Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection persistante TratBHO-Win32.small.jf etc..;;

kighafars

Par kighafars
dans Analyses et éradication malwares

 Partager

Messages recommandés

kighafars Member

kighafars

Posté(e)
Posté(e)

Bonjour,

Depuis qq jours, je me bats pour garder mon ordi en vie. Infecté, j'ai parcouru les forums et essayer pas mal de solutions mais je suis en train de perdre, perte de + en + des fonctions windows et maintenant je n'arrive plus qu'à le démarrer qu'en safe mode. soft essayés Anti-vir, avast, Vundofix, VirtumundoBeGone et autre registry cleaner et d'autres du meme type, j'ai cru au miracle lors d'u reboot apres un kaspersky scan mais rapidement ça c aggravé. je post le log HJT si qq'un peut m'aider? merci

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:37:36, on 19/01/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\KIGHAF~1\AppData\Local\Temp\rlwlahfr.dll",b

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

 

--

End of file - 13056 bytes

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour kighafars :P

 

Messages: 1
Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

Ton rapport présente en effet des traces d'infections. Mais d'abord, tu as trop d'antivirus sur ce PC, j'en vois 3 !

  • Avast
  • Kaspersky
  • Norton
    + windows defender et le tea timer de spybot.

Lequel utilises tu normalement ? Il n'en faut plus qu'un sur le pc et désinstaller les deux autres. Désactive Windows defender et le tea timer de spybot également, ils vont nous gêner.

 

Si on commence en semble, je te demande de ne plus passer d'outils tout seul dans ton coin sans que je te l'ai demandé, sinon je ne vais plus rien comprendre. As-tu conservé les rapports des outils que tu as déja passé ? Poste les à la suite.

 

Puis génère un rapport avec l'outil suivant qui nous permettra de faire un petit "état des lieux" :

 

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.

NB : Tu dois être connecté avec des droits d'Administrateur.

  1. ferme toutes les applications et fenêtres
  2. double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  3. s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
    • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
      Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
    • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
      main.txt <- ouvert en premier plan et en plein écran
      extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)

S'il s'agit d'une utilisation supplémentaire de DSS :

  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

[*] copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post

[*] copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)

[*] n'oublie pas de réactiver les protections si elles ont été stoppées.

A bientôt.

kighafars Member

kighafars

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Merci pour ton aide et bonne année 2008.

 

Ok pour toutes tes recommendations, j'ai choisi de garder KASPER et désinstaller les autres. En examinant le log j'ai oublié de désinstaller registrybooster 2, je crois pas qu'il va nous poser des soucis, j'ai viré spybot, a2 , program checker et autres. Désolé de te répondre si tard mais j'ai passé la nuit à comprendre la formation de HJT sur le site, mais je crois que la fatigue m'a vaincue avant que je puisse tout comprendre. Mon premier ordi etait un ZX81 donc imagine l'ecart d'années lumière qui existe avec maintenant.

 

Avec DSS tout ok , je poste les 2 logs.

 

 

Deckard's System Scanner v20071014.68

Run by kighafars on 2008-01-20 15:23:24

Computer is in Safe Mode with Networking.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

5: 2008-01-19 04:52:52 UTC - RP200 - Installed Kaspersky Anti-Virus 7.0.

4: 2008-01-18 20:48:58 UTC - RP199 - Windows Update

3: 2008-01-18 01:04:20 UTC - RP198 - Windows Update

2: 2008-01-17 05:11:16 UTC - RP197 - Point de contrôle planifié

1: 2008-01-16 00:44:56 UTC - RP196 - Windows Update

 

 

Backed up registry hives.

Performed disk cleanup.

 

Total Physical Memory: 1022 MiB (1024 MiB recommended).

 

 

-- HijackThis (run as kighafars.exe) -------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:28:08, on 20/01/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Users\kighafars\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\kighafars.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\KIGHAF~1\AppData\Local\Temp\rlwlahfr.dll",b

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

 

--

End of file - 12009 bytes

 

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

 

backup-20080120-014451-360 O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

backup-20080120-014451-841 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

 

S1 Hotkey - c:\windows\system32\drivers\hotkey.sys

S1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)

S2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>

S2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>

S2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>

S2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>

S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)

S2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p

S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>

S3 ISPwdSvc (Validation de mot de passe Symantec IS) - "c:\program files\norton internet security\ispwdsvc.exe" (file missing)

S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)

S3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; >

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-01-19 02:48:33 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{D6C44664-8464-4953-82CC-615120DA2D41}.job

2008-01-18 20:21:33 532 --a------ C:\Windows\Tasks\Norton Internet Security - Analyse système complète - kighafars.job

2008-01-18 15:00:00 416 --a------ C:\Windows\Tasks\Norton Security Scan.job

 

 

-- Files created between 2007-12-20 and 2008-01-20 -----------------------------

 

