Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Infection Trojan -Spy...

Dernière réponse le 15 oct 2008 à 07:11:33 Eilehpo, le 10 oct 2008 à 18:36:52

Signaler ce message aux modérateurs

Bonjour,
Je suis novice sous Windows Vista et depuis qqs jours, je vois apparaitre des fenêtres "Windows defender" avec des alertes concernant plusieurs Trojan :

Trojan-Spy.HTML.Bankfraud.dq
Trojan-spy.win32.keylogger.aa
Trojan-Downloader.Win32.Agent.bq
Trojan-Clicker.Win32.Tiny.h

Le problème c'est que Windows Defender les détecte, mais ne peut rien faire =/
J'ai fait un scan avec Spybot-Search & Distroy, Ad-Aware, Trojan Remover, AVG Anti-spyware, mais rien n'y fait :(

Quelqu'un peut-il me sortir de cette galère et m'aider à supprimer ces Trojan de mon PC ?

Merci d'avance !

Configuration: Windows Vista
Firefox 3.0.3

Meilleures réponses pour « Infection Trojan Spy... » dans :

Cette page

Posez votre question Répondre

wiwiwi, le 10 oct 2008 à 18:39:34

Bonjour,
dans les rapports bitdefender repère les fichiers infectés et supprime les.

Répondre à wiwiwi

Eilehpo, le 11 oct 2008 à 00:27:31

J'ai effacé un fichier qu'il m'a indiqué comme infecté, mais j'ai toujours les alerte Windows Defender =/
Une autre solution ?
Merci d'avance !!

Répondre à Eilehpo

sherred, le 11 oct 2008 à 09:26:04

Passe un coup de MalwareBytes' Anti-Malware : mette-le à jour avant, puis effectue le scan en mode sans échec) et nettoye tout ce qu'il trouve.
http://www.site-naheulbeuk.com/malwarebytes.php
Tuto : http://mickael.barroux.free.fr/securite/malwarebytes.php
toutes règles absolues est vrai , jusqu'à son contraire ...(sherred)

Répondre à sherred

Eilehpo, le 11 oct 2008 à 23:09:30

J'ai scanné avec MalwareBytes' en mode sans échec après avoir mis à jour. Il ne m'a rien trouvé d'anormal. Mais j'ai toujours les alertes Windows...

Répondre à Eilehpo

Hs32-Idir, le 12 oct 2008 à 03:00:04

Essayer une autre fois avec Avast Professinnel edition
1er-Telecharger [Avast v4.8 Edition Proffesionnel]
2eme -Instaler le est redemarer Le PC
3eme- Faite le une mise a jours de la base Virals
4eme- Planifier un scan au demarage pour tout les discks locaux est amovibles
5eme - redemarer votre pc est tu va voir.

Répondre à Hs32-Idir

Destrio5, le 12 oct 2008 à 03:21:33

Salut,

---> Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur le Bureau :
http://images.malwareremoval.com/random/RSIT.exe
---> Double-clique sur RSIT.exe afin de lancer le programme.
---> Clique sur Continue à l'écran Disclaimer.
---> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
---> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit

Répondre à Destrio5

Eilehpo, le 13 oct 2008 à 20:55:51

Coucou.

J4ai désinstallé Antivir et installé Avast.
J'ai fait un scan, il a trouvé quelques trucs, que j'ai enlevé.
J'ai plus eu d'avertissement par le suite.
Dans le doute, j'ai fait un hijackthis, voici les rapports, si vous trouvez quelque chose d'anormal, faites-moi signe.
(j'ai essayer de tout mettre ensemble, mais apparemment ca marche pas... je fais un post séparé)

Répondre à Eilehpo

Eilehpo, le 13 oct 2008 à 21:00:08

Log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ophélie at 2008-10-13 20:04:49
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 98 GB (66%) free of 148 GB
Total RAM: 3062 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05, on 2008-10-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Users\OPHLIE~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\Ophélie\Desktop\RSIT.exe
C:\Ophélie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [zmosdizlutpif] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\cfagzuonlxmmuaso.dll"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EnMnt] C:\ProgramData\EnMnt\bivutyxe.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
End of file - 12504 bytes

Répondre à Eilehpo

Eilehpo, le 13 oct 2008 à 21:02:06

======Scheduled tasks folder======

C:\Windows\tasks\ParetoLogic Anti-Spyware.job
C:\Windows\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03 155184]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"Adobe Reader Speed Launcher"=c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-08 4853760]
"Skytel"=C:\Windows\Skytel.exe [2007-11-21 1826816]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-10-10 1286144]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-01-03 521776]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-08 842248]
"eRecoveryService"= []
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-12 185896]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"zmosdizlutpif"=C:\Windows\System32\regsvr32.exe [2006-11-02 14336]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-10-05 967048]
"BDMCon"=c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe [2007-04-02 290816]
"BDAgent"=C:\Program Files\Softwin\BitDefender10\bdagent.exe [2007-03-26 69632]
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"EnMnt"=C:\ProgramData\EnMnt\bivutyxe.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"ParetoLogic Anti-Spyware"=C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2006-10-11 2613248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

