Aller au contenu

Fracoutu

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    40

  • Inscription

  • Dernière visite

Tout ce qui a été posté par Fracoutu

  1. Fracoutu
    Pas de problème. Ce bouton n'existe que si on se connecte avec identifiant AVANT de lire. Si on fait les choses dans le désordre, c'est pas évident de le trouver. Merci en tout cas !
  2. Fracoutu
  3. Fracoutu
    Merci ! Tout d'abord, toutes mes excuses, je ne suis pas sûr d'avoir trouvé le bon bouton pour une réponse rapide.... En tout cas, voici les deux rapports , successivement celui edité après "recherche" , puis après "supression" : recherche : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T5750 @ 2.00GHz ) BIOS : Ver 1.00PARTTBL6 USER : Acer ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:111 Go (Free:32 Go) D:\ (Local Disk) - NTFS - Total:104 Go (Free:104 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 12/12/2009|21:24 ) [ UAC => 1 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll C:\Program Files\Search Settings C:\Program Files\Search Settings\kb128 C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Search Settings\kb128\res C:\Program Files\Search Settings\kb128\SearchSettings.dll C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll C:\Program Files\Search Settings\kb128\temp -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"'>http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://fr.fr.acer.yahoo.com" "Default_Page_URL"="http://fr.fr.acer.yahoo.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\Windows\\System32\\blank.htm" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 12/12/2009|21:25 - Option : [1] -----------\\ Fin du rapport a 21:25:27,72 supression : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T5750 @ 2.00GHz ) BIOS : Ver 1.00PARTTBL6 USER : Acer ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:111 Go (Free:32 Go) D:\ (Local Disk) - NTFS - Total:104 Go (Free:104 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 12/12/2009|21:27 ) [ UAC => 1 ] -----------\\ SUPPRESSION Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com Supprime! - C:\Program Files\Search Settings\kb128 Supprime! - C:\Program Files\Search Settings\SearchSettings.exe Supprime! - C:\Program Files\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://fr.fr.acer.yahoo.com" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Default_Page_URL"="http://fr.fr.acer.yahoo.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\Windows\\System32\\blank.htm" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 12/12/2009|21:25 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 12/12/2009|21:29 - Option : [2] merci encore ! fracoutu
  4. Fracoutu
  5. Fracoutu
    Bonjour, Je suis "passé" à sfr, (fournisseur d'accès) sans qu'on me demande mon avis, quand club-internet, comme tant d'autres, a été avalé par sfr. J'ai donc "hérité" de la neufbox. A une boutique de sfr, on m'a expliqué que les neufbox fonctionnaient en réseau par wifi et que c'était dans l'intérêt de tout le monde (trafic plus facile, etc), mais qu'on pouvait débrayer la wifi. Je n'ai pas une idée claire de ce qui est "commun" en cas de fonctionnement par réseau wifi. Je n'aime pas l'idée qu'on puisse utiliser mon ordi en piratant ce réseau. J'ai donc désactivé la wifi sur ma neufbox, en allant sur son adresse IP. Je pense avoir désactivé la wifi, également sur mon ordi, en appuyant sur une touche , qui indique "wireless LAN désactivé , ou activé : est ce bien cela? Un vendeur, dans un grand magasin, m'a affirmé qu'il était impossible de désactiver vraiment la wifi. Qu'en est il? Depuis quelque temps, mon ordi me signale quelque chose dans le genre "12 connexions en même temps sur le réseau", et me prévient qu'il va agir, (?) et en même temps, j'ai des pbs de désactivation d'antivirus...que je suis en train de traiter d'ailleurs. Je ne sais pas si les deux choses sont liées, mais si vous pouviez éclairer ma lanterne en matière de réseau wifi , partagé volontairement ou pas, j'en serais ravi ! fracoutu
  6. Fracoutu
    Merci ! J'ai fait plusieurs choses : J'ai "réparé" kaspersky" comme tu me l'indiquais. Je précise que lorsqu'on m'a demandé s'il fallait remplacer des fichiers "nouveaux" par des plus anciens, j'ai pensé aux bases de virus et je lui ai répondu non... Ensuite, j'ai fait RSIT et voici le log, puis le fichier info, et enfin une analyse kaspersky : log : Logfile of random's system information tool 1.06 (written by random/random) Run by Acer at 2009-12-11 18:35:15 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 34 GB (29%) free of 114 GB Total RAM: 3070 MB (53% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:35:18, on 11/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\PLFSetI.exe C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe C:\Users\Acer\Desktop\RSIT.exe C:\Program Files\trend micro\Acer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .mxl: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .mya: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 9898 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-04 312880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-07-29 1153024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-04 1037608] "eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896] "eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-03 178712] "ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2009-07-31 3673600] "PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704] "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-04-28 809480] "eRecoveryService"= [] "ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-05-09 397312] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-08-04 208616] "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488] "SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2009-07-29 1024512] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-07-31 3130368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-12-11 18:07:57 ----D---- C:\Program Files\trend micro 2009-12-11 18:07:56 ----D---- C:\rsit 2009-12-11 17:54:09 ----SHD---- C:\Config.Msi 2009-12-11 12:59:56 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-11 12:59:53 ----A---- C:\Windows\system32\httpapi.dll 2009-12-10 19:02:28 ----A---- C:\Windows\system32\winhttp.dll 2009-12-10 19:02:23 ----A---- C:\Windows\system32\mshtml.dll 2009-12-10 19:02:21 ----A---- C:\Windows\system32\ieframe.dll 2009-12-10 19:02:19 ----A---- C:\Windows\system32\wininet.dll 2009-12-10 19:02:19 ----A---- C:\Windows\system32\urlmon.dll 2009-12-10 19:02:19 ----A---- C:\Windows\system32\occache.dll 2009-12-10 19:02:19 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-10 19:02:19 ----A---- C:\Windows\system32\iertutil.dll 2009-12-10 19:02:19 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-10 19:02:18 ----A---- C:\Windows\system32\msfeedssync.exe 2009-12-10 19:02:18 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-12-10 19:02:18 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-10 19:02:18 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-10 19:02:18 ----A---- C:\Windows\system32\ieui.dll 2009-12-10 19:02:18 ----A---- C:\Windows\system32\iesysprep.dll 2009-12-10 19:02:18 ----A---- C:\Windows\system32\iesetup.dll 2009-12-10 19:02:18 ----A---- C:\Windows\system32\iernonce.dll 2009-12-10 19:02:18 ----A---- C:\Windows\system32\iepeers.dll 2009-12-10 19:02:18 ----A---- C:\Windows\system32\ie4uinit.exe 2009-12-10 19:01:51 ----A---- C:\Windows\system32\rastls.dll 2009-11-25 23:28:07 ----A---- C:\Windows\system32\tzres.dll 2009-11-25 22:19:54 ----A---- C:\Windows\system32\msxml6.dll 2009-11-25 22:19:54 ----A---- C:\Windows\system32\msxml3.dll 2009-11-17 20:29:41 ----D---- C:\Program Files\Windows Portable Devices 2009-11-17 18:19:08 ----A---- C:\Windows\system32\UIRibbonRes.dll 2009-11-17 18:19:08 ----A---- C:\Windows\system32\UIAnimation.dll 2009-11-17 18:19:07 ----A---- C:\Windows\system32\UIRibbon.dll 2009-11-17 18:18:43 ----A---- C:\Windows\system32\WMPhoto.dll 2009-11-17 18:18:42 ----A---- C:\Windows\system32\cdd.dll 2009-11-17 18:18:40 ----A---- C:\Windows\system32\XpsRasterService.dll 2009-11-17 18:18:40 ----A---- C:\Windows\system32\XpsGdiConverter.dll 2009-11-17 18:18:40 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2009-11-17 18:18:40 ----A---- C:\Windows\system32\WindowsCodecs.dll 2009-11-17 18:18:40 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-11-17 18:18:40 ----A---- C:\Windows\system32\dxdiagn.dll 2009-11-17 18:18:40 ----A---- C:\Windows\system32\d3d10warp.dll 2009-11-17 18:18:40 ----A---- C:\Windows\system32\d2d1.