2008-01-20 01:54:42 0 d-------- C:\Program Files\a-squared Anti-Malware

2008-01-19 20:21:44 0 d-------- C:\Program Files\Trend Micro

2008-01-19 20:21:26 0 d-------- C:\HJT

2008-01-19 05:57:20 91492 --a------ C:\Windows\system32\drivers\klin.dat

2008-01-19 05:57:19 85860 --a------ C:\Windows\system32\drivers\klick.dat

2008-01-19 05:54:29 2999840 --ahs---- C:\Windows\system32\drivers\fidbox.dat

2008-01-19 05:54:28 0 d-------- C:\Users\All Users\Kaspersky Lab

2008-01-19 05:54:28 0 d-------- C:\Program Files\Kaspersky Lab

2008-01-19 05:30:36 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files

2008-01-19 03:37:24 0 d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-01-18 22:40:35 0 d-------- C:\Windows\system32\QVJGTGljZW5zZUluZm8= <QVJGTG~1>

2008-01-18 22:40:25 0 d-------- C:\Program Files\Advanced Registry Fix

2008-01-18 22:28:55 0 d-------- C:\Windows\RegistryCleaner

2008-01-18 18:26:19 0 d-------- C:\VundoFix Backups

2008-01-18 12:30:02 0 d-------- C:\Program Files\PKR

2008-01-16 18:35:14 44544 --a------ C:\Windows\system32\GIF89.DLL <Not Verified; ; Gif89 Module>

2008-01-16 18:35:09 40960 --a------ C:\Windows\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>

2008-01-16 18:35:09 15360 --a------ C:\Windows\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>

2008-01-16 18:35:08 141312 --a------ C:\Windows\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>

2008-01-16 18:35:08 32768 --a------ C:\Windows\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>

2008-01-16 18:35:07 0 d-------- C:\Program Files\Free Easy Burner

2008-01-16 12:33:37 0 d-------- C:\Program Files\Common Files\PX Storage Engine

2008-01-09 12:18:12 3596288 --a------ C:\Windows\system32\qt-dx331.dll

2008-01-09 12:16:10 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>

2008-01-09 12:16:10 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>

2008-01-09 12:16:02 802816 --a------ C:\Windows\system32\divx_xx11.dll <DIVX_X~3.DLL> <Not Verified; DivX, Inc.; DivX?>

2008-01-09 12:16:02 823296 --a------ C:\Windows\system32\divx_xx0c.dll <DIVX_X~1.DLL> <Not Verified; DivX, Inc.; DivX®>

2008-01-09 12:16:02 823296 --a------ C:\Windows\system32\divx_xx07.dll <DIVX_X~2.DLL> <Not Verified; DivX, Inc.; DivX®>

2008-01-09 12:16:02 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

2008-01-06 20:36:29 0 d-------- C:\Program Files\PowerISO

2008-01-06 15:41:54 0 d-------- C:\Program Files\Alwil Software

2008-01-04 18:24:13 0 d-------- C:\IDHSTOCK

2008-01-04 18:23:56 0 d-------- C:\Users\All Users\{FD1513DF-3090-4FB5-A6DB-B06E4E146E56}

2008-01-04 18:23:50 0 d-------- C:\Program Files\Idh Products

2008-01-01 22:46:53 0 d-------- C:\Poker

2007-12-28 22:32:14 685816 --a------ C:\Windows\system32\drivers\sptd.sys

2007-12-25 23:18:49 21248 --a------ C:\Windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

2007-12-25 23:18:47 0 d-------- C:\Program Files\Common Files\ArcSoft

2007-12-25 23:18:40 143360 --a------ C:\Windows\system32\PhotoBase Screen Saver.scr <PHOTOB~1.SCR> <Not Verified; ArcSoft Inc.; PhotoBase Screen Saver>

2007-12-25 23:16:13 212480 --a------ C:\Windows\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>

2007-12-25 23:16:13 0 d-------- C:\Program Files\ArcSoft

2007-12-25 15:11:27 495616 --a------ C:\Windows\system32\PICSDK2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>

2007-12-25 15:11:27 73728 --a------ C:\Windows\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>

2007-12-25 15:11:27 77824 --a------ C:\Windows\system32\PICEntry.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>

2007-12-25 15:11:27 114688 --a------ C:\Windows\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>

2007-12-25 15:11:27 111932 --a------ C:\Windows\system32\EPPICPrinterDB.dat <EP2DCB~1.DAT>

2007-12-25 15:11:27 1139 --a------ C:\Windows\system32\EPPICPresetData_PT.dat <EPF40C~1.DAT>

2007-12-25 15:11:27 1120 --a------ C:\Windows\system32\EPPICPresetData_IT.dat <EPF8EB~1.DAT>

2007-12-25 15:11:27 1107 --a------ C:\Windows\system32\EPPICPresetData_GE.dat <EPB0EF~1.DAT>