C:\Users\Ophélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"=C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [2006-10-11 94208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dca9701-7e43-11dd-bf37-a8f5d7a3558f}]
shell\Auto\command - H:\Start.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e71b93ef-4592-11dd-84c2-806e6f6e6963}]
shell\AutoRun\command - E:\Office2003.exe

======List of files/folders created in the last 1 months======

2008-10-13 18:22:36 ----A---- C:\Windows\system32\aswBoot.exe
2008-10-13 18:22:28 ----D---- C:\Program Files\Alwil Software
2008-10-13 17:39:24 ----D---- C:\rsit
2008-10-13 17:39:24 ----A---- C:\Ophélie.exe
2008-10-11 22:16:26 ----SHD---- C:\Config.Msi
2008-10-11 08:31:46 ----A---- C:\HiJackThis.exe
2008-10-11 08:28:11 ----D---- C:\ProgramData\ParetoLogic Anti-Spyware
2008-10-10 18:25:30 ----D---- C:\QooBox
2008-10-10 18:25:27 ----A---- C:\Windows\zip.exe
2008-10-10 18:25:27 ----A---- C:\Windows\VFIND.exe
2008-10-10 18:25:27 ----A---- C:\Windows\SWXCACLS.exe
2008-10-10 18:25:27 ----A---- C:\Windows\SWSC.exe
2008-10-10 18:25:27 ----A---- C:\Windows\SWREG.exe
2008-10-10 18:25:27 ----A---- C:\Windows\sed.exe
2008-10-10 18:25:27 ----A---- C:\Windows\NIRCMD.exe
2008-10-10 18:25:27 ----A---- C:\Windows\grep.exe
2008-10-10 18:25:27 ----A---- C:\Windows\fdsv.exe
2008-10-10 18:25:21 ----D---- C:\ComboFix
2008-10-10 18:25:21 ----A---- C:\Windows\system32\CF18827.exe
2008-10-10 18:16:51 ----D---- C:\ProgramData\Downloaded Installations
2008-10-10 00:31:54 ----D---- C:\ProgramData\ParetoLogic Anti-Virus PLUS
2008-10-10 00:31:54 ----D---- C:\ProgramData\ParetoLogic
2008-10-10 00:31:54 ----D---- C:\Program Files\ParetoLogic
2008-10-10 00:31:54 ----D---- C:\Program Files\Common Files\ParetoLogic
2008-10-10 00:12:41 ----D---- C:\SmitfraudFix
2008-10-09 21:59:35 ----A---- C:\Windows\ntbtlog.txt
2008-10-09 19:20:50 ----D---- C:\Program Files\SpyNoMore
2008-10-09 18:57:36 ----D---- C:\Users\Ophélie\AppData\Roaming\Malwarebytes
2008-10-09 18:57:33 ----D---- C:\ProgramData\Malwarebytes
2008-10-09 18:57:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 09:38:33 ----D---- C:\Users\Ophélie\AppData\Roaming\Bitdefender
2008-10-09 09:03:24 ----D---- C:\ProgramData\BitDefender
2008-10-09 09:03:24 ----D---- C:\Program Files\Softwin
2008-10-09 09:02:35 ----D---- C:\Program Files\Common Files\Softwin
2008-10-09 08:58:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-08 23:13:49 ----A---- C:\Windows\system32\ztvunrar36.dll
2008-10-08 23:13:49 ----A---- C:\Windows\system32\ztvunace26.dll
2008-10-08 23:13:49 ----A---- C:\Windows\system32\ztvcabinet.dll
2008-10-08 23:13:49 ----A---- C:\Windows\system32\UNRAR3.dll
2008-10-08 23:13:49 ----A---- C:\Windows\system32\unacev2.dll
2008-10-08 23:13:48 ----D---- C:\Users\Ophélie\AppData\Roaming\Simply Super Software
2008-10-08 23:13:48 ----D---- C:\ProgramData\Simply Super Software
2008-10-08 22:59:36 ----D---- C:\Program Files\Trojan Remover
2008-10-08 22:42:26 ----D---- C:\ProgramData\mlcrirgl
2008-10-08 22:42:18 ----D---- C:\ProgramData\adwfkvwz
2008-10-08 22:42:15 ----D---- C:\ProgramData\EnMnt
2008-10-06 12:46:21 ----A---- C:\Windows\system32\tmp.txt
2008-10-06 12:46:21 ----A---- C:\Users\Ophélie\AppData\Roaming\SetValue.bat
2008-10-06 12:46:21 ----A---- C:\Users\Ophélie\AppData\Roaming\GetValue.vbs
2008-10-06 12:45:57 ----A---- C:\Windows\system32\WS2Fix.exe.vir
2008-10-06 12:45:57 ----A---- C:\Windows\system32\VCCLSID.exe
2008-10-06 12:45:57 ----A---- C:\Windows\system32\VACFix.exe
2008-10-06 12:45:57 ----A---- C:\Windows\system32\o4Patch.exe
2008-10-06 12:45:57 ----A---- C:\Windows\system32\IEDFix.exe
2008-10-06 12:45:57 ----A---- C:\Windows\system32\IEDFix.C.exe
2008-10-06 12:45:57 ----A---- C:\Windows\system32\AntiXPVSTFix.exe
