 14:50 164389 ----a-w- c:\windows\hpoins19.dat
2009-08-14 16:27 . 2009-09-09 08:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 08:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 08:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 08:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 08:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 08:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 08:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 08:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 08:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2009-03-14 12:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-30 08:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 08:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 08:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 08:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 07:03 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 10:32 . 2009-05-02 10:04 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 12:40 . 2009-08-13 07:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 07:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 07:03 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 07:03 7680 ----a-w- c:\windows\system32\spwmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-11_09.39.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-11 18:58 84394 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-11 18:58 98838 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-13 14:52 . 2009-10-11 18:58 13676 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-811835293-1638113248-1029637537-1000_UserData.bin
+ 2009-03-13 14:46 . 2009-10-11 14:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-13 14:46 . 2009-10-11 09:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-13 14:46 . 2009-10-11 14:32 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-13 14:46 . 2009-10-11 09:08 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-13 14:46 . 2009-10-11 09:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-13 14:46 . 2009-10-11 14:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-05-24 23:21 . 2006-05-24 23:21 53248 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2006-05-24 23:22 . 2006-05-24 23:22 53248 c:\windows\bdoscandel.exe
+ 2006-05-24 23:21 . 2006-05-24 23:21 53248 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-10-11 18:07 . 2009-10-11 18:07 6790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youtube.com\youtube.com\Data.dat
- 2009-10-09 21:23 . 2009-10-09 21:23 6790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youtube.com\youtube.com\Data.dat
- 2009-10-10 08:07 . 2009-10-10 08:07 5476 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youporn.com\youporn.com\Data.dat
+ 2009-10-11 18:17 . 2009-10-11 18:17 5476 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youporn.com\youporn.com\Data.dat
+ 2009-10-11 16:11 . 2009-10-11 16:11 6330 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\yimg.com\yimg.com\Data.dat
- 2009-10-09 06:26 . 2009-10-09 06:26 6548 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\wikipedia.org\wikipedia.org\Data.dat
+ 2009-10-11 13:24 . 2009-10-11 13:24 6548 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\wikipedia.org\wikipedia.org\Data.dat
+ 2009-10-11 15:28 . 2009-10-11 15:28 3550 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\verre%2Dlyris.com\verre%2Dlyris.com\Data.dat
- 2009-10-09 19:33 . 2009-10-09 19:33 4242 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\u%2Dclermont1.fr\u%2Dclermont1.fr\Data.dat
+ 2009-10-11 18:19 . 2009-10-11 18:19 4242 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\u%2Dclermont1.fr\u%2Dclermont1.fr\Data.dat
- 2009-10-11 08:57 . 2009-10-11 08:57 4692 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\totalgaz.fr\totalgaz.fr\Data.dat
+ 2009-10-11 18:09 . 2009-10-11 18:09 4692 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\totalgaz.fr\totalgaz.fr\Data.dat
+ 2009-10-11 16:10 . 2009-10-11 16:10 5568 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sunglassesitaly.com\sunglassesitaly.com\Data.dat
+ 2009-10-11 16:07 . 2009-10-11 16:07 4818 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\solaris%2Dsunglass.com\solaris%2Dsunglass.com\Data.dat
- 2009-10-09 11:02 . 2009-10-09 11:02 6434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\societegenerale.fr\societegenerale.fr\Data.dat
+ 2009-10-11 09:53 . 2009-10-11 09:53 6434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\societegenerale.fr\societegenerale.fr\Data.dat
+ 2009-10-11 16:07 . 2009-10-11 16:07 5912 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\snowreef.com\snowreef.com\Data.dat
+ 2009-10-11 18:16 . 2009-10-11 18:16 6416 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\skype.com\skype.com\Data.dat
- 2009-10-09 21:33 . 2009-10-09 21:33 5852 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sharethis.com\sharethis.com\Data.dat
+ 2009-10-11 16:05 . 2009-10-11 16:05 5852 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sharethis.com\sharethis.com\Data.dat
+ 2009-10-11 12:39 . 2009-10-11 12:39 6350 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\scribd.com\scribd.com\Data.dat
+ 2009-10-11 16:08 . 2009-10-11 16:08 6050 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\scene7.com\scene7.com\Data.dat
+ 2009-10-11 14:27 . 2009-10-11 14:27 4722 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\rocheblave.com\rocheblave.com\Data.dat
+ 2009-10-11 17:26 . 2009-10-11 17:26 5580 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\ray%2Dban.com\ray%2Dban.com\Data.dat
+ 2009-10-11 15:00 . 2009-10-11 15:00 6346 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\proximedia.com\proximedia.com\Data.dat
+ 2009-10-11 11:40 . 2009-10-11 11:40 6362 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\piriform.com\piriform.com\Data.dat
+ 2009-10-11 11:22 . 2009-10-11 11:22 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\passport.com\passport.com\Data.dat
- 2009-10-10 10:41 . 2009-10-10 10:41 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\passport.com\passport.com\Data.dat
+ 2009-10-11 11:53 . 2009-10-11 11:53 7098 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\pagesperso%2Dorange.fr\pagesperso%2Dorange.fr\Data.dat
+ 2009-10-11 14:41 . 2009-10-11 14:41 4896 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\over%2Dblog.com\over%2Dblog.com\Data.dat
+ 2009-10-11 14:42 . 2009-10-11 14:42 3752 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\over%2Dblog.com\avocatravail.over%2Dblog.com\Data.dat
+ 2009-10-11 17:26 . 2009-10-11 17:26 5536 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optique%2Dsergent.com\optique%2Dsergent.com\Data.dat
- 2009-10-10 08:06 . 2009-10-10 08:06 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.fr\optical%2Dcenter.fr\Data.dat
+ 2009-10-11 18:09 . 2009-10-11 18:09 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.fr\optical%2Dcenter.fr\Data.dat
+ 2009-10-11 10:32 . 2009-10-11 10:32 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.eu\optical%2Dcenter.eu\Data.dat
- 2009-10-08 09:03 . 2009-10-08 09:03 4990 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optic2000.fr\optic2000.fr\Data.dat
+ 2009-10-11 10:36 . 2009-10-11 10:36 4990 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optic2000.fr\optic2000.fr\Data.dat
+ 2009-10-11 14:42 . 2009-10-11 14:42 5434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\oboulo.com\oboulo.com\Data.dat
- 2009-10-08 18:11 . 2009-10-08 18:11 5434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\oboulo.com\oboulo.com\Data.dat
+ 2009-10-11 16:41 . 2009-10-11 16:41 6704 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\msn.com\msn.com\Data.dat
- 2009-10-10 10:41 . 2009-10-10 10:41 6704 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\msn.com\msn.com\Data.dat
+ 2009-10-11 16:11 . 2009-10-11 16:11 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\mbstores.com\mbstores.com\Data.dat
+ 2009-10-11 15:35 . 2009-10-11 15:35 5396 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\mabul.org\mabul.org\Data.dat
- 2009-10-10 10:41 . 2009-10-10 10:41 7146 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\live.com\live.com\Data.dat
+ 2009-10-11 11:23 . 2009-10-11 11:23 7146 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\live.com\live.com\Data.dat
+ 2009-10-11 14:47 . 2009-10-11 14:47 5442 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lexinter.net\lexinter.net\Data.dat
+ 2009-10-11 18:18 . 2009-10-11 18:18 6322 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lequipe.fr\lequipe.fr\Data.dat
- 2009-10-09 19:40 . 2009-10-09 19:40 6322 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lequipe.fr\lequipe.fr\Data.dat
+ 2009-10-11 14:27 . 2009-10-11 14:27 3578 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lepetitjuriste.fr\lepetitjuriste.fr\Data.dat
+ 2009-10-11 10:08 . 2009-10-11 10:08 5428 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\leboost.com\leboost.com\Data.dat
- 2009-10-08 09:03 . 2009-10-08 09:03 4202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\krys.com\krys.com\Data.dat
+ 2009-10-11 10:38 . 2009-10-11 10:38 4202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\krys.com\krys.com\Data.dat
- 2009-10-09 21:33 . 2009-10-09 21:33 7150 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\korben.info\korben.info\Data.dat
+ 2009-10-11 16:05 . 2009-10-11 16:05 7150 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\korben.info\korben.info\Data.dat
+ 2009-10-11 18:26 . 2009-10-11 18:26 6426 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\infos%2Ddu%2Dnet.com\infos%2Ddu%2Dnet.com\Data.dat
- 2009-10-08 08:39 . 2009-10-08 08:39 6336 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\hardware.fr\hardware.fr\Data.dat
+ 2009-10-11 15:19 . 2009-10-11 15:19 6336 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\hardware.fr\hardware.fr\Data.dat
+ 2009-10-11 16:40 . 2009-10-11 16:40 6496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.fr\google.fr\Data.dat
- 2009-10-11 08:57 . 2009-10-11 08:57 6496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.fr\google.fr\Data.dat
+ 2009-10-11 16:40 . 2009-10-11 16:40 6970 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.com\google.com\Data.dat
- 2009-10-10 10:41 . 2009-10-10 10:41 6970 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.com\google.com\Data.dat
+ 2009-10-11 18:07 . 2009-10-11 18:07 6334 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\facebook.com\facebook.com\Data.dat
- 2009-10-11 08:54 . 2009-10-11 08:54 6334 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\facebook.com\facebook.com\Data.dat
+ 2009-10-11 15:26 . 2009-10-11 15:26 4994 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\essilor.fr\essilor.fr\Data.dat
+ 2009-10-11 10:17 . 2009-10-11 10:17 5878 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\diesel.com\diesel.com\Data.dat
+ 2009-10-11 12:38 . 2009-10-11 12:38 5048 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\crous%2Dclermont.fr\crous%2Dclermont.fr\Data.dat
+ 2009-10-11 12:35 . 2009-10-11 12:35 4794 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\courdecassation.fr\courdecassation.fr\Data.dat
- 2009-10-11 08:56 . 2009-10-11 08:56 5560 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\commentcamarche.net\commentcamarche.net\Data.dat
+ 2009-10-11 18:08 . 2009-10-11 18:08 5560 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\commentcamarche.net\commentcamarche.net\Data.dat
+ 2009-10-11 15:03 . 2009-10-11 15:03 5396 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\ciao.fr\ciao.fr\Data.dat
+ 2009-10-11 14:38 . 2009-10-11 14:38 5442 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\blogemploi.com\blogemploi.com\Data.dat
+ 2009-10-11 14:47 . 2009-10-11 14:47 5404 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\blogdroitadministratif.net\blogdroitadministratif.net\Data.dat
+ 2009-10-11 16:40 . 2009-10-11 16:40 6410 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\bitdefender.fr\bitdefender.fr\Data.dat
+ 2009-10-11 16:41 . 2009-10-11 16:41 6428 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\bitdefender.com\bitdefender.com\Data.dat
+ 2009-10-11 14:42 . 2009-10-11 14:42 4918 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\avocats.fr\avocats.fr\Data.dat
+ 2009-10-11 10:37 . 2009-10-11 10:37 3564 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\alainafflelou.fr\alainafflelou.fr\Data.dat
+ 2009-10-11 10:37 . 2009-10-11 10:37 5036 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\alainafflelou.com\alainafflelou.com\Data.dat
+ 2009-10-11 10:10 . 2009-10-11 10:10 3452 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea.fr\adrea.fr\Data.dat
- 2009-10-08 08:40 . 2009-10-08 08:40 3452 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea.fr\adrea.fr\Data.dat
+ 2009-10-11 17:26 . 2009-10-11 17:26 3802 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\Data.dat
- 2009-10-08 08:40 . 2009-10-08 08:40 3802 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\Data.dat
- 2009-10-10 08:06 . 2009-10-10 08:06 5462 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\20minutes.fr\20minutes.fr\Data.dat
+ 2009-10-11 16:05 . 2009-10-11 16:05 5462 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\20minutes.fr\20minutes.fr\Data.dat
+ 2009-10-11 12:36 . 2009-10-11 12:36 4662 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\1901.org\1901.org\Data.dat