2007-12-25 15:11:27 1129 --a------ C:\Windows\system32\EPPICPresetData_FR.dat <EPECD3~1.DAT>

2007-12-25 15:11:27 1136 --a------ C:\Windows\system32\EPPICPresetData_ES.dat <EPF8D7~1.DAT>

2007-12-25 15:11:27 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat <EPD8D3~1.DAT>

2007-12-25 15:11:27 1146 --a------ C:\Windows\system32\EPPICPresetData_DU.dat <EPF4DF~1.DAT>

2007-12-25 15:11:27 1129 --a------ C:\Windows\system32\EPPICPresetData_CF.dat <EPB0D3~1.DAT>

2007-12-25 15:11:27 1139 --a------ C:\Windows\system32\EPPICPresetData_BP.dat <EPECCB~1.DAT>

2007-12-25 15:11:27 4943 --a------ C:\Windows\system32\EPPICPattern6.dat <EPE400~1.DAT>

2007-12-25 15:11:27 21390 --a------ C:\Windows\system32\EPPICPattern5.dat <EPE000~1.DAT>

2007-12-25 15:11:27 11811 --a------ C:\Windows\system32\EPPICPattern4.dat <EPECFF~1.DAT>

2007-12-25 15:11:27 24903 --a------ C:\Windows\system32\EPPICPattern3.dat <EPE8FF~1.DAT>

2007-12-25 15:11:27 20148 --a------ C:\Windows\system32\EPPICPattern2.dat <EPPICP~4.DAT>

2007-12-25 15:11:27 31053 --a------ C:\Windows\system32\EPPICPattern131.dat <EPPICP~3.DAT>

2007-12-25 15:11:27 27417 --a------ C:\Windows\system32\EPPICPattern121.dat <EPPICP~2.DAT>

2007-12-25 15:11:27 26154 --a------ C:\Windows\system32\EPPICPattern1.dat <EPPICP~1.DAT>

2007-12-25 15:11:27 65536 --a------ C:\Windows\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>

2007-12-25 15:10:43 0 d-------- C:\Program Files\Panasonic

2007-12-25 12:53:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-01-20 15:20:13 0 d-------- C:\Users\kighafars\AppData\Roaming\BitTorrent

2008-01-20 03:19:19 0 d-------- C:\Users\kighafars\AppData\Roaming\Skype

2008-01-20 03:18:49 13213 --a------ C:\Users\kighafars\AppData\Roaming\nvModes.dat

2008-01-20 03:18:49 13213 --a------ C:\Users\kighafars\AppData\Roaming\nvModes.001

2008-01-20 00:23:13 0 d-------- C:\Users\kighafars\AppData\Roaming\Uniblue

2008-01-19 05:39:13 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-01-19 04:26:08 0 d-------- C:\Users\kighafars\AppData\Roaming\iExpert Software

2008-01-18 21:55:08 0 d-------- C:\Program Files\Windows Mail

2008-01-18 21:49:55 0 d-------- C:\Program Files\Windows Sidebar

2008-01-16 22:45:40 0 d-------- C:\Users\kighafars\AppData\Roaming\BSplayer

2008-01-16 12:34:08 0 d-------- C:\Program Files\DivX

2008-01-16 12:33:37 0 d-------- C:\Program Files\Common Files

2008-01-12 18:28:31 690832 --a------ C:\Windows\system32\perfh00C.dat

2008-01-12 18:28:31 117572 --a------ C:\Windows\system32\perfc00C.dat

2008-01-12 18:28:13 0 d-------- C:\Users\kighafars\AppData\Roaming\U3

2008-01-06 14:53:09 0 d-------- C:\Users\kighafars\AppData\Roaming\BitTorrent DNA

2007-12-28 22:41:14 0 d-------- C:\Users\kighafars\AppData\Roaming\DAEMON Tools Pro

2007-12-28 22:15:17 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-12-28 22:15:10 0 d-------- C:\Program Files\NewTech Infosystems

2007-12-25 23:19:36 0 d-------- C:\Users\kighafars\AppData\Roaming\Arcsoft

2007-12-25 15:12:31 0 d-------- C:\Users\kighafars\AppData\Roaming\Panasonic

2007-12-25 15:09:40 0 d-------- C:\Users\kighafars\AppData\Roaming\InstallShield

2007-12-18 21:39:01 0 d-------- C:\Program Files\Zuma deluxe

2007-12-11 20:43:44 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll <DIVXWM~1.DLL>

2007-12-10 21:55:01 0 d-------- C:\Users\kighafars\AppData\Roaming\Nero

2007-12-10 21:53:04 0 d-------- C:\Program Files\Common Files\Nero

2007-12-10 21:48:24 0 d-------- C:\Program Files\Nero

2007-12-07 14:44:14 0 d-------- C:\Program Files\Activision Value

2007-12-01 00:24:34 0 d-------- C:\Program Files\Java

2007-12-01 00:07:29 0 d-------- C:\Program Files\Common Files\Java

2007-11-24 14:43:08 0 d-------- C:\Program Files\Micro Application

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [29/10/2007 16:06 266240]

