un de plus !

[stephanes]

Bonsoir, et merci d'entretenir ce lieu indispensable.

 

 

Vista antispyware est arrivé aussi chez moi, et en plusieurs exemplaires apparemment. Je suis donc venu sur le forum et ai lu les problèmes de mes petits camarades... J'ai téléchargé Malwarebytes antimalware hier soir. Je l'ai mis à jour, je l'ai lancé.

 

Ce soir, le PC est d'une lenteur rare. Cela n'a peut-être rien à voir.

 

 

Voici déjà le rapport du scann d'hier:

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3742

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

 

16/02/2010 00:19:20

mbam-log-2010-02-16 (00-19-20).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 363192

Temps écoulé: 1 hour(s), 53 minute(s), 23 second(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 8

Fichier(s) infecté(s): 37

 

Processus mémoire infecté(s):

C:\Users\Stéphane\AppData\Local\av.exe (Rogue.MultipleAV) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MessengerSkinner.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iwcaqyg (Trojan.Agent.H) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\download (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Users\Stéphane\Local Settings\Application Data\iwcaqyg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Users\Stéphane\Local Settings\Application Data\iwcaqyg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Users\Stéphane\Local Settings\Application Data\iwcaqyg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Users\Les enfants\AppData\Local\Temp\~DFF08A.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\download\defaultPack.cab (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\appconfig.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnBnr.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnIn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnInOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnNormal.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnOver.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program Files\MessengerSkinner\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Users\Stéphane\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\Users\Stéphane\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.

C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

[Thanos]

Salut et bienvenue sur le forum

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton .

(bouton qui se trouve entre "Flash" et "Nouveau")

 

*********

 

MBAM a déjà bien déblayé le terrain! on va voir ce qu'il reste à nettoyer >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

********

 

Note importante: L'infection navipromo est véhiculée par des logiciels qu'il faut fuir absolument!! en voici une liste non exhaustive pour ne pas tomber dans le piège à nouveau >

• Funky Emoticons
  
• Games-AttacK
  
• Original-Solitaire
  
• go-astro
  
• Live-Player
  
• GoRecord
  
• HotTVPlayer
  
• MailSkinner
  
• Messenger Skinner
  
• Instant Access
  
• InternetGameBox
  
• sudoplanet
  
• Webmediaplayer sauf celui provenant du site suivant > http://www.azertysite.new.fr/
  

D'une manière générale, méfie toi des utilitaires que tu télécharges!! Utilise Google pour voir si ce n'est pas un logiciel qui installe un spyware : une simple recherche de quelques minutes te permettra de te faire une idée.

Par exemple tu as téléchargé InternetGameBox et MessengerSkinner : fais une recherche sur ces deux programmes et tu verras le nombre de discussion ou les gens se plaignent de publicité intempestives ....

[stephanes]

Merci pour ce début.

Voici le Log.tx

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Stéphane at 2010-02-17 22:45:25

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 5 GB (6%) free of 73 GB

Total RAM: 894 MB (27% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:46:18, on 17/02/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SFR\Kit\9props.exe

C:\Program Files\E-Color\True Internet Color\TICIcon.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTENE.EXE

C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe

C:\Users\Stéphane\Desktop\programmes et mises à jour\RSIT.exe

C:\Program Files\trend micro\Stéphane.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [?????????] ??????????????e

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EPSON PX700W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\Windows\TEMP\E_S3AA6.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Stéphane\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdb_device - - C:\Windows\system32\lxdbcoms.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 11713 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{14D920D5-7FFE-4E93-A306-1D8A7805C347}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]

DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-06 299008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-06 812528]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]

{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]

"Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe [2006-11-23 319488]

"Acer Tour"= []

"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

"eRecoveryService"= []

"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-06 464168]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

"F-PROT Antivirus Tray application"=C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [2008-04-21 1597832]