2008-10-06 12:45:57 ----A---- C:\Windows\system32\404Fix.exe
2008-10-06 12:45:56 ----A---- C:\Windows\system32\swsc.exe
2008-10-06 12:45:56 ----A---- C:\Windows\system32\SrchSTS.exe
2008-10-06 12:45:56 ----A---- C:\Windows\system32\Process.exe
2008-10-06 12:45:56 ----A---- C:\Windows\system32\dumphive.exe
2008-10-06 10:29:52 ----D---- C:\Users\Ophélie\AppData\Roaming\Grisoft
2008-10-06 10:27:04 ----D---- C:\ProgramData\Grisoft
2008-10-06 10:27:03 ----D---- C:\Program Files\Grisoft
2008-10-06 09:53:45 ----SHD---- C:\Windows\T3Bo6WxpZQ
2008-10-06 09:53:45 ----A---- C:\Windows\system32\zmyqnazrcw.exe
2008-10-06 09:53:43 ----D---- C:\Windows\system32\tz1
2008-10-06 09:53:43 ----D---- C:\Windows\system32\ci
2008-10-06 09:53:39 ----D---- C:\Windows\system32\EV02
2008-10-06 09:53:39 ----D---- C:\Temp
2008-10-03 10:27:35 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-10-03 10:27:06 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2008-10-03 09:49:21 ----D---- C:\Users\Ophélie\AppData\Roaming\Download Manager
2008-10-01 12:40:18 ----A---- C:\Windows\ODBC.INI
2008-09-30 22:27:18 ----D---- C:\Windows\Minidump
2008-09-28 21:47:56 ----D---- C:\Program Files\AviSynth 2.5
2008-09-28 21:47:56 ----A---- C:\Windows\x2.64.exe
2008-09-28 21:47:56 ----A---- C:\Windows\system32\x.264.exe
2008-09-28 21:47:56 ----A---- C:\Windows\system32\i420vfw.dll
2008-09-28 21:47:56 ----A---- C:\Windows\system32\AVSredirect.dll
2008-09-28 21:47:56 ----A---- C:\Windows\MOTA113.exe
2008-09-28 21:47:56 ----A---- C:\Windows\meta4.exe
2008-09-28 21:47:36 ----D---- C:\Program Files\eRightSoft
2008-09-28 19:29:25 ----A---- C:\Windows\system32\MRT.INI
2008-09-28 10:06:43 ----A---- C:\Windows\system32\unrar.dll
2008-09-28 10:06:43 ----A---- C:\Windows\avisplitter.ini
2008-09-28 10:06:42 ----A---- C:\Windows\system32\yv12vfw.dll
2008-09-28 10:06:42 ----A---- C:\Windows\system32\x264vfw.dll
2008-09-28 10:06:42 ----A---- C:\Windows\system32\vp7vfw.dll
2008-09-28 10:06:42 ----A---- C:\Windows\system32\vp6vfw.dll
2008-09-28 10:06:42 ----A---- C:\Windows\system32\huffyuv.dll
2008-09-28 10:06:41 ----A---- C:\Windows\system32\xvidvfw.dll
2008-09-28 10:06:41 ----A---- C:\Windows\system32\xvidcore.dll
2008-09-28 10:06:41 ----A---- C:\Windows\system32\qt-dx331.dll
2008-09-28 10:06:41 ----A---- C:\Windows\system32\dpl100.dll
2008-09-28 10:06:41 ----A---- C:\Windows\system32\divx.dll
2008-09-28 10:06:40 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-09-28 10:06:40 ----A---- C:\Windows\system32\ff_vfw.dll
2008-09-28 10:06:39 ----D---- C:\Program Files\K-Lite Codec Pack
2008-09-26 13:13:58 ----D---- C:\Program Files\Lavasoft
2008-09-26 13:13:57 ----D---- C:\ProgramData\Lavasoft
2008-09-26 12:53:20 ----D---- C:\Program Files\Guitar Pro 5
2008-09-26 12:51:31 ----D---- C:\Program Files\MagicDisc
2008-09-24 19:07:01 ----D---- C:\Program Files\CCleaner
2008-09-23 09:25:23 ----A---- C:\Windows\system32\wups2.dll
2008-09-23 09:25:23 ----A---- C:\Windows\system32\wucltux.dll
2008-09-23 09:25:23 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-23 09:25:23 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-23 09:25:08 ----A---- C:\Windows\system32\wups.dll
2008-09-23 09:25:08 ----A---- C:\Windows\system32\wudriver.dll
2008-09-23 09:25:08 ----A---- C:\Windows\system32\wuapi.dll
2008-09-23 09:25:01 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-23 09:25:01 ----A---- C:\Windows\system32\wuapp.exe
2008-09-15 00:02:56 ----D---- C:\Program Files\Audio - Video
2008-09-15 00:00:21 ----D---- C:\Program Files\Utilitaires
2008-09-14 18:11:24 ----D---- C:\Program Files\IKEA HomePlanner
2008-09-14 18:10:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 12:45:33 ----D---- C:\ProgramData\FLEXnet