 

[-HKEY_CLASSES_ROOT\CLSID\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20/06/2007 22:55]

"RtHDVCpl"="RtHDVCpl.exe" [09/11/2006 19:57 C:\Windows\RtHDVCpl.exe]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23/10/2006 20:00]

"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" []

"NvSvc"="C:\Windows\system32\nvsvc.dll" [20/12/2006 21:50]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [20/12/2006 21:50]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [20/12/2006 21:50]

"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 12:36]

"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [10/01/2007 10:34]

"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [29/08/2006 08:26]

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09/11/2006 13:37]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [19/06/2007 20:42]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 09:22]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 01:04]

"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [19/10/2007 20:16]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 01:05]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]

"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" []

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" []

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [18/12/2007 00:43]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [18/01/2008 21:49]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/06/2007 20:40]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [22/08/2007 23:19]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:55]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]

"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [18/10/2007 16:42]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 15:35]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]

"2aa81b5c"="C:\Users\KIGHAF~1\AppData\Local\Temp\rlwlahfr.dll,b" []

"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"GrpConv"=grpconv -o

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [10/12/2006 11:48:33]

LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [25/12/2007 15:10:44]

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [19/06/2007 20:40:12]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command- G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a29f2e8-ada8-11dc-9ad3-00197e28204b}]

AutoRun\command- G:\ecoburotic.exe

 

*Newly Created Service* - COMHOST

*Newly Created Service* - ECACHE

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- End of Deckard's System Scanner: finished at 2008-01-20 15:30:45 ------------

 

 

 

 

 

 

Log de extra.txt

 

 

 

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft® Windows Vista Édition Familiale Premium (build 6000)

Architecture: X86; Language: French

 

CPU 0: Genuine Intel® CPU T2080 @ 1.73GHz

Percentage of Memory in Use: 38%

Physical Memory (total/avail): 1021.56 MiB / 631.89 MiB

Pagefile Memory (total/avail): 2309.5 MiB / 2033.52 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1915.71 MiB

 

C: is Fixed (NTFS) - 51.99 GiB total, 18.79 GiB free.

D: is Fixed (NTFS) - 51.98 GiB total, 14.57 GiB free.

E: is CDROM (CDFS)

 

\\.\PHYSICALDRIVE0 - Hitachi HTS541212H9AT00 ATA Device - 111.79 GiB - 3 partitions

\PARTITION0 - Unknown - 7.81 GiB

\PARTITION1 (bootable) - Système de fichiers installable - 51.99 GiB - C:

\PARTITION2 - Système de fichiers installable - 51.98 GiB - D:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is set to notify before install.

Windows Internal Firewall is disabled.

 

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled

AV: Avira AntiVir PersonalEdition v 7.0.1.194

(Avira GmbH)

AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab)

AV: Norton Internet Security v2007 (Symantec Corporation) Disabled Outdated

AS: Avira AntiVir PersonalEdition v 7.0.1.194

(Avira GmbH)

AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

AS: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab)

AS: Norton Internet Security v2007 (Symantec Corporation) Disabled Outdated

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\kighafars\AppData\Roaming

CLASSPATH=.;C:\Program Files\QuickTime Alternative\QTSystem\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=PC-DE-KIGHAFARS

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\kighafars

LOCALAPPDATA=C:\Users\kighafars\AppData\Local

LOGONSERVER=\\PC-DE-KIGHAFARS

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0e0c

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\QuickTime Alternative\QTSystem\QTJava.zip

SAFEBOOT_OPTION=NETWORK

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\KIGHAF~1\AppData\Local\Temp

TMP=C:\Users\KIGHAF~1\AppData\Local\Temp

USERDOMAIN=PC-de-kighafars

USERNAME=kighafars

USERPROFILE=C:\Users\kighafars

windir=C:\Windows

 

 

-- User Profiles ---------------------------------------------------------------

 

kighafars (admin)

la taupe (new local, net ready)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL

--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL

--> C:\Windows\UNNeroShowTime.exe /UNINSTALL

--> C:\Windows\UNNeroVision.exe /UNINSTALL

--> C:\Windows\UNRecode.exe /UNINSTALL

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall

Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall

Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL

Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly

Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly

Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly

Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly

Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly

Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly

Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI

Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly

Acer OrbiCam --> C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\Setup.exe -runfromtemp -l0x040c -removeonly

Acer OrbiCam --> Rundll32.exe BisonR07.dll,WinMainRmv

Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly

Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log

Agere Systems HDA Modem --> agrsmdel

AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}\Setup.exe" -l0x40c

AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}

Bejeweled 2 Deluxe --> "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log"

BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe

BS.Player FREE powered by AdVantage --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

eMule --> "D:\eMule\Uninstall.exe"