"au"=C:\Program Files\Dealio\DealioAU.exe [2008-05-26 595296]

"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-05-07 591696]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

"????r"= []

"?????????"=??????????????e []

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"messengerskinner"=C:\Program Files\MessengerSkinner\MessengerSkinner.exe []

"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-21 68856]

"EPSON PX700W Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE [2008-04-07 188928]

"Connexion SFR 9props.exe"=C:\Program Files\SFR\Kit\9props.exe [2009-06-20 955712]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

True Internet Color Icon.lnk - C:\Program Files\E-Color\True Internet Color\TICIcon.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FPAVServer]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8650a6e4-346f-11dd-91b6-0019db571278}]

shell\AutoRun\command - start.exe

shell\iledefrance\command - start.exe

 

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2010-02-17 22:45:29 ----D---- C:\Program Files\trend micro

2010-02-17 22:45:25 ----D---- C:\rsit

2010-02-16 21:09:04 ----D---- C:\Windows\system32\vi-VN

2010-02-16 21:09:04 ----D---- C:\Windows\system32\eu-ES

2010-02-16 21:09:04 ----D---- C:\Windows\system32\ca-ES

2010-02-15 22:17:05 ----D---- C:\Users\Stéphane\AppData\Roaming\Malwarebytes

2010-02-15 22:16:55 ----D---- C:\ProgramData\Malwarebytes

2010-02-15 22:16:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-02-10 10:59:17 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-02-10 10:59:17 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-02-10 10:59:11 ----A---- C:\Windows\system32\tsbyuv.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\quartz.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\msyuv.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\msvidc32.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\msrle32.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\iyuv_32.dll

2010-02-10 10:59:10 ----A---- C:\Windows\system32\msvfw32.dll

2010-02-10 10:59:10 ----A---- C:\Windows\system32\mciavi32.dll

2010-02-10 10:59:10 ----A---- C:\Windows\system32\avifil32.dll

2010-01-22 10:31:01 ----A---- C:\Windows\system32\mshtml.dll

2010-01-22 10:31:00 ----A---- C:\Windows\system32\ieframe.dll

2010-01-22 10:30:59 ----A---- C:\Windows\system32\wininet.dll

2010-01-22 10:30:59 ----A---- C:\Windows\system32\urlmon.dll

2010-01-22 10:30:59 ----A---- C:\Windows\system32\occache.dll

2010-01-22 10:30:59 ----A---- C:\Windows\system32\msfeeds.dll

2010-01-22 10:30:59 ----A---- C:\Windows\system32\ieui.dll

2010-01-22 10:30:59 ----A---- C:\Windows\system32\iertutil.dll

2010-01-22 10:30:59 ----A---- C:\Windows\system32\iedkcs32.dll

2010-01-22 10:30:58 ----A---- C:\Windows\system32\msfeedssync.exe

2010-01-22 10:30:58 ----A---- C:\Windows\system32\msfeedsbs.dll

2010-01-22 10:30:58 ----A---- C:\Windows\system32\jsproxy.dll

2010-01-22 10:30:58 ----A---- C:\Windows\system32\ieUnatt.exe

2010-01-22 10:30:58 ----A---- C:\Windows\system32\iesysprep.dll

2010-01-22 10:30:58 ----A---- C:\Windows\system32\iesetup.dll

2010-01-22 10:30:58 ----A---- C:\Windows\system32\iernonce.dll

2010-01-22 10:30:58 ----A---- C:\Windows\system32\iepeers.dll

2010-01-22 10:30:58 ----A---- C:\Windows\system32\ie4uinit.exe

 

======List of files/folders modified in the last 1 months======

 

2010-02-17 22:45:42 ----D---- C:\Windows\Prefetch

2010-02-17 22:45:34 ----D---- C:\Windows\Temp

2010-02-17 22:45:29 ----RD---- C:\Program Files

2010-02-17 22:22:38 ----D---- C:\Windows\Tasks

2010-02-17 22:17:31 ----SHD---- C:\System Volume Information

2010-02-17 20:16:58 ----D---- C:\Windows\System32

2010-02-17 20:16:58 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-02-17 20:16:55 ----D---- C:\Windows\inf