======List of files/folders modified in the last 1 months======

2008-10-13 20:04:55 ----D---- C:\Windows\Temp
2008-10-13 20:04:50 ----D---- C:\Users\Ophélie\AppData\Roaming\uTorrent
2008-10-13 20:01:49 ----D---- C:\Windows\System32
2008-10-13 20:01:49 ----D---- C:\Windows\inf
2008-10-13 20:01:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-13 19:09:34 ----D---- C:\Windows\system32\drivers
2008-10-13 19:04:31 ----D---- C:\Program Files
2008-10-13 18:27:00 ----D---- C:\ProgramData
2008-10-13 18:26:40 ----SHD---- C:\System Volume Information
2008-10-12 18:11:33 ----D---- C:\Windows\system32\catroot2
2008-10-11 22:38:16 ----SHD---- C:\Windows\Installer
2008-10-11 22:19:16 ----D---- C:\Windows\Tasks
2008-10-11 22:19:16 ----D---- C:\Windows\system32\catroot
2008-10-11 22:17:44 ----D---- C:\Windows\system32\Tasks
2008-10-11 22:17:21 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-11 22:17:18 ----D---- C:\Program Files\Electronic Arts
2008-10-11 21:20:16 ----D---- C:\Windows\Prefetch
2008-10-10 18:25:27 ----D---- C:\Windows
2008-10-10 18:25:21 ----D---- C:\Windows\system32\en-US
2008-10-10 18:13:35 ----AD---- C:\ProgramData\TEMP
2008-10-10 00:31:54 ----D---- C:\Program Files\Common Files
2008-10-09 22:39:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-09 11:34:53 ----D---- C:\Program Files\Mozilla Firefox
2008-10-08 22:39:58 ----D---- C:\ProgramData\Microsoft
2008-10-06 12:47:40 ----SD---- C:\Windows\Downloaded Program Files
2008-10-06 12:07:10 ----D---- C:\Users\Ophélie\AppData\Roaming\Adobe
2008-10-06 11:13:58 ----SD---- C:\Users\Ophélie\AppData\Roaming\Microsoft
2008-10-06 10:05:16 ----D---- C:\Windows\Debug
2008-10-06 09:18:25 ----D---- C:\Windows\system32\WDI
2008-10-06 08:53:22 ----D---- C:\Windows\system32\LogFiles
2008-10-03 10:26:24 ----D---- C:\Program Files\Common Files\Adobe
2008-10-03 10:22:23 ----RSD---- C:\Windows\Fonts
2008-10-03 10:19:40 ----D---- C:\ProgramData\Adobe
2008-10-03 08:40:48 ----A---- C:\Windows\win.ini
2008-10-02 11:15:37 ----RSD---- C:\Windows\assembly
2008-10-02 11:14:39 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-01 12:39:11 ----D---- C:\Program Files\Common Files\System
2008-10-01 12:39:05 ----D---- C:\Program Files\Microsoft Office
2008-10-01 08:26:19 ----D---- C:\Windows\system32\config
2008-10-01 08:26:15 ----D---- C:\Windows\system32\spool
2008-10-01 08:26:15 ----D---- C:\Windows\system32\Msdtc
2008-10-01 08:26:15 ----D---- C:\Windows\system32\CodeIntegrity
2008-10-01 08:26:15 ----D---- C:\Users\Ophélie\AppData\Roaming\Winamp
2008-10-01 08:26:14 ----D---- C:\Windows\system32\wbem
2008-10-01 08:26:14 ----D---- C:\Windows\registration
2008-09-28 10:05:00 ----D---- C:\Program Files\VistaCodecPack
2008-09-23 15:11:32 ----D---- C:\Windows\rescache
2008-09-23 14:55:41 ----D---- C:\Windows\system32\fr-FR
2008-09-23 09:46:02 ----D---- C:\Windows\winsxs
2008-09-14 11:45:30 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [2007-05-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\Windows\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-23 180736]
R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-08-29 81448]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-08-29 99880]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-05-17 28464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-08-29 17448]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-09 2044896]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-01-09 2554368]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-27 6144]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-09-09 47360]
R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-08-07 51712]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 aim7o8l3;aim7o8l3; C:\Windows\system32\drivers\aim7o8l3.sys []
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/sans fil 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys [2006-08-19 13568]
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys [2006-12-06 35328]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WisINT15;WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-26 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 bdss;BitDefender Scan Server; C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe [2006-12-20 81920]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-01-03 506416]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe [2008-10-09 278528]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2007-10-23 466944]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe [2006-11-09 86016]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-03 651720]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