Free Easy Burner V 2.0 --> "C:\Program Files\Free Easy Burner\unins000.exe"

Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Idh Products --> "C:\ProgramData\{FD1513DF-3090-4FB5-A6DB-B06E4E146E56}\setup-idh-stock.exe" REMOVE=TRUE MODIFY=FALSE

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}

Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}

Launch Manager V1.1.1.4 --> C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x040c -removeonly

LUMIX Simple Viewer --> C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x040c -removeonly

Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007 (Beta) --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRO /dll OSETUP.DLL

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MUSK Codec Pack v5 --> "C:\Program Files\MUSK Codec Pack v5\unins000.exe"

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly

NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI

On2 VP3 Video for Windows Codec --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9

Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}

Pando Toolbar --> rundll32 C:\PROGRA~1\PandoBar\bar\1.bin\PandoBar.dll,O

PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"

Poker 770 --> "C:\Poker\Poker 770\_SetupCasino.exe" /uninstall

PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"

PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall

QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}

QuickTime Alternative 1.81 --> "C:\Program Files\QuickTime Alternative\unins000.exe"

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}

Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}

Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}

Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}

Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}

Skype 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Texas Hold 'Em --> C:\PROGRA~1\MICROA~1\TEXASH~1\UNWISE.EXE C:\PROGRA~1\MICROA~1\TEXASH~1\INSTALL.LOG

Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409

Ugrib RC1 --> "C:\Program Files\GRIB.US\unins000.exe"

Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB934393) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}

Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}

Update for Outlook 2007 Junk Email Filter (kb936644) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2B581052-BF85-4AA6-91C5-7B0090712B65}

Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}

Update for Word 2007 (KB934173) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}

VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

VP6 VFW Codec --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9

Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}

Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

World Series of Poker: TOC --> C:\Program Files\Activision Value\World Series of Poker TOC\Uninstall.exe

XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"

Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\common\unyt.exe

Zuma Star-Wars --> C:\Program Files\Zuma deluxe\StarWars\Uninstal.exe

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type18926 / Warning

Event Submitted/Written: 01/20/2008 02:49:43 PM

Event ID/Source: 1015 / MsiInstaller

Event Description:

La connexion au serveur est impossible. Erreur : 0x8007043C

 

Event Record #/Type18925 / Warning

Event Submitted/Written: 01/20/2008 02:49:41 PM

Event ID/Source: 1015 / MsiInstaller

Event Description:

La connexion au serveur est impossible. Erreur : 0x8007043C

 

Event Record #/Type18924 / Error

Event Submitted/Written: 01/20/2008 02:49:38 PM

Event ID/Source: 8193 / System Restore

Event Description:

Échec de la création d’un point de restauration sur le volume (Processus = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE -Embedding ; Description = Configured Microsoft Office Enterprise 2007 ; Hr = 0x8007043c).

 

Event Record #/Type18923 / Warning

Event Submitted/Written: 01/20/2008 02:49:26 PM

Event ID/Source: 1015 / MsiInstaller

Event Description:

La connexion au serveur est impossible. Erreur : 0x8007043C

 

Event Record #/Type18922 / Warning

Event Submitted/Written: 01/20/2008 02:49:24 PM

Event ID/Source: 1015 / MsiInstaller

Event Description:

La connexion au serveur est impossible. Erreur : 0x8007043C

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type101501 / Warning

Event Submitted/Written: 01/20/2008 02:41:16 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

 

Event Record #/Type101499 / Error

Event Submitted/Written: 01/20/2008 02:40:54 PM

Event ID/Source: 10005 / DCOM

Event Description:

1084MSIServer{000C101C-0000-0000-C000-000000000046}

 

Event Record #/Type101262 / Warning

Event Submitted/Written: 01/20/2008 04:52:21 AM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

 

Event Record #/Type101246 / Warning

Event Submitted/Written: 01/20/2008 04:15:47 AM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

 

Event Record #/Type101234 / Warning

Event Submitted/Written: 01/20/2008 03:47:44 AM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

 

 

 

-- End of Deckard's System Scanner: finished at 2008-01-20 15:30:45 ------------

 

 

 

 

 

J'ai une interrogation sur rlwlahfr.dll c'est un dll que je n'arrive pas à trouver sur les bases de données dll et en plus au démarrage mode normal le system ne le trouve pas. Sans doute pas grave. :P

 

 

A+

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour kighafars :P

 

Tu as beaucoup de "restes" de Norton, nous verrons cela pour finir le nettoyage de ce côté là par la suite.

 

Désactive l'UAC pour les manipulations, il risque de nous gêner.

 

Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).

  • Démarrer > Panneau de Configuration
  • Double clique sur l'icône Comptes d'utilisateurs
  • Clique ensuite sur Désactiver et valide.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

 

-Redémarre en mode sans échec :

(En mode sans échec : seul les processus systèmes sont lancés il est donc plus facile de supprimer ce qui est infecté.)