2010-02-17 18:25:45 ----D---- C:\Windows\Microsoft.NET

2010-02-17 18:25:18 ----RSD---- C:\Windows\assembly

2010-02-17 17:56:54 ----D---- C:\ProgramData\Google Updater

2010-02-17 17:56:35 ----D---- C:\Program Files\Mozilla Firefox

2010-02-16 22:59:28 ----D---- C:\Windows\winsxs

2010-02-16 22:59:18 ----D---- C:\Windows\system32\catroot2

2010-02-16 22:59:18 ----D---- C:\Windows\system32\catroot

2010-02-16 21:36:45 ----D---- C:\Windows\rescache

2010-02-16 21:17:11 ----D---- C:\Windows

2010-02-16 21:17:02 ----SHD---- C:\Boot

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Sidebar

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Photo Gallery

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Media Player

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Mail

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Journal

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Collaboration

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Calendar

2010-02-16 21:09:31 ----D---- C:\Program Files\Movie Maker

2010-02-16 21:09:31 ----D---- C:\Program Files\Internet Explorer

2010-02-16 21:09:31 ----D---- C:\Program Files\Common Files\System

2010-02-16 21:09:30 ----D---- C:\Windows\servicing

2010-02-16 21:09:30 ----D---- C:\Windows\ehome

2010-02-16 21:09:30 ----D---- C:\Program Files\Windows Defender

2010-02-16 21:09:28 ----D---- C:\Windows\system32\XPSViewer

2010-02-16 21:09:28 ----D---- C:\Windows\system32\sk-SK

2010-02-16 21:09:28 ----D---- C:\Windows\system32\ru-RU

2010-02-16 21:09:28 ----D---- C:\Windows\system32\oobe

2010-02-16 21:09:28 ----D---- C:\Windows\system32\migration

2010-02-16 21:09:28 ----D---- C:\Windows\system32\lv-LV

2010-02-16 21:09:28 ----D---- C:\Windows\system32\ko-KR

2010-02-16 21:09:28 ----D---- C:\Windows\system32\it-IT

2010-02-16 21:09:28 ----D---- C:\Windows\system32\hr-HR

2010-02-16 21:09:28 ----D---- C:\Windows\system32\fr

2010-02-16 21:09:28 ----D---- C:\Windows\system32\et-EE

2010-02-16 21:09:28 ----D---- C:\Windows\system32\en-US

2010-02-16 21:09:28 ----D---- C:\Windows\system32\el-GR

2010-02-16 21:09:28 ----D---- C:\Windows\system32\de-DE

2010-02-16 21:09:28 ----D---- C:\Windows\system32\da-DK

2010-02-16 21:09:28 ----D---- C:\Windows\system32\AdvancedInstallers

2010-02-16 21:09:28 ----D---- C:\Windows\IME

2010-02-16 21:09:27 ----D---- C:\Windows\system32\fr-FR

2010-02-16 21:09:21 ----D---- C:\Windows\system32\sv-SE

2010-02-16 21:09:21 ----D---- C:\Windows\system32\setup

2010-02-16 21:09:21 ----D---- C:\Windows\system32\hu-HU

2010-02-16 21:09:21 ----D---- C:\Windows\system32\he-IL

2010-02-16 21:09:21 ----D---- C:\Windows\system32\fi-FI

2010-02-16 21:09:21 ----D---- C:\Windows\system32\cs-CZ

2010-02-16 21:09:20 ----D---- C:\Windows\system32\zh-TW

2010-02-16 21:09:20 ----D---- C:\Windows\system32\zh-CN

2010-02-16 21:09:20 ----D---- C:\Windows\system32\uk-UA

2010-02-16 21:09:20 ----D---- C:\Windows\system32\tr-TR

2010-02-16 21:09:20 ----D---- C:\Windows\system32\th-TH

2010-02-16 21:09:20 ----D---- C:\Windows\system32\sr-Latn-CS

2010-02-16 21:09:20 ----D---- C:\Windows\system32\SLUI

2010-02-16 21:09:20 ----D---- C:\Windows\system32\sl-SI

2010-02-16 21:09:20 ----D---- C:\Windows\system32\ro-RO

2010-02-16 21:09:20 ----D---- C:\Windows\system32\pt-PT

2010-02-16 21:09:20 ----D---- C:\Windows\system32\pl-PL

2010-02-16 21:09:20 ----D---- C:\Windows\system32\manifeststore

2010-02-16 21:09:20 ----D---- C:\Windows\system32\ja-JP

2010-02-16 21:09:20 ----D---- C:\Windows\system32\es-ES

2010-02-16 21:09:20 ----D---- C:\Windows\system32\drivers

2010-02-16 21:09:20 ----D---- C:\Windows\system32\bg-BG

2010-02-16 21:09:19 ----D---- C:\Windows\system32\wbem