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\xpsservices.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\XpsPrint.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-11-17 18:18:39 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\OpcServices.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\FntCache.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\dxdiag.exe 2009-11-17 18:18:39 ----A---- C:\Windows\system32\DWrite.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\d3d10level9.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\d3d10core.dll 2009-11-17 18:18:39 ----A---- C:\Windows\system32\d3d10_1core.dll 2009-11-17 18:18:38 ----A---- C:\Windows\system32\dxgi.dll 2009-11-17 18:18:38 ----A---- C:\Windows\system32\d3d11.dll 2009-11-17 18:18:38 ----A---- C:\Windows\system32\d3d10_1.dll 2009-11-17 18:18:38 ----A---- C:\Windows\system32\d3d10.dll 2009-11-17 18:18:13 ----A---- C:\Windows\system32\WPDShextAutoplay.exe 2009-11-17 18:18:12 ----A---- C:\Windows\system32\wpdbusenum.dll 2009-11-17 18:18:12 ----A---- C:\Windows\system32\BthMtpContextHandler.dll 2009-11-17 18:18:08 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll 2009-11-17 18:18:02 ----A---- C:\Windows\system32\WPDSp.dll 2009-11-17 18:18:02 ----A---- C:\Windows\system32\WPDShServiceObj.dll 2009-11-17 18:18:02 ----A---- C:\Windows\system32\wpdshext.dll 2009-11-17 18:18:02 ----A---- C:\Windows\system32\wpd_ci.dll 2009-11-17 18:18:02 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll 2009-11-17 18:18:02 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2009-11-17 18:18:02 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2009-11-17 18:18:02 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2009-11-17 18:16:53 ----A---- C:\Windows\system32\UIAutomationCore.dll 2009-11-17 18:16:53 ----A---- C:\Windows\system32\oleaccrc.dll 2009-11-17 18:16:53 ----A---- C:\Windows\system32\oleacc.dll 2009-11-13 11:47:11 ----A---- C:\Windows\system32\wups2.dll 2009-11-13 11:47:11 ----A---- C:\Windows\system32\wuauclt.exe 2009-11-13 11:47:10 ----A---- C:\Windows\system32\wucltux.dll 2009-11-13 11:47:10 ----A---- C:\Windows\system32\wuaueng.dll 2009-11-13 11:46:50 ----A---- C:\Windows\system32\wups.dll 2009-11-13 11:46:50 ----A---- C:\Windows\system32\wudriver.dll 2009-11-13 11:46:50 ----A---- C:\Windows\system32\wuapi.dll 2009-11-13 11:46:44 ----A---- C:\Windows\system32\wuwebv.dll 2009-11-13 11:46:44 ----A---- C:\Windows\system32\wuapp.exe ======List of files/folders modified in the last 1 months====== 2009-12-11 18:35:17 ----D---- C:\Windows\Temp 2009-12-11 18:07:57 ----RD---- C:\Program Files 2009-12-11 18:07:27 ----D---- C:\Windows\System32 2009-12-11 18:07:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-11 18:07:26 ----D---- C:\Windows\inf 2009-12-11 18:03:15 ----D---- C:\Windows 2009-12-11 18:02:55 ----D---- C:\ProgramData\Kaspersky Lab 2009-12-11 18:01:35 ----D---- C:\Windows\system32\catroot 2009-12-11 17:57:45 ----SHD---- C:\Windows\Installer 2009-12-11 17:57:38 ----D---- C:\Windows\system32\drivers 2009-12-11 17:57:06 ----SHD---- C:\System Volume Information 2009-12-11 13:00:47 ----D---- C:\Windows\winsxs 2009-12-11 13:00:33 ----D---- C:\Windows\system32\catroot2 2009-12-10 19:45:39 ----D---- C:\Windows\rescache 2009-12-10 19:23:39 ----D---- C:\Windows\system32\migration 2009-12-10 19:23:39 ----D---- C:\Program Files\Internet Explorer 2009-12-10 19:23:38 ----D---- C:\Windows\system32\fr-FR 2009-12-10 19:14:36 ----D---- C:\ProgramData\Microsoft Help 2009-12-10 19:13:33 ----D---- C:\Program Files\Windows Mail 2009-12-06 14:03:58 ----D---- C:\Windows\Logs 2009-12-04 11:37:12 ----D---- C:\ProgramData\CanonIJPLM 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe 2009-11-19 21:28:14 ----D---- C:\Users\Acer\AppData\Roaming\DivX 2009-11-17 20:31:57 ----D---- C:\Windows\system32\Tasks 2009-11-17 20:29:41 ----D---- C:\Windows\system32\wbem 2009-11-17 20:29:38 ----D---- C:\Windows\system32\pt-PT 2009-11-17 20:29:38 ----D---- C:\Windows\system32\pt-BR 2009-11-17 20:29:38 ----D---- C:\Windows\system32\pl-PL 2009-11-17 20:29:38 ----D---- C:\Windows\system32\it-IT 2009-11-17 20:29:38 ----D---- C:\Windows\system32\he-IL 2009-11-17 20:29:38 ----D---- C:\Windows\system32\bg-BG 2009-11-17 20:29:37 ----D---- C:\Windows\system32\uk-UA 2009-11-17 20:29:37 ----D---- C:\Windows\system32\ko-KR 2009-11-17 20:29:37 ----D---- C:\Windows\system32\hu-HU 2009-11-17 20:29:37 ----D---- C:\Windows\system32\hr-HR 2009-11-17 20:29:36 ----D---- C:\Windows\system32\zh-TW 2009-11-17 20:29:36 ----D---- C:\Windows\system32\zh-HK 2009-11-17 20:29:36 ----D---- C:\Windows\system32\zh-CN 2009-11-17 20:29:36 ----D---- C:\Windows\system32\tr-TR 2009-11-17 20:29:36 ----D---- C:\Windows\system32\th-TH 2009-11-17 20:29:36 ----D---- C:\Windows\system32\sv-SE 2009-11-17 20:29:36 ----D---- C:\Windows\system32\sr-Latn-CS 2009-11-17 20:29:36 ----D---- C:\Windows\system32\sl-SI 2009-11-17 20:29:36 ----D---- C:\Windows\system32\sk-SK 2009-11-17 20:29:36 ----D---- C:\Windows\system32\nl-NL 2009-11-17 20:29:36 ----D---- C:\Windows\system32\lv-LV 2009-11-17 20:29:36 ----D---- C:\Windows\system32\lt-LT 2009-11-17 20:29:36 ----D---- C:\Windows\system32\fi-FI 2009-11-17 20:29:36 ----D---- C:\Windows\system32\et-EE 2009-11-17 20:29:36 ----D---- C:\Windows\system32\es-ES 2009-11-17 20:29:36 ----D---- C:\Windows\system32\el-GR 2009-11-17 20:29:36 ----D---- C:\Windows\system32\de-DE 2009-11-17 20:29:36 ----D---- C:\Windows\system32\cs-CZ 2009-11-17 20:29:35 ----D---- C:\Windows\system32\ru-RU 2009-11-17 20:29:35 ----D---- C:\Windows\system32\ro-RO 2009-11-17 20:29:35 ----D---- C:\Windows\system32\nb-NO 2009-11-17 20:29:35 ----D---- C:\Windows\system32\ja-JP 2009-11-17 20:29:35 ----D---- C:\Windows\system32\en-US 2009-11-17 20:29:35 ----D---- C:\Windows\system32\da-DK 2009-11-17 20:29:35 ----D---- C:\Windows\system32\ar-SA ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112] R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-08-04 239120] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-02 61424] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392] R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944] R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-08 3552256] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080] R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 54784] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-03-11 48128] R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-01-08 2554368] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-04 196784] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-04-27 40752] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BthPort;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904] S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696] S3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664] S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240] S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-04-05 19712] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [] S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-04-05 18304] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-08 671744] R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-08-04 208616] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784] R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-03 358936] R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2009-07-31 3488768] R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024] R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-04-27 599344] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- fichier info : info.txt logfile of random's system information tool 1.06 2009-12-11 18:08:24 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall Acer Bio Protection AAV 6.0.00.13-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe" Acer Crystal Eye Webcam 2.0.5-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x040c -removeonly Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x040c -removeonly Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x040c -removeonly Acer GameZone Console 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe" Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x40c -removeonly Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001} Agere Systems HDA Modem-->agrsmdel Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini Canon MP240 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series /L0x000c Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini Catalyst Control Center - Branding-->MsiExec.exe /I{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Enregistrement utilisateur de Canon MP240 series-->C:\Program Files\Canon\IJEREG\MP240 series\UNINST.EXE eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x040c Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall ITECIR Driver-->C:\Program Files\InstallShield Installation Information\{FCED9B62-34FF-4C15-8A23-F65221F7874D}\setup.exe -runfromtemp -l0x040c -removeonly JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x40c -removeonly Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log" Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log" Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c Outils Club Internet-->"C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe" PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Search Settings 1.2.2-->MsiExec.exe /X{0B1AAC97-8563-41D9-AE47-58E6A222F0E1} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Validity Sensors software-->MsiExec.exe /X{567E8236-C414-4888-8211-3D61608D57AE} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} WIDCOMM Bluetooth Software 6.0.1.5000-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: PC-de-Acer Event Code: 4374 Message: Windows Servicing a déterminé que ce package KB970653(Update) n’est pas applicable à ce système. Record Number: 28655 Source Name: Microsoft-Windows-Servicing Time Written: 20090831093942.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Acer Event Code: 4374 Message: Windows Servicing a déterminé que ce package KB970653(Update) n’est pas applicable à ce système. Record Number: 28654 Source Name: Microsoft-Windows-Servicing Time Written: 20090831093942.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Acer Event Code: 4374 Message: Windows Servicing a déterminé que ce package KB970653(Update) n’est pas applicable à ce système. Record Number: 28653 Source Name: Microsoft-Windows-Servicing Time Written: 20090831093942.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Acer Event Code: 4374 Message: Windows Servicing a déterminé que ce package KB970653(Update) n’est pas applicable à ce système. Record Number: 28652 Source Name: Microsoft-Windows-Servicing Time Written: 20090831093942.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Acer Event Code: 4374 Message: Windows Servicing a déterminé que ce package KB970653(Update) n’est pas applicable à ce système. Record Number: 28649 Source Name: Microsoft-Windows-Servicing Time Written: 20090831093941.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: PC-de-Acer Event Code: 2 Message: Impossible de supprimer les données indexées par le service Windows Search pour l’utilisateur 'PC-de-Acer\Administrateur' suite à la suppression du profil utilisateur. Code d’erreur 0x80070015. Le périphérique n'est pas prêt. . Record Number: 713 Source Name: Microsoft-Windows-Search-ProfileNotify Time Written: 20090731135418.000000-000 Event Type: Erreur User: Computer Name: PC-de-Acer Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 704 Source Name: Microsoft-Windows-WMI Time Written: 20090731135324.000000-000 Event Type: Erreur User: Computer Name: PC-de-Acer Event Code: 1008 Message: Le service Windows Search tente de supprimer l’ancien catalogue. Record Number: 700 Source Name: Microsoft-Windows-Search Time Written: 20090731135322.000000-000 Event Type: Avertissement User: Computer Name: WIN-9XKAS2TZONQ Event Code: 1036 Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système. Record Number: 471 Source Name: Microsoft-Windows-SpoolerSpoolss Time Written: 20090731134352.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: WIN-9XKAS2TZONQ Event Code: 1530 Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. DÉTAIL - 13 user registry handles leaked from \Registry\User\S-1-5-21-4190820196-3091972475-3118163493-500: Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500 Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500 Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500 Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Microsoft\SystemCertificates\trust Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Microsoft\SystemCertificates\My Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Microsoft\SystemCertificates\CA Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Policies\Microsoft\SystemCertificates Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Policies\Microsoft\SystemCertificates Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Policies\Microsoft\SystemCertificates Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Microsoft\SystemCertificates\Disallowed Process 1960 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4190820196-3091972475-3118163493-500\Software\Microsoft\SystemCertificates\Root Record Number: 452 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20080321112408.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM =====Security event log===== Computer Name: WIN-9XKAS2TZONQ Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : WIN-9XKAS2TZONQ$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x294 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 345 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080321112400.307001-000 Event Type: Succès de l'audit User: Computer Name: WIN-9XKAS2TZONQ Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 344 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080321112358.544201-000 Event Type: Succès de l'audit User: Computer Name: WIN-9XKAS2TZONQ Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : WIN-9XKAS2TZONQ$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x294 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 343 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080321112358.544201-000 Event Type: Succès de l'audit User: Computer Name: WIN-9XKAS2TZONQ Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : WIN-9XKAS2TZONQ$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x294 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 342 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080321112358.544201-000 Event Type: Succès de l'audit User: Computer Name: WIN-9XKAS2TZONQ Event Code: 1102 Message: Le journal d’audit a été effacé. Objet : ID de sécurité : S-1-5-21-4190820196-3091972475-3118163493-500 Nom de compte : Administrator Nom de domaine : WIN-9XKAS2TZONQ ID de connexion : 0x2d175 Record Number: 341 Source Name: Microsoft-Windows-Eventlog Time Written: 20080321112235.536601-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64 "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\; "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Enfin, après une analyse après réparation de kaspersky (pas pensé à garder celle d'avant, désolé !), voici ce qu'il trouve (pas grand chose) 11/12/2009 18:41:49 Détectés: http://www.viruslist.com/fr/advisories/37584 C:\Windows\system32\Macromed\Flash\NPSWF32.dll 11/12/2009 18:44:04 Détectés: http://www.viruslist.com/fr/advisories/37584 C:\Windows\system32\Macromed\Flash\NPSWF32.dll J'ai trouvé aussi une chose qui date d'avant le "réparation" (je me demande comment il l'a gardée) 22/11/2009 20:10:42 Détectés: http://www.viruslist.com/fr/advisories/23655 C:\Program Files\NewTech Infosystems\NTI Media Maker 8\Media Maker\msxml4.dd Merci à nouveau ! Fracoutu
  7. Fracoutu
  8. Fracoutu
  9. Fracoutu
    Bonjour, (10 décembre) Depuis qq temps, mon antivirus (Kaspersky 2009) se désactive, très peu de temps après le démarrage. La protection en temps réel ne fonctionne plus. Je suis obligé de le réactiver manuellement. J'ai fait une analyse complète, une fois l'antivirus réactivé. On me cite comme événement : licence invalide, ce qui est absurde. Remontant deux jours en arrière dans les rapports, (8 décembre) je trouve mention d'un certain "Packed.Win32.Krap.ag". L'infection daterait donc de 2 jours? Je ne sais pas s'il s'agit d'un cheval de troie?... Une autre piste? Il semble (?...) qu'une mise à jour de windows (vista) ait déclenché tout ça... Encore autre chose? En remontant beaucoup plus loin en arrière, (1 mois) on me signale déjà dans les rapports : "la protection en temps réel ne fonctionne pas" plusieurs fois par jour.. Mais tout ça n'est pas signalé au moment où ça arrive, et je finis par me demander si cet "événement" en est bien un : avant que la mise à jour automatique de kaspersky ne soit faite, la protection en temps réel est elle considérée comme inactive par l'antivirus lui même? Merci de votre aide.... Fracoutu
  10. Fracoutu
    Eh ben ça marche ! Merci, à nouveau ! Quoi dire d'autre?