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé,

Il y a un écran noir qui apparaît rapidement, tapote par alternance les touches [F8] et [F5] jusqu’à l'affichage du menu des options avancées de Windows. Sélectionne "Mode sans échec"et appuyer sur [Entrée].

  • Double-clique ATF-Cleaner.exe afin de lancer le programme.

  • Pour internet explorer
    Sous l'onglet Main, choisis : Select All
    Clique sur le bouton Empty Selected

  • Pour Firefox
    Sous l'onglet Firefox, choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

  • Clique Exit, du menu prinicipal, afin de fermer le programme.

Relance un scan HijackThis

  • Clique sur Do a system scan only et coche les lignes ci-dessous (si présentes):

  • O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\KIGHAF~1\AppData\Local\Temp\rlwlahfr.dll",b

  • Ferme toutes les fenêtres sauf HijackThis et Fix Checked.

  • Lance AVG AS et clique sur Analyse
  • Puis sur l'onglets Puis l'onglet Paramètres, pour Comment réagir ? sélectionne Actions recommandées puis Quarantaine
  • Reviens a l'onglet Analyse et clique sur Analyse complète du système, le scan démarre
  • Si un fichier infecté a été détecté, en fin d'analyse clique sur Appliquer toutes les actions
  • Clique sur Enregistrer le rapport et pour finir Enregistrer le rapport sous, enregistre sur le Bureau

  • Redémarre en mode normal et poste :
  • le rapport AVG AS
  • un nouveau log hijackthis
  • le rapport Vundofix

A bientôt.

kighafars Member

kighafars

Posté(e)
  • Auteur
Posté(e)

Bonjour GOF,

 

Vundo fait , pas de fichiers infectés détectés --> pas de rapport

ATF Cleaner fait

AVG AS fait --> que des cookies

 

 

AVG Log

 

 

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 14:52:50 21/01/2008

 

+ Résultat de l'analyse:

 

 

 

:mozilla.411:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.412:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.413:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@oasc08008.247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.

:mozilla.312:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.313:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.314:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.315:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.316:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.317:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.318:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.319:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.320:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.321:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.322:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.323:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.324:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.487:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.563:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.610:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.656:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@divx.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@divx.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.183:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.184:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.185:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.188:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.189:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.190:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

:mozilla.191:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.

:mozilla.243:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.

:mozilla.244:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.

:mozilla.46:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.47:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.48:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.49:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.50:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.

:mozilla.263:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.

:mozilla.839:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé.

:mozilla.398:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.

:mozilla.399:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.

:mozilla.555:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@estat[1].txt -> TrackingCookie.Estat : Nettoyé.

:mozilla.376:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.

:mozilla.377:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.

:mozilla.625:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.

:mozilla.626:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.

:mozilla.367:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Linkbuddies : Nettoyé.

:mozilla.267:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.

:mozilla.269:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.

:mozilla.270:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.

:mozilla.69:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.

:mozilla.70:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.

:mozilla.305:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.

:mozilla.306:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.

:mozilla.307:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@overture[1].txt -> TrackingCookie.Overture : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.

:mozilla.714:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.

:mozilla.715:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.

:mozilla.311:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.325:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.326:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.327:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.328:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.329:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.

:mozilla.488:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.740:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.741:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.742:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.743:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.744:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.745:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@site.skype[1].txt -> TrackingCookie.Skype : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@skype[1].txt -> TrackingCookie.Skype : Nettoyé.

:mozilla.17:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.23:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.24:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.25:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.26:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.767:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.768:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

:mozilla.769:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé.

:mozilla.295:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.

:mozilla.30:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.32:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.33:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\kighafars@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.357:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.

:mozilla.77:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.

:mozilla.152:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.153:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.154:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.155:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.156:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.157:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.158:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.159:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

:mozilla.160:C:\Users\kighafars\AppData\Roaming\Mozilla\Firefox\Profiles\koalbhky.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.

C:\Users\kighafars\AppData\Roaming\Microsoft\Windows\Cookies\Low\kighafars@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.

 

 

Fin du rapport

 

HJT Log

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:15:35, on 21/01/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Launch Manager\WButton.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Pando Networks\Pando\pando.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

 

--

End of file - 11784 byte

 

 

 

 

Les fonctions de windows ne fonctionne tjrs pas en mode normal (programme ne répond pas, vaable pour explorer panneau de config etc...:P

 

Toujours des traces de Norton. Norton et Nero sont 2 programmes que je n'arrive pas à désinstaller complètement magré removal tools spécifiques.

 

J'ai toujours des lancement de setup de programmes intempestifs.

 

A Bientot , je reste connect.

kighafars Member

kighafars

Posté(e)
  • Auteur
Posté(e)

RE bonjour GOF,

 

 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

 

protocol rarement baddie mais grande suspicion autour d'OFFICE 12 , son setup n'arrete pas de se lancer quand je veux ouvrir explorer, panneau de config et autres.