+ 2009-10-11 18:54 . 2009-10-11 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-11 09:37 . 2009-10-11 09:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-11 18:54 . 2009-10-11 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-11 09:37 . 2009-10-11 09:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-11 18:12 595946 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-09 20:00 595946 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-11 18:12 105276 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-09 20:00 105276 c:\windows\System32\perfc009.dat
- 2009-04-19 08:35 . 2009-10-11 09:08 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-04-19 08:35 . 2009-10-11 09:48 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-05-24 23:21 . 2006-05-24 23:21 118784 c:\windows\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21 . 2006-05-24 23:21 118784 c:\windows\BDOSCAN8\bdupd.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-04 3883856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-30 3676160]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-09-30 01:56 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,24,1c,96,ee,e5,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9B95664-C1B4-4028-9CDC-757525CFF306}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8BC06121-A75B-42B8-BB02-516D92ECA5ED}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{D5FD47F0-B674-4133-AFE0-AEBE4F1F3542}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{21E6A589-2D86-4D77-8514-414F27E90DE2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E85E5F47-1A4C-4281-A1F4-F5FFDE3813EA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{747104A9-A58C-4264-BDB2-3D9DEF32DF3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A574124D-8C8B-4071-9666-3EA3F48E0543}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{F1102A3F-E8B1-440A-8F5F-E996241ADF80}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{58081E78-6D67-44E4-9B37-B2755DDFD2D6}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{B70E3C13-0BF9-4B46-A35B-6671090439B9}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{B6C0D282-FB43-4016-88B2-D983ADB3EE7D}"= UDP:5353:Adobe CSI CS4
"{2232CA97-E53E-4A7C-BE73-30794DA992FF}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D729BA9F-3C21-4A7A-8A4C-8C2682F2B189}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3DFC2EBE-4A49-4D48-A095-81800DEB312F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3D6B6C19-90E2-4BA1-AFEF-A25B30E3A5DB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{595BD36C-87B8-4223-AFD9-B74F84C0949F}"= UDP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (TCP-In)
"{70EA60D2-47F6-4694-903A-76FDD2D6BBF4}"= TCP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (UDP-In)
"{FE9BE8E1-FDFD-4563-A418-BA9D035BBD71}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FC281911-2EB7-4DA5-A900-19C8F6C61DF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{07F3E981-3AC2-48DC-B90B-877B71004FD1}"= UDP:35430:µT 35430
"{7C0375C3-48DB-43EE-A04C-A6A47F1F15F2}"= TCP:35430:35430
"{E8A5C04B-35E7-4740-A36B-BD1D047BFBA0}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"{DAB81D34-E5A1-497D-AA8B-367DDB237AA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"TCP Query User{7A88F352-BFF7-4C4F-A384-0AE9326A4EC4}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
"UDP Query User{AFA8DCDB-9B95-42DD-998B-8E76CDB0E699}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
"{7D7E9280-BEF5-48EB-8BA3-59527C87798A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{025B3AD4-AB85-4D2F-BB15-F7F5F38BB959}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{0D7D3184-0965-4C4C-BB4C-6CDC77404C33}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{D677B84E-08CC-4F75-A302-952B91B961C8}"= TCP:1041:Transcode 360
"{3C04E86C-E85C-40E6-8165-F441F57452B7}"= TCP:10244:Transcode 360
"{05D59994-4E96-4224-BC26-35A8CEDEEF22}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B20D2C1D-5181-4B47-B2F5-CCD6250F545D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A2118446-3593-4E56-B577-E2A7926590DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B6C5B99-6E1D-4457-B589-82992710C55D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{093296A4-9BEE-40F8-970F-26D698A052E9}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{11419E0C-FF18-415D-9273-0F1C6C86207A}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{FF58D495-9620-4AC7-8021-F219B82E2107}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{14AED605-58A9-495F-8CEE-7653A19E3E9C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9A55B352-63C2-467B-AE22-B5872CD8FC12}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{604050F3-FB6E-4A41-9E6B-CDFB32E8FBCA}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{D8127E1B-7717-4838-80F0-B7995264CCB7}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9147E7F4-5707-4575-9B5E-AFA877D24744}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{7F18A312-B532-4A06-8F73-09C228508C27}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60714ECD-E57A-4C0C-BCC3-874C27DA7132}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8905B12F-D465-47B3-B380-E5954A39BF98}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{92CEF1AC-3F53-4967-9D3B-1414DC6F1361}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{4DDD3242-6133-41FB-86DD-1ED97337BF67}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{3AD12867-F1B6-4C88-98A7-DFA95368E90A}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{E8A0E8C7-1B2E-43F9-A85F-A8B3EFE012EF}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{83A08EF7-F3FB-46B4-A738-247104885DB7}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30/09/2008 03:56 42608]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/10/06 14:21];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [06/10/2009 14:20 87536]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 15:38 188416]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30/09/2008 04:04 75048]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [25/07/2008 14:51 24576]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 14:35 181544]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [09/07/2009 18:39 233472]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/09/2008 03:56 3602432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/10/2009 14:29 269648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/05/2009 12:08 206112]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30/09/2008 04:04 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30/09/2008 04:19 233472]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 13:40 14336]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [09/07/2009 18:39 36608]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [20/05/2009 06:02 48640]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [09/10/2009 14:29 19160]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 08:40 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 07:05 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 07:51 43008]
S2 gupdate1c9d4ccfe26ad22;Google Update Service (gupdate1c9d4ccfe26ad22);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 21:48 133104]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 16:51 24064]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [15/09/2008 14:26 7168]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [30/07/2009 16:01 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [30/07/2009 16:01 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [30/07/2009 16:01 121856]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [06/07/2009 22:26 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [06/07/2009 22:26 104960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-10-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 20:00]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]
2009-05-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]
2009-05-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]
2009-10-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Sébastien_Sébastien.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 07:59]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\wfb5fe5d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 20:56
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(4944)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
c:\progra~1\mcafee\VIRUSS~1\scriptsn.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
.
------------------------ Autres processus actifs ------------------------
.
SystemRoot\System32\smss.exe [548]
c:\windows\system32\csrss.exe [616]
c:\windows\system32\wininit.exe [668]
c:\windows\system32\csrss.exe [680]
c:\windows\system32\services.exe [716]
c:\windows\system32\lsass.exe [728]
c:\windows\system32\lsm.exe [736]
c:\windows\system32\svchost.exe [900]
c:\windows\system32\nvvsvc.exe [944]
c:\windows\system32\svchost.exe [968]
c:\windows\System32\svchost.exe [1064]
c:\windows\System32\svchost.exe [1096]
c:\windows\system32\svchost.exe [1108]
c:\windows\system32\svchost.exe [1212]
c:\windows\system32\SLsvc.exe [1228]
c:\windows\system32\svchost.exe [1272]
c:\windows\system32\winlogon.exe [1372]
c:\windows\system32\svchost.exe [1440]
c:\windows\system32\WLANExt.exe [1572]
c:\windows\System32\spoolsv.exe [1636]
c:\windows\system32\svchost.exe [1672]
c:\windows\system32\rundll32.exe [1856]
c:\program files\Common Files\SPBA\upeksvr.exe [1968]
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe [880]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [464]
c:\program files\Bonjour\mDNSResponder.exe [596]
c:\windows\system32\svchost.exe [604]
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [1448]
c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [1952]
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2064]
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2096]
c:\program files\Acer\Empowering Technology\Service\ETService.exe [2116]
c:\program files\Intel\WiFi\bin\EvtEng.exe [2228]
c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2260]
c:\windows\system32\FsUsbExService.Exe [2384]
c:\windows\system32\svchost.exe [2492]
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2544]
c:\program files\Acer\Acer Bio Protection\BASVC.exe [2568]
c:\program files\Common Files\LightScribe\LSSrvc.exe [2612]
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe [2640]
c:\program files\McAfee\SiteAdvisor\McSACore.exe [2664]
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2680]
c:\windows\system32\rundll32.exe [2688]
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe [2744]
c:\acer\Mobility Center\MobilityService.exe [2836]
c:\program files\McAfee\MPF\MPFSrv.exe [2956]
c:\program files\McAfee\MSK\MskSrver.exe [3052]
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [3064]
c:\windows\System32\svchost.exe [3228]
c:\program files\CDBurnerXP\NMSAccessU.exe [3284]
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [3320]
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [3392]
c:\windows\System32\svchost.exe [3416]
c:\windows\system32\PnkBstrA.exe [3428]
c:\windows\system32\svchost.exe [3460]
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe [3484]
c:\program files\Cyberlink\Shared files\RichVideo.exe [3512]
c:\program files\Acer\Acer VCM\RS_Service.exe [3532]
c:\windows\system32\svchost.exe [3568]
c:\windows\System32\svchost.exe [3620]
c:\windows\system32\SearchIndexer.exe [3648]
c:\windows\system32\DRIVERS\xaudio.exe [3712]
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [3792]
c:\windows\system32\wbem\wmiprvse.exe [4004]
c:\windows\system32\Dwm.exe [4112]
c:\windows\system32\taskeng.exe [4236]
c:\windows\system32\CF4630.exe [4756]
c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [4888]
c:\windows\RtHDVCpl.exe [4900]
c:\program files\Synaptics\SynTP\SynTPEnh.exe [4928]
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [4964]
c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe [4984]
c:\windows\System32\rundll32.exe [5128]
c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe [5208]
c:\program files\Acer\Acer Bio Protection\PdtWzd.exe [5240]
c:\program files\HP\HP Software Update\hpwuSchd2.exe [5340]
c:\program files\Launch Manager\QtZgAcer.EXE [5356]
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [5376]
c:\program files\Java\jre6\bin\jusched.exe [5436]
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [5608]
c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [5628]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [5664]
c:\windows\ehome\ehtray.exe [5676]
c:\program files\Windows Live\Messenger\msnmsgr.exe [5712]
c:\program files\Windows Sidebar\sidebar.exe [5728]
c:\windows\ehome\ehmsas.exe [5920]
c:\progra~1\McAfee\MSC\mcmscsvc.exe [5120]
c:\windows\system32\wbem\wmiprvse.exe [5532]
c:\progra~1\mcafee.com\agent\mcagent.exe [4268]
c:\windows\system32\wbem\unsecapp.exe [1244]
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe [3028]
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe [4432]
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5520]
c:\program files\Windows Media Player\wmpnetwk.exe [5804]
c:\windows\servicing\TrustedInstaller.exe [4716]
c:\windows\Explorer.exe [4944]
c:\windows\system32\NOTEPAD.EXE [860]
c:\windows\system32\SearchProtocolHost.exe [1400]
c:\windows\system32\SearchFilterHost.exe [5140]
c:\asdehi\catchme.cfxxe [4556]
.