  11. Fracoutu
    Antivir : avira antivir premium, téléchargé Kaspersky, antivirus seul, acheté sous forme de CD chez virgin megastore Le pack full, je l'ai téléchargé à l'adresse que tu m'as indiquée (merci !) Je ne peux ouvrir aucun site avec kaspersky en fonction, et tous s'ouvrent normalement avec antivir. Un chapitre du guide de kaspersky parle d'activation et de désactivation des contrôles active x, mais pour moi c'est très peu clair ;.. Merci !
  12. Fracoutu
    Je te remercie à nouveau. Concernant la nouvelle version du codec, je tombe sur une page qui m'en propose plusieurs... et je n'arrive pas à télécharger autre chose que la page concernée elle même... Autre chose 'désolé... : depuis que j'ai téléchargé toutes ces mises à jour (pack 2...), je reçois des avis selon lesquels mon antivirus avira est incompatible avec vista. J"ai fini par me résoudre à aller acheter un autre antivirus, et j'ai opté pour ...Kaspersky 2009 (question de prix...) Je l'ai donc installé, et là...pas évident : d'abord, il a mis une plombe à télécharger la mise à jour (la version, de "2009" datait de mai 2008, et depuis, bien de l'eau a coulé sous les ponts, question virus...) Bref, j'y suis arrivé..et depuis.... je ne peux plus me connecter quand le nouvel antivirus (kaspersky)est actif. je suis donc obligé, pour "sortir", de passer outre l'avis qu'avira est incompatible avec vista, de taper "exécuter", et donc d'utiliser avira en tant qu'antivirus, et de suspendre la protection de kaspersky.... ça doit être une question de paramétrage?... Merci encore !
  13. Fracoutu
    Merci ! Et encore toutes mes excuses : je t'ai envoyé un rapport kaspersky qui date de plus d'un an et qui concernait mon ancien système : XP.... Voila donc le bon rapport : KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, June 12, 2009 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, June 12, 2009 12:20:31 Records in database: 2338259 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ F:\ Scan statistics: Files scanned: 125345 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 01:29:05 File name / Threat name / Threats count C:\Users\Francis\Documents\11 mars 2009\fichiers exe et autres logiciels\installer-27692-845-K-Lite-Codec-Pack-Full-2-89-French.exe Infected: not-a-virus:AdWare.Win32.FakeInstaller.e 1 The selected area was scanned. Et le rapport de Toolscleaner : [ Rapport ToolsCleaner version 2.3.6 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\UsbFix: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\UsbFix: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\UsbFix: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\UsbFix: trouvé ! C:\Users\Francis\Desktop\HijackThis.exe: trouvé ! C:\Users\Francis\Desktop\hijackthis.log: trouvé ! C:\Users\Francis\Desktop\SmitFraudfix: trouvé ! C:\Users\Francis\Documents\11 mars 2009\fichiers exe et autres logiciels\MsnFix: trouvé ! C:\Users\Francis\Documents\11 mars 2009\fichiers exe et autres logiciels\MSNFix\Msnfix.zip: trouvé ! C:\Users\Francis\Documents\11 mars 2009\technique\gravure, son, conversion mp3 éditiion de fichiers sons et image\Msnfix.zip: trouvé ! C:\Users\Francis\Documents\11 mars 2009\technique\gravure, son, conversion mp3 éditiion de fichiers sons et image\MsnFix: trouvé ! C:\Users\Francis\Documents\11 mars 2009\technique\gravure, son, conversion mp3 éditiion de fichiers sons et image\MSNFix\MsnFix: trouvé ! C:\Users\Francis\Documents\11 mars 2009\technique\pb techniques\pb virus\Dss.exe: trouvé ! C:\Users\Francis\Documents\11 mars 2009\technique\virus spam et téléchargement de programme\MsnFix: trouvé ! C:\Users\Francis\Documents\11 mars 2009\technique\virus spam et téléchargement de programme\MSNFix\MsnFix: trouvé ! C:\Users\Francis\Documents\11 mars 2009\Unzipped\MsnFix: trouvé ! C:\Users\Francis\Documents\11 mars 2009\Unzipped\MSNFix\MsnFix: trouvé ! Je n'ai pas pu télécharger bitdefender (il me demande d'ouvrir vista en tant qu'administrateur, ce que je fais, puis il me demande un compte sur son site...) mais ....je viens de faire un scan complet en ligne, et intégral, de mon ordi , avec kaspersky, précédé de diverses vérifications ; smitfraud, msnfix, hijackthis..etc....à la lecture du dernier rapport, celui de kaspersky, est ce que mon système est clean ou nécessite t'il encore un nettoyage? Merci !