PB je n'arrive pas à désinstaller OFFICE 12.

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re :P

 

Les fonctions de windows ne fonctionne tjrs pas en mode normal (programme ne répond pas, vaable pour explorer panneau de config etc..
Curieux. Je ne vois rien d'infectieux qui pourrait justifier de tels symptômes, cela ressemble à des soucis d'ordre software. Effectue les manipulations suivantes, et tu me diras si tu as constaté du mieux à l'issue, après avoir redémarré.

 

Je te fais exécuter une manipulaton pour supprimer des restes "norton" et "nero" puisque tu m'en parles.

 

Relance un scan HijackThis

  • Clique sur Do a system scan only et coche les lignes ci-dessous :

  • O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

  • Ferme toutes les fenêtres sauf HijackThis et Fix Checked.

Copie-colle le texte suivant (dans la codebox) dans le bloc-notes: 

EDIT

Assure toi que le retour automatique à la ligne n'est pas activé
Sauvegarde comme fix.bat sur le Bureau :
Nom: fix.bat
Type: Tous les fichiers

Localise fix.bat sur le Bureau (il aura cette icône -> 626cce59e4b369e7c736907d8fc6.jpg ), double-clique dessus et poste le contenu du bloc-notes.

 

Ta version d'Adobe n'est pas à jour, je te conseille d'effectuer une mise à jour.

 

Redémarre, et effectue un nouveau rapport HijackThis.

 

A plus tard. :P

kighafars Member

kighafars

Posté(e)
  • Auteur
Posté(e)

Hi GOF,

 

 

rapport du fix.bat

 

 

C:\Windows\system32>21/01/20081>c:\a.txt

'21' n'est pas reconnu en tant que commande interne

ou externe, un programme exécutable ou un fichier de commandes.

 

C:\Windows\system32>C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNIN

STALL 1>>c:\a.txt

'C:\Program' n'est pas reconnu en tant que commande interne

ou externe, un programme exécutable ou un fichier de commandes.

 

C:\Windows\system32>C:\Windows\UNNeroBackItUp.exe /UNINSTALL 1>>c:\a.txt

 

C:\Windows\system32>C:\Windows\UNNeroMediaHome.exe /UNINSTALL 1>>c:\a.txt

 

C:\Windows\system32>C:\Windows\UNNeroShowTime.exe /UNINSTALL 1>>c:\a.txt

 

C:\Windows\system32>C:\Windows\UNNeroVision.exe /UNINSTALL 1>>c:\a.txt

 

 

 

 

 

 

 

 

rapport HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:06:26, on 21/01/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Launch Manager\WButton.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Pando Networks\Pando\pando.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll eNetHook.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

 

--

End of file - 11178 bytes

 

 

J'aimerais aussi désinstaller OFFICE 12, comment dois je m'y prendre?

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour :P

 

J'ai fait une petite erreur de rédaction, veux tu bien recommencer (supprime le fichier précédemment créé):

 

Copie-colle le texte suivant (dans la codebox) dans le bloc-notes: 

echo %date%>c:\a.txt
"C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL" >>c:\a.txt
"C:\Windows\UNNeroBackItUp.exe /UNINSTALL" >>c:\a.txt
"C:\Windows\UNNeroMediaHome.exe /UNINSTALL" >>c:\a.txt
"C:\Windows\UNNeroShowTime.exe /UNINSTALL" >>c:\a.txt
"C:\Windows\UNNeroVision.exe /UNINSTALL" >>c:\a.txt
"C:\Windows\UNRecode.exe /UNINSTALL" >>c:\a.txt
sc stop "Nero BackItUp Scheduler 3" >>c:\a.txt
sc delete "Nero BackItUp Scheduler 3" >>c:\a.txt
sc stop NMIndexingService >>c:\a.txt
sc delete NMIndexingService >>c:\a.txt
sc stop "Symantec Core LC" >>c:\a.txt
sc delete "Symantec Core LC" >>c:\a.txt
rd /s /q "C:\Program Files\Common Files\Nero" >>c:\a.txt
rd /s /q "C:\Program Files\Nero" >>c:\a.txt
rd /s /q C:\Program Files\Symantec >>c:\a.txt
rd /s /q "C:\Program Files\Common Files\Symantec Shared" >>c:\a.txt
echo Fin batch >>c:\a.txt
notepad c:\a.txt

Assure toi que le retour automatique à la ligne n'est pas activé
Sauvegarde comme fix.bat sur le Bureau :
Nom: fix.bat
Type: Tous les fichiers

Localise fix.bat sur le Bureau (il aura cette icône -> 626cce59e4b369e7c736907d8fc6.jpg ), double-clique dessus et poste le contenu du bloc-notes.

kighafars Member

kighafars

Posté(e)
  • Auteur
Posté(e)

Salut GOF,

 

Comment ça tu as fait une erreur !!! à une époque on en a brulé sur le bucher pour moins que ça :P

 

 

 

fix.bat me donne 2 rapports un en DOS , l'autre en text . Je te les mets tous les 2.