Répondre à Eilehpo

Eilehpo, le 13 oct 2008 à 21:05:08

Info.txt:

info.txt logfile of random's system information tool 1.04 2008-10-13 17:39:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitDefender Free Edition v10-->MsiExec.exe /I{CEFC581D-BEAE-4F75-989E-BD931970D8AD}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall
IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 4.1.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 8 Ultra Edition HD-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Orion-->MsiExec.exe /X{0BF78E88-A7C9-4406-89CF-0BA473BA7821}
ParetoLogic Anti-Spyware-->C:\Program Files\ParetoLogic\Anti-Spyware\uninstall.exe
PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
RON Tool Innbanner-->C:\Windows\system32\zmyqnazrcw.exe
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyNoMore 2.67-->C:\Program Files\SpyNoMore\uninst.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trojan Remover 6.7.3-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Video Convert Master 8.0.5.24-->"C:\Program Files\Video Convert Master\unins000.exe"
WIDCOMM Bluetooth Software 6.1.0.2000-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRar\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Bitdefender Antivirus
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: AVG Anti-Spyware (disabled) (outdated)
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Acer\Empowering Technology\eDataSecurity;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

Répondre à Eilehpo

Destrio5, le 13 oct 2008 à 22:21:49

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt

Répondre à Destrio5

Eilehpo, le 13 oct 2008 à 23:28:46

Voici le rapport ComboFix :

ComboFix 08-10-12.01 - Ophélie 2008-10-13 23:13:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1759 [GMT 2:00]
Lancé depuis: C:\Users\Ophélie\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Users\Ophélie\AppData\Roaming\Adobe\crc.dat
C:\Windows\system32\MSINET.oca

----- BITS: Il y a peut-être des sites infectés -----

hxxp://lovelypornovideo.net
hxxp://pornotube30.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.