2010-02-16 21:09:19 ----D---- C:\Windows\system32\nl-NL

2010-02-16 21:09:19 ----D---- C:\Windows\system32\nb-NO

2010-02-16 21:09:19 ----D---- C:\Windows\system32\lt-LT

2010-02-16 21:09:19 ----D---- C:\Windows\system32\ar-SA

2010-02-16 21:09:18 ----D---- C:\Windows\system32\pt-BR

2010-02-16 21:09:18 ----D---- C:\Windows\system32\migwiz

2010-02-16 21:09:09 ----RSD---- C:\Windows\Fonts

2010-02-16 21:09:09 ----D---- C:\Windows\AppPatch

2010-02-16 21:09:04 ----D---- C:\Windows\system32\Boot

2010-02-16 00:21:44 ----D---- C:\Windows\tapi

2010-02-15 22:16:55 ----HD---- C:\ProgramData

2010-02-07 12:05:47 ----D---- C:\Users\Stéphane\AppData\Roaming\Dofus 2

2010-02-06 19:03:34 ----SHD---- C:\Windows\Installer

2010-02-06 16:30:52 ----D---- C:\Program Files\Google

2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe

2010-01-21 17:51:14 ----D---- C:\Program Files\Free Video Converter

2010-01-21 14:24:12 ----D---- C:\Program Files\Microsoft Silverlight

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-13 6144]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 194560]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-18 24576]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-29 667648]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-12-14 49152]

R2 FPAVServer;F-PROT Antivirus for Windows system; C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2009-08-27 75424]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]

R2 lxdb_device;lxdb_device; C:\Windows\system32\lxdbcoms.exe [2007-02-02 537520]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]

S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-22 135664]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]

S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]

S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]

 

-----------------EOF-----------------

-----------------------------------------------------------------------------------------------------------------------------

et voici le fichier Info.

-----------------------------------------------------------------------------------------------------------------------------

 

info.txt logfile of random's system information tool 1.06 2010-02-17 22:46:26

 

======Uninstall list======

 

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x40c -u

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x40c -u

Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL

Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly

Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly

Acer Picture Slide DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\Setup.exe" -uninstall

Acer Plug and Record-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\Setup.exe" -uninstall

Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly

Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly

Acer Zone MagicDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\Setup.exe" -uninstall

Acer Zone Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\Setup.exe" -uninstall

Acer Zone MakeDisk-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\Setup.exe" -uninstall

Acer Zone SoftDMA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}

Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log

Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CanoScan Toolbox Ver4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x40c anything

Catalyst Control Center - Branding-->MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}

CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall

Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}

Deluxanoid Demo 1.2-->"C:\Users\Nicolas\Deluxanoid Demo\unins000.exe"