  14. Fracoutu
    (deuxième réponse ) Re ! Voici d'abord le rapport de java : JavaRa 1.14 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Jun 12 12:41:38 2009 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Users\Francis\AppData\LocalLow\Sun\Java\jre1.6.0_07 Found and removed: C:\Users\Francis\AppData\LocalLow\Sun\Java\jre1.6.0_13 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ ------------------------------------ Finished reporting. et celui de kaspersky : KASPERSKY ONLINE SCANNER REPORT Sunday, June 08, 2008 2:25:16 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/06/2008 Kaspersky Anti-Virus database records: 839091 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ D:\ E:\ F:\ H:\ I:\ J:\ K:\ Scan Statistics: Total number of scanned objects: 79455 Number of viruses found: 3 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 01:39:04 Infected Object Name / Virus Name / Last Action I:\Documents and Settings\Administrateur\Application Data\SPAMfighter\Logs\Agent.log.txt Object is locked skipped I:\Documents and Settings\Administrateur\Bureau\Nero-8.3.2.1_fra_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped I:\Documents and Settings\Administrateur\Bureau\Nero-8.3.2.1_fra_trial.exe 7-Zip: infected - 1 skipped I:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{E85DA7EB-8078-45F7-B68B-3945D76B9212}\Microsoft\Outlook Express\SPAMfighter.dbx/[From Dooley" <faivish.davie@kleintierarzt.at>][Date 1 Jun 2008 15:16:28 -0600]/UNNAMED/card.zip/card.scr Infected: Email-Worm.Win32.Agent.gc skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{E85DA7EB-8078-45F7-B68B-3945D76B9212}\Microsoft\Outlook Express\SPAMfighter.dbx/[From Dooley" <faivish.davie@kleintierarzt.at>][Date 1 Jun 2008 15:16:28 -0600]/UNNAMED/card.zip Infected: Email-Worm.Win32.Agent.gc skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{E85DA7EB-8078-45F7-B68B-3945D76B9212}\Microsoft\Outlook Express\SPAMfighter.dbx/[From Dooley" <faivish.davie@kleintierarzt.at>][Date 1 Jun 2008 15:16:28 -0600]/UNNAMED Infected: Email-Worm.Win32.Agent.gc skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{E85DA7EB-8078-45F7-B68B-3945D76B9212}\Microsoft\Outlook Express\SPAMfighter.dbx MailMSOutlook5: infected - 3 skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped I:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped I:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped I:\Documents and Settings\Administrateur\Mes documents\pb techniques\Télécharger des logiciels.exe Infected: Backdoor.Win32.Hupigon.bnca skipped I:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped I:\Documents and Settings\Administrateur\NTUSER.DAT.LOG Object is locked skipped I:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped I:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Télécharger des logiciels.exe Infected: Backdoor.Win32.Hupigon.bnca skipped I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped I:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped I:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped I:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped I:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped I:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped I:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped I:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped I:\System Volume Information\_restore{B7665782-6BEC-4B45-9A4D-0E2579BB477B}\RP42\change.log Object is locked skipped I:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped I:\WINDOWS\SchedLgU.Txt Object is locked skipped I:\WINDOWS\SoftwareDistribution\EventCache\{0C12DA4F-E48F-445C-A3A4-1A2236D1DE1F}.bin Object is locked skipped I:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped I:\WINDOWS\Sti_Trace.log Object is locked skipped I:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped I:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped I:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped I:\WINDOWS\system32\config\default Object is locked skipped I:\WINDOWS\system32\config\default.LOG Object is locked skipped I:\WINDOWS\system32\config\SAM Object is locked skipped I:\WINDOWS\system32\config\SAM.LOG Object is locked skipped I:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped I:\WINDOWS\system32\config\SECURITY Object is locked skipped I:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped I:\WINDOWS\system32\config\software Object is locked skipped I:\WINDOWS\system32\config\software.LOG Object is locked skipped I:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped I:\WINDOWS\system32\config\system Object is locked skipped I:\WINDOWS\system32\config\system.LOG Object is locked skipped I:\WINDOWS\system32\h323log.txt Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped I:\WINDOWS\wiadebug.log Object is locked skipped I:\WINDOWS\wiaservc.log Object is locked skipped I:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Il semble qu'il ait trouvé encore 3 virus et 8 "objets suspects"? Dois je désinstaller hijackthis, et y a t'il qq chose à désinstaller à propos de kaspersky? J'ai installé IE 8, et le pb de souris "paralysée" semble avoir disparu...Ce que je ne comprends pas, c'est qu'avec la version précédente d' internet explorer, je n'avais jusque là jamais eu ce problème...Cela peut il être dû au troyen? Ou a une incompatibilité momentanée entre le site de la banque et internet explorer 7... Merci pour tout !
  15. Fracoutu
    Merci encore, je fais tout ça dès que possible (demain matin probablement). Sinon, je me suis rendu compte que j'avais oublié de désactiver l'UAC avant de faire USB Fix (grosse fatigue et un tas de trucs à faire en même temps...) Est ce que le nettoyage par USB Fix est valable dans ces conditions? Mille excuses et merci encore !
  16. Fracoutu
    Bonjour, C oncernant UsbFix, ayant l'intention de t'envoyer les 3 fichiers en une seule fois, j'ai activé la fonction 1, et j'ai commencé à te répondre, en joignant le rapport à la réponse, mais sans l'enregistrer (erreur...) puis j'ai laissé la réponse ouverte et j'ai activé la fonction 2 (destruction des fichiers "pollués") mais usb fix a fait redémarrer l'ordi, et donc la liaison a été coupée, et je ne sais pas où retrouver le rapport de la fonction 1 .... voici le rapport de la fonction 2 (nettoyage) # Intel® Core2 Duo CPU T5750 @ 2.00GHz # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1 # Internet Explorer 7.0.6001.18000 # Windows Firewall Status : Disabled # C:\ # Disque fixe local # 111,44 Go (43,91 Go free) [ACER] # NTFS # D:\ # Disque fixe local # 104,9 Go (101,91 Go free) # NTFS # E:\ # Disque amovible # 1,88 Go (516,5 Mo free) # FAT # F:\ # Disque CD-ROM ############################## [ Processus actifs ] C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\vfsFPService.exe C:\Windows\system32\svchost.exe C:\Windows\system32\LogonUI.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Windows\system32\svchost.exe C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Windows\system32\svchost.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Acer\Acer Bio Protection\BASVC.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\runonce.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ################## [ Fichiers # Dossiers infectieux ] ################## [ Registre # Clés Run infectieuses ] # HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride" # -> Reset sucessfully ! ################## [ Registre # Mountpoints2 ] ################## [ Listing des fichiers présent ] [01/06/2009 21:47|--a------|434714] - C:\AudioWriter.log [18/09/2006 23:43|--a------|24] - C:\autoexec.bat [07/06/2009 18:17|--a------|28953] - C:\barsetting.~dat [21/01/2008 04:24|-rahs----|333203] - C:\bootmgr [21/03/2008 05:12|-ra-s----|8192] - C:\BOOTSECT.BAK [18/09/2006 23:43|--a------|10] - C:\config.sys [18/03/2009 01:46|-rahs----|0] - C:\IO.SYS [27/06/2008 18:28|--a------|20] - C:\Medion.ini [18/03/2009 01:46|-rahs----|0] - C:\MSDOS.SYS [?|?|?] - C:\pagefile.sys [27/06/2008 18:24|--a------|60] - C:\Partition.txt [09/06/2009 00:57|--a------|2400] - C:\rapport.txt [21/03/2008 12:33|--a------|477] - C:\RHDSetup.log [11/06/2009 22:49|--a------|4305] - C:\UsbFix.txt ################## [ Vaccination ] # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix. # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix. # E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix. ################## [ ! Fin du rapport # UsbFix V3.029 ! ] et celui de la fonction 3 (vaccination) ############################## [ UsbFix V3.029 | Vaccination ] # User : Francis (Administrateurs) # PC-DE-FRANCIS # Update on 05/06/09 by Chiquitine29, C_XX & Chimay8 # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html # Start at: 23:04:14 | 11/06/2009 # Intel® Core2 Duo CPU T5750 @ 2.00GHz # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1 # Internet Explorer 7.0.6001.18000 # Windows Firewall Status : Disabled # C:\ # Disque fixe local # 111,44 Go (43,69 Go free) [ACER] # NTFS # D:\ # Disque fixe local # 104,9 Go (101,91 Go free) # NTFS # E:\ # Disque amovible # 1,88 Go (516,47 Mo free) # FAT # F:\ # Disque CD-ROM ################## [ Vaccination ] # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix. # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix. # E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix. ################## [ ! Fin du rapport # UsbFix V3.029 ! ] D'autrepart, concernant mon histoire de souris paralysée, je suis allé à nouveau faire un tour sur le site de la banque, et j'ai remarqué qu'avec internet explorer, la souris commençait à avoir des absences (quelques secondes) dès que j'arrive sur le site, avant même que j'ai donné mon code d'accès . Ce qui ne se produit pas avec firefox. Le pb ne viendrait pas d'une incompatibilité (temporaire?) entre internet explorer et le site de la banque? Tu as un avis là dessus ? Enfin, j'ai bien installé, et utilisé ATF cleaner