**************************************************************************
.
Heure de fin: 2009-10-11 21:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-11 19:05
ComboFix2.txt 2009-10-11 09:47
Avant-CF: 43 131 076 608 octets libres
Après-CF: 43 016 433 664 octets libres
620 --- E O F --- 2009-10-04 10:30
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1511 [GMT 2:00]
Lancé depuis: c:\users\Sébastien\Desktop\asdehi.exe
Commutateurs utilisés :: c:\users\Sébastien\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\Cerberus12\server95.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
E:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-11 au 2009-10-11 ))))))))))))))))))))))))))))))))))))
.
2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-11 16:42 . 2009-10-11 16:42 -------- d-----w- c:\windows\BDOSCAN8
2009-10-09 12:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 12:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 12:29 . 2009-10-09 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 12:14 . 2009-10-09 12:14 -------- d-----w- C:\_OTM
2009-10-08 19:07 . 2009-10-08 19:07 -------- d-----w- C:\rsit
2009-10-08 19:01 . 2009-10-08 19:01 -------- d-----w- c:\program files\Trend Micro
2009-10-08 18:07 . 2009-10-08 18:07 -------- d-sh--w- c:\users\SÚbastien
2009-10-08 18:05 . 2009-10-08 18:08 -------- d-----w- C:\GenProc
2009-10-07 12:15 . 2009-10-08 06:44 146314 ----a-w- c:\windows\hpoins18.dat
2009-10-07 12:14 . 2007-03-01 00:35 6600 ----a-w- c:\windows\hpomdl18.dat
2009-10-06 09:20 . 2009-10-08 17:35 -------- d-----w- c:\program files\Ad-Remover
2009-10-04 10:31 . 2009-10-04 10:31 -------- d-----w- c:\program files\Microsoft
2009-10-04 10:30 . 2009-10-04 10:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-02 10:39 . 2009-10-02 10:39 -------- d-----w- c:\windows\system32\URTTEMP
2009-09-28 11:10 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Cerberus12
2009-09-25 15:27 . 2009-09-25 15:27 -------- d-----w- c:\program files\Druide
2009-09-25 15:21 . 2009-09-25 15:21 -------- d-----w- c:\program files\7-Zip
2009-09-25 14:08 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Spy-Net
2009-09-24 09:08 . 2009-09-24 09:08 -------- d-----w- c:\program files\iPod
2009-09-24 09:08 . 2009-09-24 09:10 -------- d-----w- c:\program files\iTunes
2009-09-23 22:07 . 2009-10-04 18:58 -------- d-----w- C:\Mes Sites Web
2009-09-17 09:38 . 2009-09-17 09:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-14 09:45 . 2009-09-14 10:01 -------- d-----w- c:\program files\abgx360
2009-09-12 08:48 . 2009-09-12 08:48 -------- d-----w- c:\programdata\Malwarebytes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 18:56 . 2009-03-13 13:35 28219 ----a-w- c:\programdata\nvModes.dat
2009-10-11 18:53 . 2008-09-30 01:30 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-11 18:12 . 2008-01-21 08:40 679418 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-11 18:12 . 2008-01-21 08:40 128418 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-11 08:54 . 2009-05-14 20:00 -------- d-----w- c:\programdata\Google Updater
2009-10-09 07:24 . 2009-03-13 19:20 -------- d-----w- c:\program files\MSECache
2009-10-06 12:44 . 2008-09-30 01:43 -------- d-----w- c:\program files\Launch Manager
2009-10-06 12:19 . 2008-09-30 01:57 -------- d-----w- c:\programdata\CyberLink
2009-10-06 09:40 . 2009-08-17 20:33 -------- d-----w- c:\program files\JDownloader 0.6.193
2009-10-04 10:54 . 2009-03-13 12:45 -------- d-----w- c:\program files\Patch MsnCreative
2009-09-29 15:58 . 2009-03-13 13:14 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-29 15:46 . 2009-07-09 16:37 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-29 15:44 . 2009-03-13 14:51 -------- d-----w- c:\program files\Google
2009-09-29 15:44 . 2008-07-25 13:04 -------- d-----w- c:\program files\Acer GameZone
2009-09-29 15:43 . 2008-07-25 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 09:08 . 2009-06-13 12:35 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 08:58 . 2009-03-13 12:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 08:51 . 2009-09-10 08:49 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 08:46 . 2009-09-10 08:45 -------- d-----w- c:\program files\QuickTime
2009-09-10 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-07 17:50 . 2009-09-07 17:50 89088 ----a-w- c:\windows\system32\atl71.dll
2009-09-07 17:50 . 2009-09-07 17:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-07 17:50 . 2009-09-07 17:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-07 17:50 . 2009-09-07 17:50 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-07 17:50 . 2009-09-07 17:50 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-09-06 20:16 . 2009-09-06 20:16 -------- d-----w- c:\program files\Ipulp
2009-09-04 11:09 . 2009-09-04 11:09 -------- d-----w- c:\program files\SpeedyFox
2009-08-29 00:27 . 2009-09-02 20:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 15:02 . 2009-08-27 12:39 -------- d-----w- c:\program files\ImgBurn
2009-08-27 12:42 . 2009-08-27 12:42 -------- d-----w- c:\programdata\WindowsSearch
2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\programdata\Seagate
2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\program files\Seagate
2009-08-25 22:09 . 2009-05-02 10:02 -------- d-----w- c:\program files\McAfee
2009-08-24 09:11 . 2009-03-18 14:50 164389 ----a-w- c:\windows\hpoins19.dat
2009-08-14 16:27 . 2009-09-09 08:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 08:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 08:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 08:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 08:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 08:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 08:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 08:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 08:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2009-03-14 12:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-30 08:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 08:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 08:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 08:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 07:03 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 10:32 . 2009-05-02 10:04 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 12:40 . 2009-08-13 07:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 07:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 07:03 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 07:03 7680 ----a-w- c:\windows\system32\spwmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-11_09.39.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-11 18:58 84394 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-11 18:58 98838 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-13 14:52 . 2009-10-11 18:58 13676 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-811835293-1638113248-1029637537-1000_UserData.bin
+ 2009-03-13 14:46 . 2009-10-11 14:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-13 14:46 . 2009-10-11 09:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-13 14:46 . 2009-10-11 14:32 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-13 14:46 . 2009-10-11 09:08 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-13 14:46 . 2009-10-11 09:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-13 14:46 . 2009-10-11 14:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-05-24 23:21 . 2006-05-24 23:21 53248 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2006-05-24 23:22 . 2006-05-24 23:22 53248 c:\windows\bdoscandel.exe
+ 2006-05-24 23:21 . 2006-05-24 23:21 53248 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-10-11 18:07 . 2009-10-11 18:07 6790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youtube.com\youtube.com\Data.dat
- 2009-10-09 21:23 . 2009-10-09 21:23 6790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youtube.com\youtube.com\Data.dat
- 2009-10-10 08:07 . 2009-10-10 08:07 5476 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youporn.com\youporn.com\Data.dat
+ 2009-10-11 18:17 . 2009-10-11 18:17 5476 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youporn.com\youporn.com\Data.dat
+ 2009-10-11 16:11 . 2009-10-11 16:11 6330 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\yimg.com\yimg.com\Data.dat
- 2009-10-09 06:26 . 2009-10-09 06:26 6548 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\wikipedia.org\wikipedia.org\Data.dat
+ 2009-10-11 13:24 . 2009-10-11 13:24 6548 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\wikipedia.org\wikipedia.org\Data.dat
+ 2009-10-11 15:28 . 2009-10-11 15:28 3550 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\verre%2Dlyris.com\verre%2Dlyris.com\Data.dat
- 2009-10-09 19:33 . 2009-10-09 19:33 4242 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\u%2Dclermont1.fr\u%2Dclermont1.fr\Data.dat
+ 2009-10-11 18:19 . 2009-10-11 18:19 4242 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\u%2Dclermont1.fr\u%2Dclermont1.fr\Data.dat
- 2009-10-11 08:57 . 2009-10-11 08:57 4692 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\totalgaz.fr\totalgaz.fr\Data.dat
+ 2009-10-11 18:09 . 2009-10-11 18:09 4692 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\totalgaz.fr\totalgaz.fr\Data.dat
+ 2009-10-11 16:10 . 2009-10-11 16:10 5568 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sunglassesitaly.com\sunglassesitaly.com\Data.dat
+ 2009-10-11 16:07 . 2009-10-11 16:07 4818 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\solaris%2Dsunglass.com\solaris%2Dsunglass.com\Data.dat
- 2009-10-09 11:02 . 2009-10-09 11:02 6434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\societegenerale.fr\societegenerale.fr\Data.dat
+ 2009-10-11 09:53 . 2009-10-11 09:53 6434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\societegenerale.fr\societegenerale.fr\Data.dat
+ 2009-10-11 16:07 . 2009-10-11 16:07 5912 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\snowreef.com\snowreef.com\Data.dat
+ 2009-10-11 18:16 . 2009-10-11 18:16 6416 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\skype.com\skype.com\Data.dat
- 2009-10-09 21:33 . 2009-10-09 21:33 5852 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sharethis.com\sharethis.com\Data.dat
+ 2009-10-11 16:05 . 2009-10-11 16:05 5852 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sharethis.com\sharethis.com\Data.dat
+ 2009-10-11 12:39 . 2009-10-11 12:39 6350 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\scribd.com\scribd.com\Data.dat
+ 2009-10-11 16:08 . 2009-10-11 16:08 6050 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\scene7.com\scene7.com\Data.dat
+ 2009-10-11 14:27 . 2009-10-11 14:27 4722 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\rocheblave.com\rocheblave.com\Data.dat
+ 2009-10-11 17:26 . 2009-10-11 17:26 5580 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\ray%2Dban.com\ray%2Dban.com\Data.dat
+ 2009-10-11 15:00 . 2009-10-11 15:00 6346 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\proximedia.com\proximedia.com\Data.dat
+ 2009-10-11 11:40 . 2009-10-11 11:40 6362 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\piriform.com\piriform.com\Data.dat
+ 2009-10-11 11:22 . 2009-10-11 11:22 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\passport.com\passport.com\Data.dat
- 2009-10-10 10:41 . 2009-10-10 10:41 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\passport.com\passport.com\Data.dat
+ 2009-10-11 11:53 . 2009-10-11 11:53 7098 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\pagesperso%2Dorange.fr\pagesperso%2Dorange.fr\Data.dat
+ 2009-10-11 14:41 . 2009-10-11 14:41 4896 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\over%2Dblog.com\over%2Dblog.com\Data.dat
+ 2009-10-11 14:42 . 2009-10-11 14:42 3752 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\over%2Dblog.com\avocatravail.over%2Dblog.com\Data.dat
+ 2009-10-11 17:26 . 2009-10-11 17:26 5536 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optique%2Dsergent.com\optique%2Dsergent.com\Data.dat
- 2009-10-10 08:06 . 2009-10-10 08:06 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.fr\optical%2Dcenter.fr\Data.dat
+ 2009-10-11 18:09 . 2009-10-11 18:09 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.fr\optical%2Dcenter.fr\Data.dat
+ 2009-10-11 10:32 . 2009-10-11 10:32 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.eu\optical%2Dcenter.eu\Data.dat
- 2009-10-08 09:03 . 2009-10-08 09:03 4990 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optic2000.fr\optic2000.fr\Data.dat
+ 2009-10-11 10:36 . 2009-10-11 10:36 4990 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optic2000.fr\optic2000.fr\Data.dat
+ 2009-10-11 14:42 . 2009-10-11 14:42 5434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\oboulo.com\oboulo.com\Data.dat
- 2009-10-08 18:11 . 2009-10-08 18:11 5434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\oboulo.com\oboulo.com\Data.dat
+ 2009-10-11 16:41 . 2009-10-11 16:41 6704 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\msn.com\msn.com\Data.dat
- 2009-10-10 10:41 . 2009-10-10 10:41 6704 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\msn.com\msn.com\Data.dat
+ 2009-10-11 16:11 . 2009-10-11 16:11 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\mbstores.com\mbstores.com\Data.dat
+ 2009-10-11 15:35 . 2009-10-11 15:35 5396 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\mabul.org\mabul.org\Data.dat
- 2009-10-10 10:41 . 2009-10-10 10:41 7146 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\live.com\live.com\Data.dat
+ 2009-10-11 11:23 . 2009-10-11 11:23 7146 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\live.com\live.com\Data.dat