Dofus 1.21.0-->C:\Program Files\Dofus\uninstall.exe

Dofus 1.24.0-->C:\Program Files\Dofus\uninstall.exe

Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe

Dofus-->msiexec /qb /x {5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}

Dofus-->MsiExec.exe /I{5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}

Dofus-Arena-->C:\Users\Nicolas\DofusArena2\uninstall.exe

DofusBeta 1.27.0-->C:\Program Files\DofusBeta\uninstall.exe

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{DEDB47A3-C988-4A43-A645-E2CEA571E680}\SETUP.EXE -runfromtemp -l0x040c UNINST -removeonly

Epson Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\SETUP.EXE" -l0x40c -u

Epson Print CD-->C:\Program Files\InstallShield Installation Information\{D16A31F9-276D-4968-A753-FFEAC56995D0}\SETUP.EXE -runfromtemp -l0x040c -removeonly

EPSON PX700W Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSENE.EXE /R /APD /P:"EPSON PX700W Series"

EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r

EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Manuel-->C:\Program Files\EPSON\TPMANUAL\ESP_PX_TX_700W_800FW\FRA\USE_G\DOCUNINS.EXE

Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}

Favorit-->c:\users\stéphane\appdata\local\fepoo.bat

FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"

F-PROT Antivirus for Windows-->MsiExec.exe /I{E58B329B-FB28-4874-90DE-0D7CB2709267}

F-PROT Antivirus Updater Fix-->MsiExec.exe /I{F8A3A6BC-D68F-445B-B1BA-6F03A4352865}

Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"

Free Video Converter V 1.4-->"C:\Program Files\Free Video Converter\unins000.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Impression CD/DVD-->C:\Windows\IsUn040c.exe -f"C:\Program Files\printFIT\Impression CD-DVD\cdd4.isu"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}

J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Micro Application - Jeux de Pions-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Micro Application\Jeux de Pions\Uninst.isu"

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly

NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7

Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Outils Club Internet-->"C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe"

PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"

Prince of Persia Les Sables du Temps-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C453F13-6877-4D34-8816-009ABDE306DB}\setup.exe" -l0x40c

programme-->C:\Techno-Flash\DessTech 2.1\Désinstaller DessTech.exe

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Reg (DOFUS Audio Subsystem)-->msiexec /qb /x {3F900346-A316-BA88-B83C-2513F1260AD7}

Reg (DOFUS Audio Subsystem)-->MsiExec.exe /I{3F900346-A316-BA88-B83C-2513F1260AD7}

Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe

Sony Media Manager 2.2-->MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}

True Internet Color-->C:\Windows\IsUninst.exe -f"C:\Program Files\E-Color\True Internet Color\Uninst.isu" -c"C:\Program Files\E-Color\True Internet Color\TICUninstall.dll"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}

 

======Security center information======

 

AV: F-PROT Antivirus for Windows (disabled) (outdated)

AS: Windows Defender (disabled)

 

======System event log======

 

Computer Name: PC-de-la-maison

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB974571(Security Update) n’est pas applicable à ce système.

Record Number: 265883

Source Name: Microsoft-Windows-Servicing

Time Written: 20091014153356.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-la-maison

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB974571(Security Update) n’est pas applicable à ce système.

Record Number: 265875

Source Name: Microsoft-Windows-Servicing

Time Written: 20091014153352.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-la-maison

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB975517(Security Update) n’est pas applicable à ce système.

Record Number: 265856

Source Name: Microsoft-Windows-Servicing

Time Written: 20091014153334.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-la-maison

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB975517(Security Update) n’est pas applicable à ce système.

Record Number: 265855

Source Name: Microsoft-Windows-Servicing

Time Written: 20091014153333.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-la-maison

Event Code: 4374

Message: Windows Servicing a déterminé que ce package KB954155(Security Update) n’est pas applicable à ce système.