2008-10-13 23:12 . 2008-10-13 23:12 <REP> d-------- C:\32788R22FWJFW
2008-10-13 18:22 . 2008-10-13 18:22 <REP> d-------- C:\Program Files\Alwil Software
2008-10-13 18:22 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-13 17:39 . 2008-10-13 17:39 <REP> d-------- C:\rsit
2008-10-13 17:39 . 2008-10-11 08:31 401,720 --a------ C:\Ophélie.exe
2008-10-11 08:31 . 2008-10-11 08:31 401,720 --a------ C:\HiJackThis.exe
2008-10-11 08:28 . 2008-10-11 08:28 <REP> d-------- C:\Users\All Users\ParetoLogic Anti-Spyware
2008-10-11 08:28 . 2008-10-11 08:28 <REP> d-------- C:\ProgramData\ParetoLogic Anti-Spyware
2008-10-10 18:16 . 2008-10-10 18:16 <REP> d-------- C:\Users\All Users\Downloaded Installations
2008-10-10 18:16 . 2008-10-10 18:16 <REP> d-------- C:\ProgramData\Downloaded Installations
2008-10-10 00:35 . 2008-10-11 22:23 3,044,640 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-10-10 00:35 . 2008-10-11 22:23 43,940 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-10-10 00:31 . 2008-10-10 00:31 <REP> d-------- C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2008-10-10 00:31 . 2008-10-11 22:38 <REP> d-------- C:\Users\All Users\ParetoLogic
2008-10-10 00:31 . 2008-10-10 00:31 <REP> d-------- C:\ProgramData\ParetoLogic Anti-Virus PLUS
2008-10-10 00:31 . 2008-10-11 22:38 <REP> d-------- C:\ProgramData\ParetoLogic
2008-10-10 00:31 . 2008-10-11 22:38 <REP> d-------- C:\Program Files\ParetoLogic
2008-10-10 00:31 . 2008-10-11 22:38 <REP> d-------- C:\Program Files\Common Files\ParetoLogic
2008-10-10 00:12 . 2008-10-10 00:14 <REP> d-------- C:\SmitfraudFix
2008-10-09 19:20 . 2008-10-09 22:30 <REP> d-------- C:\Program Files\SpyNoMore
2008-10-09 19:20 . 2008-10-09 19:20 1,152 --a------ C:\Windows\System32\windrv.sys
2008-10-09 18:57 . 2008-10-09 18:57 <REP> d-------- C:\Users\Ophélie\AppData\Roaming\Malwarebytes
2008-10-09 18:57 . 2008-10-09 18:57 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-09 18:57 . 2008-10-09 18:57 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-09 18:57 . 2008-10-10 10:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 18:57 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-09 18:57 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-09 09:38 . 2008-10-09 09:38 <REP> d-------- C:\Users\Ophélie\AppData\Roaming\Bitdefender
2008-10-09 09:07 . 2008-10-13 23:14 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-09 09:03 . 2008-10-09 09:04 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-09 09:03 . 2008-10-09 09:04 <REP> d-------- C:\ProgramData\BitDefender
2008-10-09 09:03 . 2008-10-09 09:03 <REP> d-------- C:\Program Files\Softwin
2008-10-09 09:02 . 2008-10-09 09:03 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-09 08:58 . 2008-10-09 08:58 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-08 23:13 . 2008-10-08 23:13 <REP> d-------- C:\Users\Ophélie\AppData\Roaming\Simply Super Software
2008-10-08 23:13 . 2008-10-08 23:13 <REP> d-------- C:\Users\All Users\Simply Super Software
2008-10-08 23:13 . 2008-10-08 23:13 <REP> d-------- C:\ProgramData\Simply Super Software
2008-10-08 23:13 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-10-08 23:13 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-10-08 23:13 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-10-08 23:13 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-10-08 23:13 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-10-08 22:59 . 2008-10-08 23:15 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-08 22:42 . 2008-10-08 22:42 <REP> d-------- C:\Users\All Users\mlcrirgl
2008-10-08 22:42 . 2008-10-13 18:41 <REP> d-------- C:\Users\All Users\EnMnt
2008-10-08 22:42 . 2008-10-08 22:42 <REP> d-------- C:\Users\All Users\adwfkvwz
2008-10-08 22:42 . 2008-10-08 22:42 <REP> d-------- C:\ProgramData\mlcrirgl
2008-10-08 22:42 . 2008-10-13 18:41 <REP> d-------- C:\ProgramData\EnMnt
2008-10-08 22:42 . 2008-10-08 22:42 <REP> d-------- C:\ProgramData\adwfkvwz
2008-10-06 12:46 . 2008-10-10 00:12 5,544 --a------ C:\Windows\System32\tmp.reg
2008-10-06 12:46 . 2008-10-06 12:46 691 --a------ C:\Users\Ophélie\AppData\Roaming\GetValue.vbs
2008-10-06 12:46 . 2008-10-06 12:46 35 --a------ C:\Users\Ophélie\AppData\Roaming\SetValue.bat
2008-10-06 10:29 . 2008-10-06 10:29 <REP> d-------- C:\Users\Ophélie\AppData\Roaming\Grisoft
2008-10-06 10:27 . 2008-10-06 10:27 <REP> d-------- C:\Users\All Users\Grisoft
2008-10-06 10:27 . 2008-10-06 10:27 <REP> d-------- C:\ProgramData\Grisoft
2008-10-06 10:27 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-10-06 09:53 . 2008-10-06 10:23 <REP> d--hs---- C:\Windows\T3Bo6WxpZQ
2008-10-06 09:53 . 2008-10-09 11:35 <REP> d-------- C:\Windows\System32\tz1
2008-10-06 09:53 . 2008-10-09 09:14 <REP> d-------- C:\Windows\System32\EV02
2008-10-06 09:53 . 2008-10-06 09:54 <REP> d-------- C:\Windows\System32\ci
2008-10-06 09:53 . 2008-10-06 09:53 <REP> d-------- C:\Temp\xp34
2008-10-06 09:53 . 2008-10-13 23:13 <REP> d-------- C:\Temp
2008-10-06 09:53 . 2008-10-06 09:53 79,080 --a------ C:\Windows\System32\zmyqnazrcw.exe
2008-10-03 10:27 . 2008-10-03 10:27 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-03 10:27 . 2008-04-07 05:38 22,872 -ra------ C:\Windows\System32\AdobePDFUI.dll
2008-10-03 09:49 . 2008-10-09 19:20 <REP> d-------- C:\Users\Ophélie\AppData\Roaming\Download Manager
2008-10-01 12:40 . 2008-10-01 12:40 382 --a------ C:\Windows\ODBC.INI
2008-09-28 21:47 . 2008-09-28 21:47 <REP> d-------- C:\Program Files\eRightSoft
2008-09-28 21:47 . 2008-09-28 21:47 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-09-28 19:31 . 2008-09-28 19:31 <REP> d-------- C:\Users\Ophélie\Bluetooth Software
2008-09-28 19:31 . 2008-09-28 19:31 <REP> d-------- C:\Users\Ophélie\Bluetooth Software
2008-09-28 19:29 . 2008-09-28 19:29 118 --a------ C:\Windows\System32\MRT.INI
2008-09-28 10:06 . 2008-09-28 10:06 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-26 13:13 . 2008-09-26 13:16 <REP> d-------- C:\Users\All Users\Lavasoft
2008-09-26 13:13 . 2008-09-26 13:16 <REP> d-------- C:\ProgramData\Lavasoft
2008-09-26 13:13 . 2008-09-26 13:13 <REP> d-------- C:\Program Files\Lavasoft
2008-09-26 12:53 . 2008-09-26 12:53 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-09-26 12:51 . 2008-09-26 12:52 <REP> d-------- C:\Program Files\MagicDisc
2008-09-26 12:51 . 2008-07-28 17:19 116,736 --a------ C:\Windows\System32\drivers\mcdbus.sys
2008-09-24 19:07 . 2008-09-24 19:07 <REP> d-------- C:\Program Files\CCleaner