+ 2009-10-11 14:47 . 2009-10-11 14:47 5442 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lexinter.net\lexinter.net\Data.dat
+ 2009-10-11 18:18 . 2009-10-11 18:18 6322 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lequipe.fr\lequipe.fr\Data.dat
- 2009-10-09 19:40 . 2009-10-09 19:40 6322 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lequipe.fr\lequipe.fr\Data.dat
+ 2009-10-11 14:27 . 2009-10-11 14:27 3578 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lepetitjuriste.fr\lepetitjuriste.fr\Data.dat
+ 2009-10-11 10:08 . 2009-10-11 10:08 5428 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\leboost.com\leboost.com\Data.dat
- 2009-10-08 09:03 . 2009-10-08 09:03 4202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\krys.com\krys.com\Data.dat
+ 2009-10-11 10:38 . 2009-10-11 10:38 4202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\krys.com\krys.com\Data.dat
- 2009-10-09 21:33 . 2009-10-09 21:33 7150 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\korben.info\korben.info\Data.dat
+ 2009-10-11 16:05 . 2009-10-11 16:05 7150 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\korben.info\korben.info\Data.dat
+ 2009-10-11 18:26 . 2009-10-11 18:26 6426 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\infos%2Ddu%2Dnet.com\infos%2Ddu%2Dnet.com\Data.dat
- 2009-10-08 08:39 . 2009-10-08 08:39 6336 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\hardware.fr\hardware.fr\Data.dat
+ 2009-10-11 15:19 . 2009-10-11 15:19 6336 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\hardware.fr\hardware.fr\Data.dat
+ 2009-10-11 16:40 . 2009-10-11 16:40 6496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.fr\google.fr\Data.dat
- 2009-10-11 08:57 . 2009-10-11 08:57 6496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.fr\google.fr\Data.dat
+ 2009-10-11 16:40 . 2009-10-11 16:40 6970 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.com\google.com\Data.dat
- 2009-10-10 10:41 . 2009-10-10 10:41 6970 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.com\google.com\Data.dat
+ 2009-10-11 18:07 . 2009-10-11 18:07 6334 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\facebook.com\facebook.com\Data.dat
- 2009-10-11 08:54 . 2009-10-11 08:54 6334 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\facebook.com\facebook.com\Data.dat
+ 2009-10-11 15:26 . 2009-10-11 15:26 4994 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\essilor.fr\essilor.fr\Data.dat
+ 2009-10-11 10:17 . 2009-10-11 10:17 5878 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\diesel.com\diesel.com\Data.dat
+ 2009-10-11 12:38 . 2009-10-11 12:38 5048 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\crous%2Dclermont.fr\crous%2Dclermont.fr\Data.dat
+ 2009-10-11 12:35 . 2009-10-11 12:35 4794 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\courdecassation.fr\courdecassation.fr\Data.dat
- 2009-10-11 08:56 . 2009-10-11 08:56 5560 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\commentcamarche.net\commentcamarche.net\Data.dat
+ 2009-10-11 18:08 . 2009-10-11 18:08 5560 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\commentcamarche.net\commentcamarche.net\Data.dat
+ 2009-10-11 15:03 . 2009-10-11 15:03 5396 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\ciao.fr\ciao.fr\Data.dat
+ 2009-10-11 14:38 . 2009-10-11 14:38 5442 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\blogemploi.com\blogemploi.com\Data.dat
+ 2009-10-11 14:47 . 2009-10-11 14:47 5404 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\blogdroitadministratif.net\blogdroitadministratif.net\Data.dat
+ 2009-10-11 16:40 . 2009-10-11 16:40 6410 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\bitdefender.fr\bitdefender.fr\Data.dat
+ 2009-10-11 16:41 . 2009-10-11 16:41 6428 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\bitdefender.com\bitdefender.com\Data.dat
+ 2009-10-11 14:42 . 2009-10-11 14:42 4918 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\avocats.fr\avocats.fr\Data.dat
+ 2009-10-11 10:37 . 2009-10-11 10:37 3564 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\alainafflelou.fr\alainafflelou.fr\Data.dat
+ 2009-10-11 10:37 . 2009-10-11 10:37 5036 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\alainafflelou.com\alainafflelou.com\Data.dat
+ 2009-10-11 10:10 . 2009-10-11 10:10 3452 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea.fr\adrea.fr\Data.dat
- 2009-10-08 08:40 . 2009-10-08 08:40 3452 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea.fr\adrea.fr\Data.dat
+ 2009-10-11 17:26 . 2009-10-11 17:26 3802 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\Data.dat
- 2009-10-08 08:40 . 2009-10-08 08:40 3802 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\Data.dat
- 2009-10-10 08:06 . 2009-10-10 08:06 5462 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\20minutes.fr\20minutes.fr\Data.dat
+ 2009-10-11 16:05 . 2009-10-11 16:05 5462 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\20minutes.fr\20minutes.fr\Data.dat
+ 2009-10-11 12:36 . 2009-10-11 12:36 4662 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\1901.org\1901.org\Data.dat
+ 2009-10-11 18:54 . 2009-10-11 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-11 09:37 . 2009-10-11 09:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-11 18:54 . 2009-10-11 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-11 09:37 . 2009-10-11 09:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-11 18:12 595946 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-09 20:00 595946 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-11 18:12 105276 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-09 20:00 105276 c:\windows\System32\perfc009.dat
- 2009-04-19 08:35 . 2009-10-11 09:08 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-04-19 08:35 . 2009-10-11 09:48 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-05-24 23:21 . 2006-05-24 23:21 118784 c:\windows\Downloaded Program Files\bdupd.dll
+ 2006-05-24 23:21 . 2006-05-24 23:21 118784 c:\windows\BDOSCAN8\bdupd.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-04 3883856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-30 3676160]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-09-30 01:56 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,24,1c,96,ee,e5,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9B95664-C1B4-4028-9CDC-757525CFF306}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8BC06121-A75B-42B8-BB02-516D92ECA5ED}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{D5FD47F0-B674-4133-AFE0-AEBE4F1F3542}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{21E6A589-2D86-4D77-8514-414F27E90DE2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E85E5F47-1A4C-4281-A1F4-F5FFDE3813EA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{747104A9-A58C-4264-BDB2-3D9DEF32DF3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A574124D-8C8B-4071-9666-3EA3F48E0543}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{F1102A3F-E8B1-440A-8F5F-E996241ADF80}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{58081E78-6D67-44E4-9B37-B2755DDFD2D6}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{B70E3C13-0BF9-4B46-A35B-6671090439B9}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{B6C0D282-FB43-4016-88B2-D983ADB3EE7D}"= UDP:5353:Adobe CSI CS4
"{2232CA97-E53E-4A7C-BE73-30794DA992FF}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{D729BA9F-3C21-4A7A-8A4C-8C2682F2B189}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3DFC2EBE-4A49-4D48-A095-81800DEB312F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3D6B6C19-90E2-4BA1-AFEF-A25B30E3A5DB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{595BD36C-87B8-4223-AFD9-B74F84C0949F}"= UDP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (TCP-In)
"{70EA60D2-47F6-4694-903A-76FDD2D6BBF4}"= TCP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (UDP-In)
"{FE9BE8E1-FDFD-4563-A418-BA9D035BBD71}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FC281911-2EB7-4DA5-A900-19C8F6C61DF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{07F3E981-3AC2-48DC-B90B-877B71004FD1}"= UDP:35430:µT 35430
"{7C0375C3-48DB-43EE-A04C-A6A47F1F15F2}"= TCP:35430:35430
"{E8A5C04B-35E7-4740-A36B-BD1D047BFBA0}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"{DAB81D34-E5A1-497D-AA8B-367DDB237AA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent
"TCP Query User{7A88F352-BFF7-4C4F-A384-0AE9326A4EC4}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
"UDP Query User{AFA8DCDB-9B95-42DD-998B-8E76CDB0E699}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
"{7D7E9280-BEF5-48EB-8BA3-59527C87798A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{025B3AD4-AB85-4D2F-BB15-F7F5F38BB959}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{0D7D3184-0965-4C4C-BB4C-6CDC77404C33}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
"{D677B84E-08CC-4F75-A302-952B91B961C8}"= TCP:1041:Transcode 360
"{3C04E86C-E85C-40E6-8165-F441F57452B7}"= TCP:10244:Transcode 360
"{05D59994-4E96-4224-BC26-35A8CEDEEF22}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B20D2C1D-5181-4B47-B2F5-CCD6250F545D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A2118446-3593-4E56-B577-E2A7926590DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B6C5B99-6E1D-4457-B589-82992710C55D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{093296A4-9BEE-40F8-970F-26D698A052E9}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{11419E0C-FF18-415D-9273-0F1C6C86207A}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{FF58D495-9620-4AC7-8021-F219B82E2107}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{14AED605-58A9-495F-8CEE-7653A19E3E9C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9A55B352-63C2-467B-AE22-B5872CD8FC12}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{604050F3-FB6E-4A41-9E6B-CDFB32E8FBCA}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{D8127E1B-7717-4838-80F0-B7995264CCB7}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{9147E7F4-5707-4575-9B5E-AFA877D24744}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{7F18A312-B532-4A06-8F73-09C228508C27}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{60714ECD-E57A-4C0C-BCC3-874C27DA7132}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8905B12F-D465-47B3-B380-E5954A39BF98}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{92CEF1AC-3F53-4967-9D3B-1414DC6F1361}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{4DDD3242-6133-41FB-86DD-1ED97337BF67}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{3AD12867-F1B6-4C88-98A7-DFA95368E90A}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{E8A0E8C7-1B2E-43F9-A85F-A8B3EFE012EF}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{83A08EF7-F3FB-46B4-A738-247104885DB7}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30/09/2008 03:56 42608]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/10/06 14:21];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [06/10/2009 14:20 87536]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 15:38 188416]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30/09/2008 04:04 75048]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [25/07/2008 14:51 24576]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 14:35 181544]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [09/07/2009 18:39 233472]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/09/2008 03:56 3602432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/10/2009 14:29 269648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/05/2009 12:08 206112]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30/09/2008 04:04 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30/09/2008 04:19 233472]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 13:40 14336]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [09/07/2009 18:39 36608]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [20/05/2009 06:02 48640]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [09/10/2009 14:29 19160]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 08:40 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 07:05 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 07:51 43008]
S2 gupdate1c9d4ccfe26ad22;Google Update Service (gupdate1c9d4ccfe26ad22);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 21:48 133104]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 16:51 24064]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [15/09/2008 14:26 7168]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [30/07/2009 16:01 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [30/07/2009 16:01 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [30/07/2009 16:01 121856]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [06/07/2009 22:26 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [06/07/2009 22:26 104960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-10-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 20:00]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]
2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]
2009-05-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]
2009-05-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]
2009-10-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Sébastien_Sébastien.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 07:59]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\wfb5fe5d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 20:56
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(4944)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
c:\progra~1\mcafee\VIRUSS~1\scriptsn.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
.