  17. Fracoutu
    Bonjour, et mille excuses pour les "citations"... Je n'ai, pas pour le moment, pris le temps de nettoyer les supports amovibles. Mais je ne les ai pas non plus utilisés depuis. J'ai un souci plus urgent : en me connectant sur le site de ma banque , je me suis retrouvé après quelque temps de consultation avec une souris "paralysée" : plus rien ne bougeait . J'éteins carrément l'ordi (avec le bouton : c'est un portabe...), je rallume, je me reconnecte , et rebelote...J'utilisais internet explorer, il me semble. C'est très effrayant. Y a t'il possibilité que quelqu'un ait pris le contrôle de mon ordi? Et pourquoi cette souris "paralysée"? Je ne veux pas non plus être parano. Je ne sais pas quelle est l"utilité (façon de parler) du troyen win32/Renos.IO pour celui qui l'a mis en ligne, mais y a t'il un rapport possible entre cette infection (pourtant maintenant réparée par tes soins ) et la paralysie momentanée de ma souris? J'ai eu en ligne une technicienne de la banque, qui m'a fait nettoyer fichiers, cookies, etc, en partant de firefox... et depuis cela semble fonctionner normalement... et je viens de configurer mon ordi pour effacer mes traces, en tout cas avec firefox...Quoi faire de plus? Merci !
  18. Fracoutu
    Merci ! Voila le rapport de MBAM : Malwarebytes' Anti-Malware 1.37 Version de la base de données: 2254 Windows 6.0.6001 Service Pack 1 09/06/2009 19:22:21 mbam-log-2009-06-09 (19-22-21).txt Type de recherche: Examen complet (C:\|D:\|F:\|) Eléments examinés: 185946 Temps écoulé: 51 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 37 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Users\Francis\AppData\Local\Temp\Low\912B.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\30F1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\30F1.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\3458.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\3458.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\3737.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\3737.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\3AD3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\3AD3.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\3AEE.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\3AEE.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\8A95.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\8A95.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\F172.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\F172.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\912B.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\98F6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\98F6.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\9F50.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\9F50.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\D623.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\D623.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\DF3A.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\DF3A.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\E0AE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\E0AE.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\E3E8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\E3E8.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\E9C5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\E9C5.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\EA60.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\EA60.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\EE85.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Francis\AppData\Local\Temp\Low\EE85.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Je n'ai pas pensé à analyser une carte, qui contient des fichiers sons, que j'utilise sur un enregistreur numérique (zoom h4) Est ce que je peux la scanner seule, ou au moins en ne sélectionnant que les supports amovibles? Merci !
  19. Fracoutu
    DERNIERE MINUTE : l'alarme est toujours présente... gasp ! je vais me coucher !
  20. Fracoutu
    Merci ! beaucoup de choses à lire pour cause de maladresse ..Mille excuses : rapport smitfraud en anglais : (je crois que j'en ai oublié morceau au début du rapport) (?.......) »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Windows\system32\msxml71.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» RK.2 »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End j'ai par la suite trouvé la commande pour le faire en français... et je l'ai donc refait, mais les éventuels fichiers infectés n'y étaient peut être déja plus : SmitFraudFix v2.419 Rapport fait à 0:56:14,59, 09/06/2009 Executé à partir de C:\Users\Francis\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost ::1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! »»»»»»»»»»»»»»»»»»»»»»»» RK.2 »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll On ne m'a jamais proposé de "corriger les fichier infecté" , sauf erreur... et enfin le rapport hijackthis après reboot : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:13:39, on 09/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\taskeng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe C:\Windows\PLFSetI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Francis\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Users\Francis\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Service Google Update (gupdate1c9e55d6b03d94d) (gupdate1c9e55d6b03d94d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 9705 bytes Voila le tout !... Ouf ! Merci !
  21. Fracoutu
    Merci ! Ouarf ! j'ai lu en diagonale... pas mal, la capture d'écran ! Bon, voila le rapport smitfraudfix : SmitFraudFix v2.419 Scan done at 22:51:20,76, 08/06/2009 Run from C:\Users\Francis\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\vfsFPService.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Windows\system32\svchost.exe C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe C:\Windows\PLFSetI.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Windows\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Users\Francis\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Acer\Acer Bio Protection\BASVC.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conime.exe C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 C:\Windows\system32\msxml71.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Francis »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Francis\AppData\Local\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Francis\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Francis\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, following keys are not inevitably infected!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "LoadAppInit_DLLs"=dword:00000000 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9FA38436-ADFD-47FC-B2A5-1BDA713424C6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  22. Fracoutu
    Merci ! Sans perdre de temps, voila donc le log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:29:13, on 08/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe C:\Windows\PLFSetI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Francis\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Users\Francis\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Cognac] C:\Users\Francis\AppData\Local\Temp\b.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Service Google Update (gupdate1c9e55d6b03d94d) (gupdate1c9e55d6b03d94d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 10617 bytes
  23. Fracoutu
    Bonjour, je suis infecté (enfin, pas moi, mon ordi ! ) par un très vilain personnage, qui s'appelle "TrojanDownloader : Win32/Renos.IO", et qui m'est signalé par mon antivirus (avira antivir premium), chaque fois que j'ouvre internet explorer (ça n'a pas l'air d'affecter firefox). Evidemment, comme recommandé, je "supprime tout" systématiquement, mais ça n'empêche pas cette alarme de réapparaître la fois suivante où j'ouvre internet explorer. Si vous avez une recette pour déloger cette chose, je vous en remercie ! (A toutes fins utiles, et si ça a une importance, je suis sur Vista...) Meric encore !