2008-09-23 09:25 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-23 09:25 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-23 09:25 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-23 09:25 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-23 09:25 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-23 09:25 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-23 09:25 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-23 09:25 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-23 09:25 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-15 00:02 . 2008-09-15 00:03 <REP> d-------- C:\Program Files\Audio - Video
2008-09-15 00:00 . 2008-09-15 00:00 <REP> d-------- C:\Program Files\Utilitaires
2008-09-14 18:11 . 2008-09-14 18:11 <REP> d-------- C:\Program Files\IKEA HomePlanner
2008-09-14 18:10 . 2008-09-26 13:13 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 12:45 . 2008-10-01 08:26 <REP> d-------- C:\Users\All Users\FLEXnet
2008-09-14 12:45 . 2008-10-01 08:26 <REP> d-------- C:\ProgramData\FLEXnet
2008-09-13 21:25 . 2008-09-28 10:05 <REP> d-------- C:\Program Files\VistaCodecPack
2008-09-13 21:23 . 2008-09-13 21:23 <REP> d-------- C:\Users\All Users\VistaCodecs
2008-09-13 21:23 . 2008-09-13 21:23 <REP> d-------- C:\ProgramData\VistaCodecs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 21:18 4,718,592 --sha-w C:\Users\Ophélie\ntuser.dat
2008-10-13 21:18 4,718,592 --sha-w C:\Users\Ophélie\ntuser.dat
2008-10-13 21:14 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Adobe
2008-10-13 20:45 --------- d-----w C:\Users\Ophélie\AppData\Roaming\uTorrent
2008-10-11 20:17 1,890 ----a-w C:\Windows\System32\ealregsnapshot1.reg
2008-10-11 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 20:17 --------- d-----w C:\Program Files\Electronic Arts
2008-10-11 06:31 401,720 ----a-w C:\Ophélie.exe
2008-10-10 16:13 --------- d---a-w C:\ProgramData\TEMP
2008-10-09 20:39 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-09 17:20 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Download Manager
2008-10-09 16:57 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Malwarebytes
2008-10-09 07:38 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Bitdefender
2008-10-08 21:13 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Simply Super Software
2008-10-06 10:46 691 ----a-w C:\Users\Ophélie\AppData\Roaming\GetValue.vbs
2008-10-06 10:46 35 ----a-w C:\Users\Ophélie\AppData\Roaming\SetValue.bat
2008-10-06 09:13 --------- d-s---w C:\Users\Ophélie\AppData\Roaming\Microsoft
2008-10-06 08:29 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Grisoft
2008-10-03 08:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-01 13:51 87,552 ----a-w C:\Windows\System32\VACFix.exe
2008-10-01 06:26 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Winamp
2008-09-19 10:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 10:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-12 08:15 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Apple Computer
2008-09-12 08:14 --------- d-----w C:\ProgramData\Apple Computer
2008-09-12 08:14 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 08:14 --------- d-----w C:\Program Files\iTunes
2008-09-12 08:13 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Real
2008-09-12 08:13 --------- d-----w C:\Program Files\QuickTime
2008-09-12 08:13 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-12 08:12 --------- d-----w C:\ProgramData\Apple
2008-09-12 08:10 --------- d-----w C:\Program Files\Real
2008-09-12 08:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-12 08:10 --------- d-----w C:\Program Files\Common Files\Real
2008-09-12 08:08 --------- d-----w C:\Program Files\Java
2008-09-12 08:06 --------- d-----w C:\Program Files\Common Files\Java
2008-09-11 18:13 --------- d-----w C:\Users\Ophélie\AppData\Roaming\SPORE
2008-09-11 17:45 --------- d-----w C:\ProgramData\LightScribe
2008-09-11 17:38 --------- d-----w C:\ProgramData\Electronic Arts
2008-09-11 05:30 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-09-11 05:28 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-09-11 05:27 --------- d-----w C:\Users\Ophélie\AppData\Roaming\DAEMON Tools
2008-09-09 21:38 --------- d-----w C:\Program Files\Acer GameZone
2008-09-09 20:25 --------- d-----w C:\Program Files\Winamp
2008-09-09 20:17 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Nero
2008-09-09 20:17 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-09 20:16 --------- d-----w C:\ProgramData\Nero
2008-09-09 20:16 --------- d-----w C:\Program Files\Nero
2008-09-09 18:03 --------- d-----w C:\Users\Ophélie\AppData\Roaming\CyberLink
2008-09-09 18:00 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-09 17:55 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 17:49 --------- d-----w C:\Program Files\Video Convert Master
2008-09-09 17:48 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Vso
2008-09-09 17:47 81,920 ----a-w C:\Users\Ophélie\AppData\Roaming\ezpinst.exe
2008-09-09 17:47 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-09-09 17:47 47,360 ----a-w C:\Users\Ophélie\AppData\Roaming\pcouffin.sys
2008-09-09 16:34 --------- d-----w C:\Users\Ophélie\AppData\Roaming\WinRAR
2008-09-09 11:48 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-09 11:44 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-09 11:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-09 11:29 --------- d-----w C:\Program Files\Windows Live
2008-09-09 11:25 --------- d-----w C:\ProgramData\WLInstaller
2008-09-09 11:21 --------- d-----w C:\Program Files\uTorrent
2008-09-09 10:42 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Mozilla
2008-09-09 07:44 --------- d-----w C:\ProgramData\McAfee
2008-09-09 07:42 --------- d-----w C:\ProgramData\SiteAdvisor
2008-09-09 07:28 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Identities
2008-09-09 07:27 --------- d-----w C:\Users\Ophélie\AppData\Roaming\Macromedia
2008-09-09 07:27 --------- d-----w C:\Program Files\Acer
2008-09-09 07:24 --------- d-sh--w C:\ProgramData\Modèles
2008-09-09 07:24 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-09-09 07:24 --------- d-sh--w C:\ProgramData\Favoris
2008-09-09 07:24 --------- d-sh--w C:\ProgramData\Bureau
2008-09-09 07:24 --------- d-sh--w C:\Program Files\Fichiers communs
2008-09-08 21:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-08-18 10:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-16 18:51 2,041,363 ----a-w C:\Windows\System32\x264vfw.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 02:00 39472 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"ParetoLogic Anti-Spyware"="C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2006-10-11 2613248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 137752]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-01-08 842248]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-10-05 967048]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [2007-04-02 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 C:\Windows\RtHDVCpl.exe]