------------------------ Autres processus actifs ------------------------
.
SystemRoot\System32\smss.exe [548]
c:\windows\system32\csrss.exe [616]
c:\windows\system32\wininit.exe [668]
c:\windows\system32\csrss.exe [680]
c:\windows\system32\services.exe [716]
c:\windows\system32\lsass.exe [728]
c:\windows\system32\lsm.exe [736]
c:\windows\system32\svchost.exe [900]
c:\windows\system32\nvvsvc.exe [944]
c:\windows\system32\svchost.exe [968]
c:\windows\System32\svchost.exe [1064]
c:\windows\System32\svchost.exe [1096]
c:\windows\system32\svchost.exe [1108]
c:\windows\system32\svchost.exe [1212]
c:\windows\system32\SLsvc.exe [1228]
c:\windows\system32\svchost.exe [1272]
c:\windows\system32\winlogon.exe [1372]
c:\windows\system32\svchost.exe [1440]
c:\windows\system32\WLANExt.exe [1572]
c:\windows\System32\spoolsv.exe [1636]
c:\windows\system32\svchost.exe [1672]
c:\windows\system32\rundll32.exe [1856]
c:\program files\Common Files\SPBA\upeksvr.exe [1968]
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe [880]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [464]
c:\program files\Bonjour\mDNSResponder.exe [596]
c:\windows\system32\svchost.exe [604]
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [1448]
c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [1952]
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2064]
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2096]
c:\program files\Acer\Empowering Technology\Service\ETService.exe [2116]
c:\program files\Intel\WiFi\bin\EvtEng.exe [2228]
c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2260]
c:\windows\system32\FsUsbExService.Exe [2384]
c:\windows\system32\svchost.exe [2492]
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2544]
c:\program files\Acer\Acer Bio Protection\BASVC.exe [2568]
c:\program files\Common Files\LightScribe\LSSrvc.exe [2612]
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe [2640]
c:\program files\McAfee\SiteAdvisor\McSACore.exe [2664]
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2680]
c:\windows\system32\rundll32.exe [2688]
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe [2744]
c:\acer\Mobility Center\MobilityService.exe [2836]
c:\program files\McAfee\MPF\MPFSrv.exe [2956]
c:\program files\McAfee\MSK\MskSrver.exe [3052]
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [3064]
c:\windows\System32\svchost.exe [3228]
c:\program files\CDBurnerXP\NMSAccessU.exe [3284]
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [3320]
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [3392]
c:\windows\System32\svchost.exe [3416]
c:\windows\system32\PnkBstrA.exe [3428]
c:\windows\system32\svchost.exe [3460]
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe [3484]
c:\program files\Cyberlink\Shared files\RichVideo.exe [3512]
c:\program files\Acer\Acer VCM\RS_Service.exe [3532]
c:\windows\system32\svchost.exe [3568]
c:\windows\System32\svchost.exe [3620]
c:\windows\system32\SearchIndexer.exe [3648]
c:\windows\system32\DRIVERS\xaudio.exe [3712]
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [3792]
c:\windows\system32\wbem\wmiprvse.exe [4004]
c:\windows\system32\Dwm.exe [4112]
c:\windows\system32\taskeng.exe [4236]
c:\windows\system32\CF4630.exe [4756]
c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [4888]
c:\windows\RtHDVCpl.exe [4900]
c:\program files\Synaptics\SynTP\SynTPEnh.exe [4928]
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [4964]
c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe [4984]
c:\windows\System32\rundll32.exe [5128]
c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe [5208]
c:\program files\Acer\Acer Bio Protection\PdtWzd.exe [5240]
c:\program files\HP\HP Software Update\hpwuSchd2.exe [5340]
c:\program files\Launch Manager\QtZgAcer.EXE [5356]
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [5376]
c:\program files\Java\jre6\bin\jusched.exe [5436]
c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [5608]
c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [5628]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [5664]
c:\windows\ehome\ehtray.exe [5676]
c:\program files\Windows Live\Messenger\msnmsgr.exe [5712]
c:\program files\Windows Sidebar\sidebar.exe [5728]
c:\windows\ehome\ehmsas.exe [5920]
c:\progra~1\McAfee\MSC\mcmscsvc.exe [5120]
c:\windows\system32\wbem\wmiprvse.exe [5532]
c:\progra~1\mcafee.com\agent\mcagent.exe [4268]
c:\windows\system32\wbem\unsecapp.exe [1244]
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe [3028]
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe [4432]
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5520]
c:\program files\Windows Media Player\wmpnetwk.exe [5804]
c:\windows\servicing\TrustedInstaller.exe [4716]
c:\windows\Explorer.exe [4944]
c:\windows\system32\NOTEPAD.EXE [860]
c:\windows\system32\SearchProtocolHost.exe [1400]
c:\windows\system32\SearchFilterHost.exe [5140]
c:\asdehi\catchme.cfxxe [4556]
.
**************************************************************************
.
Heure de fin: 2009-10-11 21:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-11 19:05
ComboFix2.txt 2009-10-11 09:47
Avant-CF: 43 131 076 608 octets libres
Après-CF: 43 016 433 664 octets libres
620 --- E O F --- 2009-10-04 10:30
Bonjour
1)C - Ccleaner :
https://filehippo.com/download_ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.coches la première case vieilles données du perfetch ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.clique maintenant sur registre et puis sur rechercher les erreurs
.laisse tout coché et clique sur réparer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.clique sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner.
Tuto : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm
2)• Désactive ton antivirus. (Lop S&D détecté par certains antivirus )
• Télécharge Lop S&D (créé par eric 71) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
• Double-clique dessus pour lancer l'installation
• Double-clique sur le raccourci Lop S&D présent sur ton Bureau
Note : Avec VISTA => clic droit et => Exécuter en tant qu'administrateur.
• Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
• Patiente jusqu'à la fin du scan
• Poste le rapport généré
• Réactive ton antivirus
Tutorial pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php
@+
1)C - Ccleaner :
https://filehippo.com/download_ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.coches la première case vieilles données du perfetch ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.clique maintenant sur registre et puis sur rechercher les erreurs
.laisse tout coché et clique sur réparer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.clique sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner.
Tuto : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm
2)• Désactive ton antivirus. (Lop S&D détecté par certains antivirus )
• Télécharge Lop S&D (créé par eric 71) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
• Double-clique dessus pour lancer l'installation
• Double-clique sur le raccourci Lop S&D présent sur ton Bureau
Note : Avec VISTA => clic droit et => Exécuter en tant qu'administrateur.
• Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
• Patiente jusqu'à la fin du scan
• Poste le rapport généré
• Réactive ton antivirus
Tutorial pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php
@+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
12 oct. 2009 à 22:07
12 oct. 2009 à 22:07
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : ZK2 v0.3121 3A21
USER : Sébastien ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:144 Go (Free:40 Go)
D:\ (Local Disk) - NTFS - Total:140 Go (Free:16 Go)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 12/10/2009|22:04 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[06/07/2009|22:23] C:\Users\SBASTI~1\AppData\Local\{BAD7C248-517D-4CE1-B65A-829C01BEFDB1}
[13/03/2009|16:14] C:\Users\SBASTI~1\AppData\Local\Acer Arcade Deluxe
[01/06/2009|21:25] C:\Users\SBASTI~1\AppData\Local\Adobe
[14/03/2009|21:44] C:\Users\SBASTI~1\AppData\Local\Anand_Prakash
[13/06/2009|14:37] C:\Users\SBASTI~1\AppData\Local\Apple
[13/06/2009|14:41] C:\Users\SBASTI~1\AppData\Local\Apple Computer
[13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Application Data
[02/06/2009|03:14] C:\Users\SBASTI~1\AppData\Local\Cooliris
[13/03/2009|16:15] C:\Users\SBASTI~1\AppData\Local\CyberLink
[02/10/2009|14:09] C:\Users\SBASTI~1\AppData\Local\d3d9caps.dat
[05/10/2009|18:15] C:\Users\SBASTI~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06/07/2009|22:26] C:\Users\SBASTI~1\AppData\Local\desktop.ini
[26/08/2009|13:07] C:\Users\SBASTI~1\AppData\Local\Downloaded Installations
[31/07/2009|16:31] C:\Users\SBASTI~1\AppData\Local\Films
[29/09/2009|17:44] C:\Users\SBASTI~1\AppData\Local\Google
[13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Historique
[12/10/2009|19:59] C:\Users\SBASTI~1\AppData\Local\IconCache.db
[24/05/2009|22:44] C:\Users\SBASTI~1\AppData\Local\Microsoft
[17/09/2009|11:40] C:\Users\SBASTI~1\AppData\Local\Microsoft Corporation
[08/05/2009|21:13] C:\Users\SBASTI~1\AppData\Local\Microsoft Games
[13/03/2009|16:13] C:\Users\SBASTI~1\AppData\Local\Microsoft Help
[13/03/2009|14:51] C:\Users\SBASTI~1\AppData\Local\Mozilla
[17/05/2009|15:17] C:\Users\SBASTI~1\AppData\Local\Nero
[30/07/2009|11:44] C:\Users\SBASTI~1\AppData\Local\Neuf
[13/03/2009|16:23] C:\Users\SBASTI~1\AppData\Local\PowerCinema
[18/03/2009|22:54] C:\Users\SBASTI~1\AppData\Local\PunkBuster
[01/05/2009|23:27] C:\Users\SBASTI~1\AppData\Local\Seven Zip
[24/03/2009|13:34] C:\Users\SBASTI~1\AppData\Local\SoftDMA
[12/10/2009|22:02] C:\Users\SBASTI~1\AppData\Local\temp
[13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Temporary Internet Files
[13/03/2009|16:53] C:\Users\SBASTI~1\AppData\Local\VirtualStore
[24/09/2009|10:48] C:\Users\SBASTI~1\AppData\Local\Zattoo
[14/03/2009|16:56] C:\Users\SBASTI~1\AppData\Local\ZattooPlayer
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[12/10/2009 19:17][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[12/10/2009 21:22][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[12/10/2009 21:25][--a------] C:\Windows\tasks\Google Software Updater.job
[12/10/2009 00:00][--a------] C:\Windows\tasks\NeroLiveEpgUpdate-PC-de-S‚bastien_S‚bastien.job
[02/05/2009 20:40][--a------] C:\Windows\tasks\McDefragTask.job
[02/05/2009 20:40][--a------] C:\Windows\tasks\McQcTask.job
[12/10/2009 21:21][--ah-----] C:\Windows\tasks\SA.DAT
[12/10/2009 19:59][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[10/09/2009|10:51] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[13/06/2009|14:41] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[11/09/2009|14:05] C:\ProgramData\Adobe
[11/09/2009|14:05] C:\ProgramData\afl.log
[13/06/2009|14:35] C:\ProgramData\Apple
[13/06/2009|14:40] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[06/10/2009|14:24] C:\ProgramData\ArcadeDeluxe2.log
[21/03/2009|20:16] C:\ProgramData\Azureus
[13/03/2009|16:45] C:\ProgramData\Bureau
[06/10/2009|14:19] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[15/09/2008|14:28] C:\ProgramData\DeviceInstaller.xml
[22/09/2008|11:15] C:\ProgramData\DeviceManager.xml.rc4
[02/11/2006|15:02] C:\ProgramData\Documents
[10/04/2009|18:50] C:\ProgramData\EnterNHelp
[13/03/2009|23:09] C:\ProgramData\eSobi
[13/03/2009|16:45] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[16/04/2009|16:51] C:\ProgramData\FLEXnet
[25/07/2008|15:05] C:\ProgramData\FloodLightGames
[29/09/2009|17:44] C:\ProgramData\Google
[12/10/2009|12:51] C:\ProgramData\Google Updater
[23/07/2009|10:30] C:\ProgramData\Hewlett-Packard
[18/03/2009|19:20] C:\ProgramData\HP
[19/03/2009|19:49] C:\ProgramData\HP Product Assistant
[18/03/2009|16:58] C:\ProgramData\HPSSUPPLY
[08/10/2009|08:44] C:\ProgramData\hpzinstall.log
[06/07/2009|22:26] C:\ProgramData\InstallShield
[13/03/2009|22:38] C:\ProgramData\Intel
[02/05/2009|14:12] C:\ProgramData\LightScribe
[12/09/2009|10:48] C:\ProgramData\Malwarebytes
[10/07/2009|17:48] C:\ProgramData\McAfee
[13/03/2009|16:45] C:\ProgramData\Menu D‚marrer
[14/03/2009|15:29] C:\ProgramData\Messenger Plus!
[19/03/2009|12:06] C:\ProgramData\Microsoft
[25/07/2009|14:30] C:\ProgramData\Microsoft Help
[13/03/2009|16:45] C:\ProgramData\ModŠles
[02/05/2009|13:34] C:\ProgramData\Nero
[10/04/2009|18:39] C:\ProgramData\Nikon
[24/09/2009|14:34] C:\ProgramData\ntuser.pol
[05/06/2009|17:14] C:\ProgramData\NVIDIA
[12/10/2009|21:24] C:\ProgramData\nvModes.001
[12/10/2009|21:22] C:\ProgramData\nvModes.dat
[09/07/2009|18:45] C:\ProgramData\PC Suite
[16/04/2009|16:21] C:\ProgramData\PKP_DLdu.DAT
[02/05/2009|11:56] C:\ProgramData\PKP_DLdw.DAT
[10/04/2009|18:38] C:\ProgramData\Pop Kit
[10/04/2009|18:50] C:\ProgramData\Printer Icons
[10/04/2009|18:38] C:\ProgramData\Profiles
[10/04/2009|18:50] C:\ProgramData\Receipts
[13/03/2009|22:39] C:\ProgramData\Roaming
[26/08/2009|13:11] C:\ProgramData\Seagate
[15/03/2009|10:24] C:\ProgramData\SiteAdvisor
[02/11/2006|15:02] C:\ProgramData\Start Menu
[21/03/2009|18:51] C:\ProgramData\Temp
[02/11/2006|15:02] C:\ProgramData\Templates
[30/09/2008|03:55] C:\ProgramData\UIB
[10/04/2009|18:50] C:\ProgramData\Ultima_T15
[27/07/2009|16:11] C:\ProgramData\Vodafone
[18/03/2009|16:59] C:\ProgramData\WEBREG
[27/08/2009|14:42] C:\ProgramData\WindowsSearch
--------------------\\ Listing des dossiers dans C:\Program Files
[25/09/2009|17:21] C:\Program Files\7-Zip
[14/09/2009|12:01] C:\Program Files\abgx360
[13/03/2009|16:51] C:\Program Files\Acer
[30/09/2008|04:05] C:\Program Files\Acer Arcade Deluxe
[29/09/2009|17:44] C:\Program Files\Acer GameZone
[30/09/2008|03:44] C:\Program Files\Acer Inc
[30/09/2008|04:20] C:\Program Files\Acer Incorporated
[23/06/2009|22:13] C:\Program Files\Adobe
[16/04/2009|16:39] C:\Program Files\Adobe Media Player
[08/10/2009|19:35] C:\Program Files\Ad-Remover
[13/06/2009|14:37] C:\Program Files\Apple Software Update
[25/07/2008|15:14] C:\Program Files\Big Kahuna Reef
[02/06/2009|19:37] C:\Program Files\bobyte
[13/06/2009|14:40] C:\Program Files\Bonjour
[13/03/2009|21:23] C:\Program Files\Canal
[13/03/2009|15:12] C:\Program Files\CCleaner
[16/04/2009|17:38] C:\Program Files\CDBurnerXP
[13/03/2009|22:38] C:\Program Files\Cisco
[11/10/2009|20:47] C:\Program Files\Common Files
[25/07/2008|14:42] C:\Program Files\CONEXANT
[30/07/2009|17:05] C:\Program Files\ConvertHelper
[25/07/2008|15:18] C:\Program Files\Convesoft
[30/09/2008|04:19] C:\Program Files\Cyberlink
[09/07/2009|18:44] C:\Program Files\DIFX
[02/06/2009|02:58] C:\Program Files\DownloadToolz
[25/09/2009|17:27] C:\Program Files\Druide
[26/05/2009|20:31] C:\Program Files\eSobi
[13/03/2009|16:45] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[13/05/2009|14:18] C:\Program Files\gBurner
[29/09/2009|17:44] C:\Program Files\Google
[18/03/2009|16:56] C:\Program Files\Hewlett-Packard
[18/03/2009|16:58] C:\Program Files\HP
[28/08/2009|17:02] C:\Program Files\ImgBurn
[29/09/2009|17:43] C:\Program Files\InstallShield Installation Information
[13/03/2009|22:38] C:\Program Files\Intel
[03/10/2009|20:43] C:\Program Files\Internet Explorer
[24/09/2009|11:08] C:\Program Files\iPod
[06/09/2009|22:16] C:\Program Files\Ipulp
[24/09/2009|11:10] C:\Program Files\iTunes
[05/08/2009|18:01] C:\Program Files\Java
[11/10/2009|21:24] C:\Program Files\JDownloader 0.6.193
[06/10/2009|14:44] C:\Program Files\Launch Manager
[09/10/2009|14:29] C:\Program Files\Malwarebytes' Anti-Malware
[30/07/2009|15:58] C:\Program Files\MarkAny
[31/07/2009|16:31] C:\Program Files\MaVideotheque
[26/08/2009|00:09] C:\Program Files\McAfee
[02/05/2009|12:03] C:\Program Files\McAfee.com
[10/07/2009|17:43] C:\Program Files\Messenger Plus! Live
[04/10/2009|12:31] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[13/03/2009|21:20] C:\Program Files\Microsoft Office
[10/09/2009|10:58] C:\Program Files\Microsoft Silverlight