  24. Fracoutu
    Pas de nouvelles depuis un moment ? Mon PC a l'air de fonctionner correctement, mais j'aurais bien aimé avoir une interprétation des dernières analyses que j'ai postées, et un mode d'emploi du backup qui est sur mon bureau. Merci à nouveau pour votre efficacité.
  25. Fracoutu
    Merci encore ! Ci dessous, le fichier "main. txt" et en dessous, le rapport Kaspersky main.txt : Deckard's System Scanner v20071014.68 Run by Administrateur on 2008-06-07 21:07:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 40: 2008-06-07 19:07:24 UTC - RP40 - Deckard's System Scanner Restore Point 39: 2008-06-07 12:55:50 UTC - RP39 - Point de vérification système 38: 2008-06-04 19:05:46 UTC - RP38 - Point de vérification système 37: 2008-06-03 18:30:15 UTC - RP37 - Point de vérification système 36: 2008-06-02 17:30:03 UTC - RP36 - Remove CloneCD -- First Restore Point -- 1: 2008-03-30 13:09:51 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrateur.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:08:01, on 07/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\spoolsv.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe I:\WINDOWS\system32\RunDll32.exe I:\WINDOWS\system32\LVCOMSX.EXE I:\Program Files\Logitech\Video\LogiTray.exe I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe I:\Program Files\iTunes\iTunesHelper.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe I:\Program Files\SPAMfighter\SFAgent.exe I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe I:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe I:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe I:\Program Files\WinZip\WZQKPICK.EXE I:\Program Files\Logitech\Video\FxSvr2.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe I:\WINDOWS\system32\RioMSC.exe I:\Program Files\SPAMfighter\sfus.exe I:\WINDOWS\system32\svchost.exe I:\Program Files\iPod\bin\iPodService.exe I:\WINDOWS\system32\wuauclt.exe I:\Documents and Settings\Administrateur\Bureau\dss.exe I:\DOCUME~1\ADMINI~1\Bureau\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Reloaded Lite V2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [Vistadrv] I:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LVCOMSX] I:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] I:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] I:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sPAMfighter Agent] "I:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "I:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WellPhone XT Sagem] "I:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = I:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.shredder-scanner.com/setup/webinst.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - I:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - I:\WINDOWS\system32\RioMSC.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - I:\Program Files\SPAMfighter\sfus.exe O23 - Service: StarOpen - Avira GmbH - (no file) O23 - Service: UPnPService - Magix AG - I:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 6601 bytes -- HijackThis Fixed Entries (I:\DOCUME~1\ADMINI~1\Bureau\backups\) ------------- backup-20080605-212924-303 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll backup-20080605-212924-345 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll backup-20080605-212924-346 O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - I:\Program Files\Dealio\kb124\Dealio.dll backup-20080605-212924-367 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll backup-20080605-212924-753 O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - I:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll backup-20080605-212924-771 O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - I:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll backup-20080605-212925-247 O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll backup-20080605-212925-384 O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - I:\Program Files\Canon\Easy-WebPrint\Toolband.dll backup-20080605-212925-491 O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - I:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll backup-20080605-212925-538 O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll backup-20080605-212925-732 O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - I:\Program Files\Dealio\kb124\Dealio.dll backup-20080605-212925-801 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 cdrbsdrv - i:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7> R3 cmuda3 (Aureon 5.1 Audio Interface) - i:\windows\system32\drivers\cmudax3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)> R3 pcouffin (VSO Software pcouffin) - i:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 catchme - i:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing) S3 GMSIPCI - h:\install\gmsipci.sys (file missing) S3 NTACCESS - h:\ntaccess.sys (file missing) S3 SetupNTGLM7X - h:\ntglm7x.sys (file missing) S3 UsbSagCom (SAGEM Full USB Driver) - i:\windows\system32\drivers\usbsagcom.sys <Not Verified; Sagem Communication; USB CDC ACM Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "i:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 Apple Mobile Device - "i:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 RioMSC (RIO Mass Storage C) - i:\windows\system32\riomsc.exe <Not Verified; Digital Networks North America, Inc.; Rio Mass Storage Class Device Manager> S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - i:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> S3 UPnPService - i:\program files\fichiers communs\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module> S4 NMIndexingService - "i:\program files\fichiers communs\ahead\lib\nmindexingservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-15 22:39:01 284 --a------ I:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-07 and 2008-06-07 ----------------------------- 2008-06-07 15:43:49 0 dr-h---c- I:\Documents and Settings\Administrateur\Recent 2008-06-07 13:05:38 0 d-------- I:\WINDOWS\ERUNT 2008-06-03 19:03:54 0 d------c- I:\Documents and Settings\Administrateur\Application Data\CopyToDvd 2008-06-03 18:42:08 47360 --a------ I:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-06-03 18:42:08 0 d------c- I:\Documents and Settings\Administrateur\Application Data\Vso 2008-06-03 18:42:08 47360 --a----c- I:\Documents and Settings\Administrateur\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-06-03 18:41:50 0 d-------- I:\Program Files\VSO 2008-06-02 19:23:57 0 d-------- I:\Program Files\SlySoft 2008-05-21 13:27:18 0 d-------- I:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-05-21 12:47:26 0 d-------- I:\Program Files\Windows Media Connect 2 2008-05-21 12:45:34 0 d-------- I:\WINDOWS\system32\LogFiles 2008-05-21 12:45:34 0 d-------- I:\WINDOWS\system32\drivers\UMDF 2008-05-20 20:31:02 0 d-------- I:\Program Files\Fichiers communs\Ankiro 2008-05-20 20:29:53 0 d-------- I:\Program Files\Fichiers communs\Application 2008-05-14 00:20:35 0 d-a------ I:\Documents and Settings\All Users\Application Data\TEMP 2008-05-13 21:06:01 0 d-------- I:\Documents and Settings\All Users\Application Data\WinZip 2008-05-13 20:34:54 0 d-------- I:\Documents and Settings\All Users\Application Data\WinZipSE 2008-05-13 20:34:52 0 d-------- I:\Program Files\WinZip Self-Extractor 2008-05-13 03:53:16 3596288 --a------ I:\WINDOWS\system32\qt-dx331.dll 2008-05-13 03:50:16 196608 --a------ I:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-05-13 03:50:16 81920 --a------ I:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-05-13 03:50:08 802816 --a------ I:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-05-13 03:50:08 823296 --a------ I:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-13 03:50:08 831488 --a------ I:\WINDOWS\system32\divx_xx0a.dll 2008-05-13 03:50:08 823296 --a------ I:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-13 03:50:06 682496 --a------ I:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-13 03:49:02 12288 --a------ I:\WINDOWS\system32\DivXWMPExtType.dll -- Find3M Report --------------------------------------------------------------- 2008-06-07 20:56:00 0 d-------- I:\Program Files\SPAMfighter 2008-06-05 