 

Pour le pb de mes lancements de programmes qui freezent et des dumps en mode normal, je crois avoir une bonne idée. Je suis allé faire un tour sur les forums du KasperskyLabs club et apparament bcp d'utilisateurs sous vista et sous xp sp3 utilisant la dernière version de KAV (7.0.1.321 c.a.d la meme que moi) expériencent les memes pb . fix prévu pour xpsp2 mais pas pour les autres pour l'instant. :P ça s'améliore petit à petit à travers parait il les updates mais c quand meme la galère surtout pour le surf . Seule possibilité attendre les dév. de KLabs ou repasser en version 7.0.1.125. C'est peut etre une info qui peut interesser la communauté ?

 

 

Par contre, je suis de + en +persuader que qqchose est attaché au setup d'OFFICE 12 qui n'arrete pas de se lancer . Je n'arrive pas à le supprimer ce p :P t :P in de logiciel à la con .

 

LOG de FIX.BAT en DOS

 

C:\Windows\system32>echo 22/01/2008 1>c:\a.txt

 

C:\Windows\system32>"C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNI

NSTALL" 1>>c:\a.txt

Le chemin d'accès spécifié est introuvable.

 

C:\Windows\system32>"C:\Windows\UNNeroBackItUp.exe /UNINSTALL" 1>>c:\a.txt

Le nom de répertoire est incorrect.

 

C:\Windows\system32>"C:\Windows\UNNeroMediaHome.exe /UNINSTALL" 1>>c:\a.txt

Le nom de répertoire est incorrect.

 

C:\Windows\system32>"C:\Windows\UNNeroShowTime.exe /UNINSTALL" 1>>c:\a.txt

Le nom de répertoire est incorrect.

 

C:\Windows\system32>"C:\Windows\UNNeroVision.exe /UNINSTALL" 1>>c:\a.txt

Le nom de répertoire est incorrect.

 

C:\Windows\system32>"C:\Windows\UNRecode.exe /UNINSTALL" 1>>c:\a.txt

Le nom de répertoire est incorrect.

 

C:\Windows\system32>sc stop "Nero BackItUp Scheduler 3" 1>>c:\a.txt

 

C:\Windows\system32>sc delete "Nero BackItUp Scheduler 3" 1>>c:\a.txt

 

C:\Windows\system32>sc stop NMIndexingService 1>>c:\a.txt

 

C:\Windows\system32>sc delete NMIndexingService 1>>c:\a.txt

 

C:\Windows\system32>sc stop "Symantec Core LC" 1>>c:\a.txt

 

C:\Windows\system32>sc delete "Symantec Core LC" 1>>c:\a.txt

 

C:\Windows\system32>rd /s /q "C:\Program Files\Common Files\Nero" 1>>c:\a.txt

Le fichier spécifié est introuvable.

 

C:\Windows\system32>rd /s /q "C:\Program Files\Nero" 1>>c:\a.txt

C:\Program Files\Nero\Nero8\NEROBA~1\NBShell.dll - Accès refusé.

C:\Program Files\Nero\Nero8\NEROBA~1 - Accès refusé.

C:\Program Files\Nero\Nero8 - Accès refusé.

Accès refusé.

 

C:\Windows\system32>rd /s /q C:\Program Files\Symantec 1>>c:\a.txt

Le fichier spécifié est introuvable.

Le chemin d'accès spécifié est introuvable.

 

C:\Windows\system32>rd /s /q "C:\Program Files\Common Files\Symantec Shared" 1>

>c:\a.txt

Le fichier spécifié est introuvable.

 

C:\Windows\system32>echo Fin batch 1>>c:\a.txt

 

C:\Windows\system32>notepad c:\a.txt

 

 

 

LOG de FIX.BAT en Text

 

 

22/01/2008

[sC] OpenService ‚chec(s) 1060 :

 

Le service sp‚cifi‚ n'existe pas en tant que service install‚.

 

[sC] OpenService ‚chec(s) 1060 :

 

Le service sp‚cifi‚ n'existe pas en tant que service install‚.

 

[sC] OpenService ‚chec(s) 1060 :

 

Le service sp‚cifi‚ n'existe pas en tant que service install‚.

 

[sC] OpenService ‚chec(s) 1060 :

 

Le service sp‚cifi‚ n'existe pas en tant que service install‚.

 

[sC] OpenService ‚chec(s) 1060 :

 

Le service sp‚cifi‚ n'existe pas en tant que service install‚.

 

[sC] OpenService ‚chec(s) 1060 :

 

Le service sp‚cifi‚ n'existe pas en tant que service install‚.

 

Fin batch

 

 

 

Je te remercie pour tout ton temps que tu me consacres. :P:P mais tu dors quand??? :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...