[17/09/2009|11:38] C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[11/06/2009|00:51] C:\Program Files\Microsoft Works
[25/07/2008|15:20] C:\Program Files\Microsoft.NET
[26/05/2009|20:27] C:\Program Files\Morgan
[05/06/2009|16:53] C:\Program Files\Movie Maker
[12/10/2009|22:02] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[09/10/2009|09:24] C:\Program Files\MSECache
[13/03/2009|15:53] C:\Program Files\MSXML 4.0
[02/05/2009|13:46] C:\Program Files\Nero
[25/07/2008|15:16] C:\Program Files\NewTech Infosystems
[10/04/2009|18:52] C:\Program Files\Nikon
[29/09/2009|17:58] C:\Program Files\OpenOffice.org 3
[04/10/2009|12:54] C:\Program Files\Patch MsnCreative
[29/09/2009|17:46] C:\Program Files\PC Connectivity Solution
[17/04/2009|21:46] C:\Program Files\PFConfig
[10/09/2009|10:46] C:\Program Files\QuickTime
[25/07/2008|14:40] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[17/03/2009|17:40] C:\Program Files\RocketDock
[30/07/2009|16:02] C:\Program Files\Samsung
[26/08/2009|13:11] C:\Program Files\Seagate
[30/07/2009|11:43] C:\Program Files\SFR
[17/05/2009|19:57] C:\Program Files\SiteAdvisor
[04/09/2009|13:09] C:\Program Files\SpeedyFox
[25/07/2008|14:44] C:\Program Files\Synaptics
[29/07/2009|17:47] C:\Program Files\Transcode360
[08/10/2009|21:01] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[16/04/2009|17:38] C:\Program Files\uTorrent
[21/03/2009|17:03] C:\Program Files\VideoLAN
[27/07/2009|16:11] C:\Program Files\Vodafone
[07/05/2009|18:39] C:\Program Files\Vuze
[30/09/2008|03:38] C:\Program Files\WIDCOMM
[25/07/2008|14:44] C:\Program Files\Winbond Electronics Corporation
[05/06/2009|16:53] C:\Program Files\Windows Calendar
[05/06/2009|16:53] C:\Program Files\Windows Collaboration
[05/06/2009|16:53] C:\Program Files\Windows Defender
[05/06/2009|16:53] C:\Program Files\Windows Journal
[13/03/2009|14:41] C:\Program Files\Windows Live
[04/10/2009|12:30] C:\Program Files\Windows Live SkyDrive
[10/09/2009|10:23] C:\Program Files\Windows Mail
[14/08/2009|11:58] C:\Program Files\Windows Media Player
[13/03/2009|16:45] C:\Program Files\Windows NT
[05/06/2009|16:53] C:\Program Files\Windows Photo Gallery
[05/06/2009|16:53] C:\Program Files\Windows Sidebar
[02/05/2009|11:52] C:\Program Files\WinRAR
[14/03/2009|16:55] C:\Program Files\Zattoo
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[09/07/2009|18:25] C:\Program Files\Common Files\Adobe
[13/03/2009|21:23] C:\Program Files\Common Files\Adobe AIR
[24/09/2009|11:08] C:\Program Files\Common Files\Apple
[25/07/2008|15:20] C:\Program Files\Common Files\DESIGNER
[18/03/2009|16:56] C:\Program Files\Common Files\Hewlett-Packard
[18/03/2009|16:58] C:\Program Files\Common Files\HP
[06/07/2009|22:25] C:\Program Files\Common Files\InstallShield
[13/03/2009|22:38] C:\Program Files\Common Files\Intel
[13/03/2009|15:13] C:\Program Files\Common Files\Java
[25/07/2008|15:16] C:\Program Files\Common Files\LightScribe
[16/04/2009|16:32] C:\Program Files\Common Files\Macrovision Shared
[02/05/2009|12:04] C:\Program Files\Common Files\McAfee
[02/05/2009|23:12] C:\Program Files\Common Files\microsoft shared
[10/04/2009|18:39] C:\Program Files\Common Files\muvee Technologies
[02/05/2009|14:10] C:\Program Files\Common Files\Nero
[10/04/2009|23:39] C:\Program Files\Common Files\Nikon
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[30/09/2008|03:56] C:\Program Files\Common Files\SPBA
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[13/03/2009|17:15] C:\Program Files\Common Files\SWF Studio
[05/06/2009|16:53] C:\Program Files\Common Files\System
[13/03/2009|14:32] C:\Program Files\Common Files\Windows Live
--------------------\\ Process
( 111 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 22:04:40
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:17][D:4]-> C:\Users\SBASTI~1\AppData\Local\Temp
[F:3][D:1]-> C:\Users\SBASTI~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2][D:1]-> C:\Users\SBASTI~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 12/10/2009|22:06 - Option : [1]
--------------------\\ Fin du rapport a 22:06:49
[ UAC => 1 ]
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : ZK2 v0.3121 3A21
USER : Sébastien ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:144 Go (Free:40 Go)
D:\ (Local Disk) - NTFS - Total:140 Go (Free:16 Go)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 12/10/2009|22:04 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[06/07/2009|22:23] C:\Users\SBASTI~1\AppData\Local\{BAD7C248-517D-4CE1-B65A-829C01BEFDB1}
[13/03/2009|16:14] C:\Users\SBASTI~1\AppData\Local\Acer Arcade Deluxe
[01/06/2009|21:25] C:\Users\SBASTI~1\AppData\Local\Adobe
[14/03/2009|21:44] C:\Users\SBASTI~1\AppData\Local\Anand_Prakash
[13/06/2009|14:37] C:\Users\SBASTI~1\AppData\Local\Apple
[13/06/2009|14:41] C:\Users\SBASTI~1\AppData\Local\Apple Computer
[13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Application Data
[02/06/2009|03:14] C:\Users\SBASTI~1\AppData\Local\Cooliris
[13/03/2009|16:15] C:\Users\SBASTI~1\AppData\Local\CyberLink
[02/10/2009|14:09] C:\Users\SBASTI~1\AppData\Local\d3d9caps.dat
[05/10/2009|18:15] C:\Users\SBASTI~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06/07/2009|22:26] C:\Users\SBASTI~1\AppData\Local\desktop.ini
[26/08/2009|13:07] C:\Users\SBASTI~1\AppData\Local\Downloaded Installations
[31/07/2009|16:31] C:\Users\SBASTI~1\AppData\Local\Films
[29/09/2009|17:44] C:\Users\SBASTI~1\AppData\Local\Google
[13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Historique
[12/10/2009|19:59] C:\Users\SBASTI~1\AppData\Local\IconCache.db
[24/05/2009|22:44] C:\Users\SBASTI~1\AppData\Local\Microsoft
[17/09/2009|11:40] C:\Users\SBASTI~1\AppData\Local\Microsoft Corporation
[08/05/2009|21:13] C:\Users\SBASTI~1\AppData\Local\Microsoft Games
[13/03/2009|16:13] C:\Users\SBASTI~1\AppData\Local\Microsoft Help
[13/03/2009|14:51] C:\Users\SBASTI~1\AppData\Local\Mozilla
[17/05/2009|15:17] C:\Users\SBASTI~1\AppData\Local\Nero
[30/07/2009|11:44] C:\Users\SBASTI~1\AppData\Local\Neuf
[13/03/2009|16:23] C:\Users\SBASTI~1\AppData\Local\PowerCinema
[18/03/2009|22:54] C:\Users\SBASTI~1\AppData\Local\PunkBuster
[01/05/2009|23:27] C:\Users\SBASTI~1\AppData\Local\Seven Zip
[24/03/2009|13:34] C:\Users\SBASTI~1\AppData\Local\SoftDMA
[12/10/2009|22:02] C:\Users\SBASTI~1\AppData\Local\temp
[13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Temporary Internet Files
[13/03/2009|16:53] C:\Users\SBASTI~1\AppData\Local\VirtualStore
[24/09/2009|10:48] C:\Users\SBASTI~1\AppData\Local\Zattoo
[14/03/2009|16:56] C:\Users\SBASTI~1\AppData\Local\ZattooPlayer
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[12/10/2009 19:17][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[12/10/2009 21:22][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[12/10/2009 21:25][--a------] C:\Windows\tasks\Google Software Updater.job
[12/10/2009 00:00][--a------] C:\Windows\tasks\NeroLiveEpgUpdate-PC-de-S‚bastien_S‚bastien.job
[02/05/2009 20:40][--a------] C:\Windows\tasks\McDefragTask.job
[02/05/2009 20:40][--a------] C:\Windows\tasks\McQcTask.job
[12/10/2009 21:21][--ah-----] C:\Windows\tasks\SA.DAT
[12/10/2009 19:59][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[10/09/2009|10:51] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[13/06/2009|14:41] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[11/09/2009|14:05] C:\ProgramData\Adobe
[11/09/2009|14:05] C:\ProgramData\afl.log
[13/06/2009|14:35] C:\ProgramData\Apple
[13/06/2009|14:40] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[06/10/2009|14:24] C:\ProgramData\ArcadeDeluxe2.log
[21/03/2009|20:16] C:\ProgramData\Azureus
[13/03/2009|16:45] C:\ProgramData\Bureau
[06/10/2009|14:19] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[15/09/2008|14:28] C:\ProgramData\DeviceInstaller.xml
[22/09/2008|11:15] C:\ProgramData\DeviceManager.xml.rc4
[02/11/2006|15:02] C:\ProgramData\Documents
[10/04/2009|18:50] C:\ProgramData\EnterNHelp
[13/03/2009|23:09] C:\ProgramData\eSobi
[13/03/2009|16:45] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[16/04/2009|16:51] C:\ProgramData\FLEXnet
[25/07/2008|15:05] C:\ProgramData\FloodLightGames
[29/09/2009|17:44] C:\ProgramData\Google
[12/10/2009|12:51] C:\ProgramData\Google Updater
[23/07/2009|10:30] C:\ProgramData\Hewlett-Packard
[18/03/2009|19:20] C:\ProgramData\HP
[19/03/2009|19:49] C:\ProgramData\HP Product Assistant
[18/03/2009|16:58] C:\ProgramData\HPSSUPPLY
[08/10/2009|08:44] C:\ProgramData\hpzinstall.log
[06/07/2009|22:26] C:\ProgramData\InstallShield
[13/03/2009|22:38] C:\ProgramData\Intel
[02/05/2009|14:12] C:\ProgramData\LightScribe
[12/09/2009|10:48] C:\ProgramData\Malwarebytes
[10/07/2009|17:48] C:\ProgramData\McAfee
[13/03/2009|16:45] C:\ProgramData\Menu D‚marrer
[14/03/2009|15:29] C:\ProgramData\Messenger Plus!