C:\Users\Oph‚lie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-28 739880]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-27 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2006-10-11 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6142F206-1869-45B6-B7A7-A193709123BF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{ADA7CF22-6C16-4A79-8094-D1013029FB69}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{79B3B07D-AC20-4AFE-86B1-3C47E3108258}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15E569B6-6EE9-455B-926D-68A59C9B8BE3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{09EB2569-6B1B-44E9-99D3-115913B1F260}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{3E38C4A3-2E69-4D99-B5FC-EE570EB03C07}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{393380AB-67C4-446B-9566-A2C45B0F245A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{4B52C0C3-2E70-430A-8E86-0D2AF0DA788E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{75212C3C-2CD7-42E2-89E3-F5E501839157}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-08-29 81448]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-08-29 99880]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-05-17 28464]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-08-29 17448]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-08-07 51712]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-23 180736]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dca9701-7e43-11dd-bf37-a8f5d7a3558f}]
\shell\Auto\command - H:\Start.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e71b93ef-4592-11dd-84c2-806e6f6e6963}]
\shell\AutoRun\command - E:\Office2003.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'

2008-10-11 C:\Windows\Tasks\ParetoLogic Anti-Spyware.job
- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2006-10-11 19:05]

2008-10-13 C:\Windows\Tasks\ParetoLogic Registration.job
- C:\Windows\system32\rundll32.exe [2006-11-02 11:45]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-EnMnt - C:\ProgramData\EnMnt\bivutyxe.exe
HKLM-Run-zmosdizlutpif - C:\Windows\system32\cfagzuonlxmmuaso.dll
HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-TkBellExe - realsched.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Ophélie\AppData\Roaming\Mozilla\Firefox\Profiles\5vxi6rx3.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 23:18:19
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-13 23:19:21
ComboFix-quarantined-files.txt 2008-10-13 21:19:09

Avant-CF: 104,372,785,152 octets libres
Après-CF: 104,043,745,280 octets libres

331 --- E O F --- 2008-10-11 06:30:09

Répondre à Eilehpo

Eilehpo, le 14 oct 2008 à 19:47:19

Bonne nouvelle !
Je n'ai plus de messages de Windows :)
Je pense que ça à marché !

Merci bcp pour votre aide !

Répondre à Eilehpo

sherred, le 15 oct 2008 à 07:11:33

Tu a desinstallé antivir au profi d'avast ?
ce n'est pas une bonne idée toutes règles absolues est vrai , jusqu'à son contraire ...(sherred)

Répondre à sherred

Destrio5, le 14 oct 2008 à 20:46:49

Tu as encore des infections.

Vire SpyNoMore.

Répondre à Destrio5

Posez votre question Répondre