21:30:26 0 d-------- I:\Program Files\Google 2008-06-04 11:36:49 0 d-------- I:\Program Files\Alwil Software 2008-06-03 18:42:43 34 --a----c- I:\Documents and Settings\Administrateur\Application Data\pcouffin.log 2008-06-03 18:42:08 1144 --a----c- I:\Documents and Settings\Administrateur\Application Data\pcouffin.inf 2008-06-03 18:42:08 7887 --a----c- I:\Documents and Settings\Administrateur\Application Data\pcouffin.cat 2008-06-02 23:51:00 24572 --a----c- I:\Documents and Settings\Administrateur\Application Data\ViewerApp.dat 2008-05-25 22:36:58 0 d------c- I:\Documents and Settings\Administrateur\Application Data\Canon 2008-05-21 12:30:24 0 d-------- I:\Program Files\DivX 2008-05-20 20:31:02 0 d-------- I:\Program Files\Fichiers communs 2008-05-19 20:00:46 0 d------c- I:\Documents and Settings\Administrateur\Application Data\Skype 2008-05-19 20:00:37 0 d------c- I:\Documents and Settings\Administrateur\Application Data\skypePM 2008-05-14 00:21:42 451712 --a------ I:\WINDOWS\system32\perfh00C.dat 2008-05-14 00:21:42 68498 --a------ I:\WINDOWS\system32\perfc00C.dat 2008-05-13 21:39:37 0 d-------- I:\Program Files\QuickTime 2008-05-13 21:32:13 0 d-------- I:\Program Files\Apple Software Update 2008-04-28 23:06:29 0 d-------- I:\Documents and Settings\Administrateur\Application Data\Real 2008-04-28 13:04:37 1417 --a------ I:\WINDOWS\mozver.dat 2008-04-10 21:24:27 0 d-------- I:\Program Files\MSECache 2008-04-08 21:57:08 0 d-------- I:\Program Files\Skype 2008-04-08 21:57:02 0 d-------- I:\Program Files\Fichiers communs\Skype -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"="I:\WINDOWS\system32\Vistadrive\vsdrv.exe" [30/07/2006 04:37] "CmPCIaudio"="cmicnfg3.cpl" [] "KernelFaultCheck"="I:\WINDOWS\system32\dumprep 0 -k" [] "LVCOMSX"="I:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32] "LogitechVideoRepair"="I:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24] "LogitechVideoTray"="I:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14] "SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42] "Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [14/04/2008 23:38] "QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "SPAMfighter Agent"="I:\Program Files\SPAMfighter\SFAgent.exe" [14/05/2008 15:23] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="I:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="I:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [] "swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/06/2007 19:28] "WellPhone XT Sagem"="I:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="I:\Program Files\MSN Messenger\msnmsgr.exe" /background I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 22:05:56] Picture Package Menu.lnk - I:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [20/04/2007 01:49:17] Picture Package VCD Maker.lnk - I:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [20/04/2007 01:49:13] WinZip Quick Pick.lnk - I:\Program Files\WinZip\WZQKPICK.EXE [06/06/2007 11:10:02] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoSMMyPictures"=1 (0x1) "ClearRecentDocsOnExit"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "NoStartBanner"=01000000 "MemCheckBoxInRunDlg"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoWelcomeScreen"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoSMMyPictures"=1 (0x1) "ClearRecentDocsOnExit"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "NoStartBanner"=01000000 "MemCheckBoxInRunDlg"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoWelcomeScreen"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV -- End of Deckard's System Scanner: finished at 2008-06-07 21:09:15 ------------ rapport Kaspersky ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, June 08, 2008 2:25:16 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/06/2008 Kaspersky Anti-Virus database records: 839091 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ D:\ E:\ F:\ H:\ I:\ J:\ K:\ Scan Statistics: Total number of scanned objects: 79455 Number of viruses found: 3 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 01:39:04 Infected Object Name / Virus Name / Last Action I:\Documents and Settings\Administrateur\Application Data\SPAMfighter\Logs\Agent.log.txt Object is locked skipped I:\Documents and Settings\Administrateur\Bureau\Nero-8.3.2.1_fra_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped I:\Documents and Settings\Administrateur\Bureau\Nero-8.3.2.1_fra_trial.exe 7-Zip: infected - 1 skipped I:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{E85DA7EB-8078-45F7-B68B-3945D76B9212}\Microsoft\Outlook Express\SPAMfighter.dbx/[From Dooley" <faivish.davie@kleintierarzt.at>][Date 1 Jun 2008 15:16:28 -0600]/UNNAMED/card.zip/card.scr Infected: Email-Worm.Win32.Agent.gc skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{E85DA7EB-8078-45F7-B68B-3945D76B9212}\Microsoft\Outlook Express\SPAMfighter.dbx/[From Dooley" <faivish.davie@kleintierarzt.at>][Date 1 Jun 2008 15:16:28 -0600]/UNNAMED/card.zip Infected: Email-Worm.Win32.Agent.gc skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{E85DA7EB-8078-45F7-B68B-3945D76B9212}\Microsoft\Outlook Express\SPAMfighter.dbx/[From Dooley" <faivish.davie@kleintierarzt.at>][Date 1 Jun 2008 15:16:28 -0600]/UNNAMED Infected: Email-Worm.Win32.Agent.gc skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{E85DA7EB-8078-45F7-B68B-3945D76B9212}\Microsoft\Outlook Express\SPAMfighter.dbx MailMSOutlook5: infected - 3 skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped I:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped I:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped I:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped I:\Documents and Settings\Administrateur\Mes documents\pb techniques\Télécharger des logiciels.exe Infected: Backdoor.Win32.Hupigon.bnca skipped I:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped I:\Documents and Settings\Administrateur\NTUSER.DAT.LOG Object is locked skipped I:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped I:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Télécharger des logiciels.exe Infected: Backdoor.Win32.Hupigon.bnca skipped I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped I:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped I:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped I:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped I:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped I:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped I:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped I:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped I:\System Volume Information\_restore{B7665782-6BEC-4B45-9A4D-0E2579BB477B}\RP42\change.log Object is locked skipped I:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped I:\WINDOWS\SchedLgU.Txt Object is locked skipped I:\WINDOWS\SoftwareDistribution\EventCache\{0C12DA4F-E48F-445C-A3A4-1A2236D1DE1F}.bin Object is locked skipped I:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped I:\WINDOWS\Sti_Trace.log Object is locked skipped I:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped I:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped I:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped I:\WINDOWS\system32\config\default Object is locked skipped I:\WINDOWS\system32\config\default.LOG Object is locked skipped I:\WINDOWS\system32\config\SAM Object is locked skipped I:\WINDOWS\system32\config\SAM.LOG Object is locked skipped I:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped I:\WINDOWS\system32\config\SECURITY Object is locked skipped I:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped I:\WINDOWS\system32\config\software Object is locked skipped I:\WINDOWS\system32\config\software.LOG Object is locked skipped I:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped I:\WINDOWS\system32\config\system Object is locked skipped I:\WINDOWS\system32\config\system.LOG Object is locked skipped I:\WINDOWS\system32\h323log.txt Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped I:\WINDOWS\wiadebug.log Object is locked skipped I:\WINDOWS\wiaservc.log Object is locked skipped I:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
×
×
  • Créer...