[19/03/2009|12:06] C:\ProgramData\Microsoft
[25/07/2009|14:30] C:\ProgramData\Microsoft Help
[13/03/2009|16:45] C:\ProgramData\ModŠles
[02/05/2009|13:34] C:\ProgramData\Nero
[10/04/2009|18:39] C:\ProgramData\Nikon
[24/09/2009|14:34] C:\ProgramData\ntuser.pol
[05/06/2009|17:14] C:\ProgramData\NVIDIA
[12/10/2009|21:24] C:\ProgramData\nvModes.001
[12/10/2009|21:22] C:\ProgramData\nvModes.dat
[09/07/2009|18:45] C:\ProgramData\PC Suite
[16/04/2009|16:21] C:\ProgramData\PKP_DLdu.DAT
[02/05/2009|11:56] C:\ProgramData\PKP_DLdw.DAT
[10/04/2009|18:38] C:\ProgramData\Pop Kit
[10/04/2009|18:50] C:\ProgramData\Printer Icons
[10/04/2009|18:38] C:\ProgramData\Profiles
[10/04/2009|18:50] C:\ProgramData\Receipts
[13/03/2009|22:39] C:\ProgramData\Roaming
[26/08/2009|13:11] C:\ProgramData\Seagate
[15/03/2009|10:24] C:\ProgramData\SiteAdvisor
[02/11/2006|15:02] C:\ProgramData\Start Menu
[21/03/2009|18:51] C:\ProgramData\Temp
[02/11/2006|15:02] C:\ProgramData\Templates
[30/09/2008|03:55] C:\ProgramData\UIB
[10/04/2009|18:50] C:\ProgramData\Ultima_T15
[27/07/2009|16:11] C:\ProgramData\Vodafone
[18/03/2009|16:59] C:\ProgramData\WEBREG
[27/08/2009|14:42] C:\ProgramData\WindowsSearch
--------------------\\ Listing des dossiers dans C:\Program Files
[25/09/2009|17:21] C:\Program Files\7-Zip
[14/09/2009|12:01] C:\Program Files\abgx360
[13/03/2009|16:51] C:\Program Files\Acer
[30/09/2008|04:05] C:\Program Files\Acer Arcade Deluxe
[29/09/2009|17:44] C:\Program Files\Acer GameZone
[30/09/2008|03:44] C:\Program Files\Acer Inc
[30/09/2008|04:20] C:\Program Files\Acer Incorporated
[23/06/2009|22:13] C:\Program Files\Adobe
[16/04/2009|16:39] C:\Program Files\Adobe Media Player
[08/10/2009|19:35] C:\Program Files\Ad-Remover
[13/06/2009|14:37] C:\Program Files\Apple Software Update
[25/07/2008|15:14] C:\Program Files\Big Kahuna Reef
[02/06/2009|19:37] C:\Program Files\bobyte
[13/06/2009|14:40] C:\Program Files\Bonjour
[13/03/2009|21:23] C:\Program Files\Canal
[13/03/2009|15:12] C:\Program Files\CCleaner
[16/04/2009|17:38] C:\Program Files\CDBurnerXP
[13/03/2009|22:38] C:\Program Files\Cisco
[11/10/2009|20:47] C:\Program Files\Common Files
[25/07/2008|14:42] C:\Program Files\CONEXANT
[30/07/2009|17:05] C:\Program Files\ConvertHelper
[25/07/2008|15:18] C:\Program Files\Convesoft
[30/09/2008|04:19] C:\Program Files\Cyberlink
[09/07/2009|18:44] C:\Program Files\DIFX
[02/06/2009|02:58] C:\Program Files\DownloadToolz
[25/09/2009|17:27] C:\Program Files\Druide
[26/05/2009|20:31] C:\Program Files\eSobi
[13/03/2009|16:45] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[13/05/2009|14:18] C:\Program Files\gBurner
[29/09/2009|17:44] C:\Program Files\Google
[18/03/2009|16:56] C:\Program Files\Hewlett-Packard
[18/03/2009|16:58] C:\Program Files\HP
[28/08/2009|17:02] C:\Program Files\ImgBurn
[29/09/2009|17:43] C:\Program Files\InstallShield Installation Information
[13/03/2009|22:38] C:\Program Files\Intel
[03/10/2009|20:43] C:\Program Files\Internet Explorer
[24/09/2009|11:08] C:\Program Files\iPod
[06/09/2009|22:16] C:\Program Files\Ipulp
[24/09/2009|11:10] C:\Program Files\iTunes
[05/08/2009|18:01] C:\Program Files\Java
[11/10/2009|21:24] C:\Program Files\JDownloader 0.6.193
[06/10/2009|14:44] C:\Program Files\Launch Manager
[09/10/2009|14:29] C:\Program Files\Malwarebytes' Anti-Malware
[30/07/2009|15:58] C:\Program Files\MarkAny
[31/07/2009|16:31] C:\Program Files\MaVideotheque
[26/08/2009|00:09] C:\Program Files\McAfee
[02/05/2009|12:03] C:\Program Files\McAfee.com
[10/07/2009|17:43] C:\Program Files\Messenger Plus! Live
[04/10/2009|12:31] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[13/03/2009|21:20] C:\Program Files\Microsoft Office
[10/09/2009|10:58] C:\Program Files\Microsoft Silverlight
[17/09/2009|11:38] C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[11/06/2009|00:51] C:\Program Files\Microsoft Works
[25/07/2008|15:20] C:\Program Files\Microsoft.NET
[26/05/2009|20:27] C:\Program Files\Morgan
[05/06/2009|16:53] C:\Program Files\Movie Maker
[12/10/2009|22:02] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[09/10/2009|09:24] C:\Program Files\MSECache
[13/03/2009|15:53] C:\Program Files\MSXML 4.0
[02/05/2009|13:46] C:\Program Files\Nero
[25/07/2008|15:16] C:\Program Files\NewTech Infosystems
[10/04/2009|18:52] C:\Program Files\Nikon
[29/09/2009|17:58] C:\Program Files\OpenOffice.org 3
[04/10/2009|12:54] C:\Program Files\Patch MsnCreative
[29/09/2009|17:46] C:\Program Files\PC Connectivity Solution
[17/04/2009|21:46] C:\Program Files\PFConfig
[10/09/2009|10:46] C:\Program Files\QuickTime
[25/07/2008|14:40] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[17/03/2009|17:40] C:\Program Files\RocketDock
[30/07/2009|16:02] C:\Program Files\Samsung
[26/08/2009|13:11] C:\Program Files\Seagate
[30/07/2009|11:43] C:\Program Files\SFR
[17/05/2009|19:57] C:\Program Files\SiteAdvisor
[04/09/2009|13:09] C:\Program Files\SpeedyFox
[25/07/2008|14:44] C:\Program Files\Synaptics
[29/07/2009|17:47] C:\Program Files\Transcode360
[08/10/2009|21:01] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[16/04/2009|17:38] C:\Program Files\uTorrent
[21/03/2009|17:03] C:\Program Files\VideoLAN
[27/07/2009|16:11] C:\Program Files\Vodafone
[07/05/2009|18:39] C:\Program Files\Vuze
[30/09/2008|03:38] C:\Program Files\WIDCOMM
[25/07/2008|14:44] C:\Program Files\Winbond Electronics Corporation
[05/06/2009|16:53] C:\Program Files\Windows Calendar
[05/06/2009|16:53] C:\Program Files\Windows Collaboration
[05/06/2009|16:53] C:\Program Files\Windows Defender
[05/06/2009|16:53] C:\Program Files\Windows Journal
[13/03/2009|14:41] C:\Program Files\Windows Live
[04/10/2009|12:30] C:\Program Files\Windows Live SkyDrive
[10/09/2009|10:23] C:\Program Files\Windows Mail
[14/08/2009|11:58] C:\Program Files\Windows Media Player
[13/03/2009|16:45] C:\Program Files\Windows NT
[05/06/2009|16:53] C:\Program Files\Windows Photo Gallery
[05/06/2009|16:53] C:\Program Files\Windows Sidebar
[02/05/2009|11:52] C:\Program Files\WinRAR
[14/03/2009|16:55] C:\Program Files\Zattoo
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[09/07/2009|18:25] C:\Program Files\Common Files\Adobe
[13/03/2009|21:23] C:\Program Files\Common Files\Adobe AIR
[24/09/2009|11:08] C:\Program Files\Common Files\Apple
[25/07/2008|15:20] C:\Program Files\Common Files\DESIGNER
[18/03/2009|16:56] C:\Program Files\Common Files\Hewlett-Packard
[18/03/2009|16:58] C:\Program Files\Common Files\HP
[06/07/2009|22:25] C:\Program Files\Common Files\InstallShield
[13/03/2009|22:38] C:\Program Files\Common Files\Intel
[13/03/2009|15:13] C:\Program Files\Common Files\Java
[25/07/2008|15:16] C:\Program Files\Common Files\LightScribe
[16/04/2009|16:32] C:\Program Files\Common Files\Macrovision Shared
[02/05/2009|12:04] C:\Program Files\Common Files\McAfee
[02/05/2009|23:12] C:\Program Files\Common Files\microsoft shared
[10/04/2009|18:39] C:\Program Files\Common Files\muvee Technologies
[02/05/2009|14:10] C:\Program Files\Common Files\Nero
[10/04/2009|23:39] C:\Program Files\Common Files\Nikon
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[30/09/2008|03:56] C:\Program Files\Common Files\SPBA
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[13/03/2009|17:15] C:\Program Files\Common Files\SWF Studio
[05/06/2009|16:53] C:\Program Files\Common Files\System
[13/03/2009|14:32] C:\Program Files\Common Files\Windows Live
--------------------\\ Process
( 111 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 22:04:40
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:17][D:4]-> C:\Users\SBASTI~1\AppData\Local\Temp
[F:3][D:1]-> C:\Users\SBASTI~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2][D:1]-> C:\Users\SBASTI~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 12/10/2009|22:06 - Option : [1]
--------------------\\ Fin du rapport a 22:06:49
[ UAC => 1 ]
Bonsoir
1)Télécharges tools cleaner afin de supprimer les logiciels de désinfection inutiles
---> Télécharge Toolscleaner sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2)Comment se comporte ton PC?
1)Télécharges tools cleaner afin de supprimer les logiciels de désinfection inutiles
---> Télécharge Toolscleaner sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2)Comment se comporte ton PC?
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
13 oct. 2009 à 20:41
13 oct. 2009 à 20:41
mon pc tourne bien, plus de message au démarrage ce qui est une bonne chose, j'ai envie de dire RAS ! ^^
merci pour ton aide
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\GenProc\Genproc.exe: trouvé !
C:\GenProc\Page\GenProc[*].html: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Lop SD\catchme.log: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Mcx1.PC-de-Sébastien\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sébastien\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sébastien\Desktop\Rsit.exe: trouvé !
C:\Users\Sébastien\Downloads\LopSD.exe: trouvé !
C:\Users\Sébastien\Downloads\OTM.exe: trouvé !
C:\Users\Sébastien\Downloads\HJTInstall.exe: trouvé !
C:\Users\Sébastien\Downloads\Ad-R.exe: trouvé !
C:\Users\Sébastien\Downloads\Genproc.exe: trouvé !
---------------------------------
--> Suppression:
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Mcx1.PC-de-Sébastien\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sébastien\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sébastien\Downloads\LopSD.exe: supprimé !
C:\Users\Sébastien\Downloads\OTM.exe: supprimé !
C:\Users\Sébastien\Downloads\HJTInstall.exe: supprimé !
C:\Users\Sébastien\Downloads\Ad-R.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\GenProc\Genproc.exe: supprimé !
C:\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Lop SD\catchme.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\Sébastien\Desktop\Rsit.exe: supprimé !
C:\Users\Sébastien\Downloads\Genproc.exe: supprimé !
C:\Lop SD: supprimé !
C:\GenProc: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
Fichiers temporaires nettoyés !
merci pour ton aide
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\GenProc\Genproc.exe: trouvé !
C:\GenProc\Page\GenProc[*].html: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Lop SD\catchme.log: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Mcx1.PC-de-Sébastien\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sébastien\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sébastien\Desktop\Rsit.exe: trouvé !
C:\Users\Sébastien\Downloads\LopSD.exe: trouvé !
C:\Users\Sébastien\Downloads\OTM.exe: trouvé !
C:\Users\Sébastien\Downloads\HJTInstall.exe: trouvé !
C:\Users\Sébastien\Downloads\Ad-R.exe: trouvé !
C:\Users\Sébastien\Downloads\Genproc.exe: trouvé !
---------------------------------
--> Suppression:
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Mcx1.PC-de-Sébastien\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sébastien\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sébastien\Downloads\LopSD.exe: supprimé !
C:\Users\Sébastien\Downloads\OTM.exe: supprimé !
C:\Users\Sébastien\Downloads\HJTInstall.exe: supprimé !
C:\Users\Sébastien\Downloads\Ad-R.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\GenProc\Genproc.exe: supprimé !
C:\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Lop SD\catchme.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\Sébastien\Desktop\Rsit.exe: supprimé !
C:\Users\Sébastien\Downloads\Genproc.exe: supprimé !
C:\Lop SD: supprimé !
C:\GenProc: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
Fichiers temporaires nettoyés !
Re
Désinstaller ComboFix :
Clique sur Démarrer, puis sur Exécuter et fais un copier/coller de la commande suivante dans la zone de saisie ; puis valide par [OK]
combofix.exe /u
Attention à l'espace entre le exe et le slach.
Réactive l'UAC si ce n'est déjà fait.
Et bon surf sur le net mais avec vigilance
Post résolu ;comment faire ;voir ici :
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
@+
Désinstaller ComboFix :
Clique sur Démarrer, puis sur Exécuter et fais un copier/coller de la commande suivante dans la zone de saisie ; puis valide par [OK]
combofix.exe /u
Attention à l'espace entre le exe et le slach.
Réactive l'UAC si ce n'est déjà fait.
Et bon surf sur le net mais avec vigilance
Post résolu ;comment faire ;voir ici :
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
@+
Seb1989
Messages postés
57
Date d'inscription
jeudi 10 septembre 2009
Statut
Membre
Dernière intervention
10 janvier 2011
13
13 oct. 2009 à 21:06
13 oct. 2009 à 21:06
merci beaucoup
Bonne soirée.
Bonne soirée.