Record Number: 265829

Source Name: Microsoft-Windows-Servicing

Time Written: 20091014153152.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

=====Application event log=====

 

Computer Name: PC-de-la-maison

Event Code: 4096

Message: Found file, C:\Windows\TEMP\FPQ9AD5.tmp, infected with HTML/IFrame

 

For more information please visit http://www.f-prot.com/support/index.html

Record Number: 178921

Source Name: F-PROT Antivirus

Time Written: 20090708171909.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-la-maison

Event Code: 4096

Message: Found file, C:\Windows\TEMP\FPQ9AD5.tmp, infected with HTML/IFrame

 

For more information please visit http://www.f-prot.com/support/index.html

Record Number: 178920

Source Name: F-PROT Antivirus

Time Written: 20090708171909.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-la-maison

Event Code: 4096

Message: Found file, C:\Windows\TEMP\FPQ9AA5.tmp, infected with HTML/IFrame

 

For more information please visit http://www.f-prot.com/support/index.html

Record Number: 178919

Source Name: F-PROT Antivirus

Time Written: 20090708171909.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-la-maison

Event Code: 4096

Message: Found file, C:\Windows\TEMP\FPQ9AA5.tmp, infected with HTML/IFrame

 

For more information please visit http://www.f-prot.com/support/index.html

Record Number: 178918

Source Name: F-PROT Antivirus

Time Written: 20090708171909.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-la-maison

Event Code: 4096

Message: Found file, C:\Windows\TEMP\FPQ9A56.tmp, infected with HTML/IFrame

 

For more information please visit http://www.f-prot.com/support/index.html

Record Number: 178917

Source Name: F-PROT Antivirus

Time Written: 20090708171909.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

=====Security event log=====

 

Computer Name: PC-de-la-maison

Event Code: 1100

Message: Le service d’enregistrement des événements a été arrêté.

Record Number: 178384

Source Name: Microsoft-Windows-Eventlog

Time Written: 20090926080242.713111-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-la-maison

Event Code: 4647

Message: Fermeture de session initiée par l’utilisateur :

 

Sujet :

ID de sécurité : S-1-5-21-2464144183-1154641359-2484443709-1000

Nom du compte : Stéphane

Domaine du compte : PC-de-la-maison

ID d’ouverture de session : 0x2f278

 

Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.

Record Number: 178383

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090926080236.878711-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-la-maison

Event Code: 4672

Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

 

Privilèges : SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 178382

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090926080015.438311-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-la-maison

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : PC-DE-LA-MAISON$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

 

Type d’ouverture de session : 5

 

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Informations sur le processus :

ID du processus : 0x254

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Nom de la station de travail :

Adresse du réseau source : -

Port source : -

 

Informations détaillées sur l’authentification :

Processus d’ouverture de session : Advapi

Package d’authentification : Negotiate

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

 

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

 

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

 

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

 

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

 

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

 

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 178381

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090926080015.438311-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-la-maison

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : PC-DE-LA-MAISON$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

 

Informations sur le processus :

ID du processus : 0x254

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Adresse du réseau : -

Port : -

 

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 178380

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090926080015.438311-000

Event Type: Succès de l'audit

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=0f02

"NUMBER_OF_PROCESSORS"=2

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

 

-----------------EOF-----------------

[Thanos]

salut

 

Ok pas de fichiers douteux à l'horizon Je te prépare une petite procédure pour virer les restes...

[Thanos]

Désinstalle le programme suivant => Dealio Toolbar 3.4 et Search Settings 1.2

 

 

Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll

 

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll

 

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKCU\..\Run: [?????????] ??????????????e

O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe

 

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

 

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Stéphane\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html

 

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

-Ferme tous les programmes et clique sur "Fix Checked"

 

Note: Il est fort possible que des lignes citées ci-dessus n'aparraissent plus quand tu feras le scan hijackthis, c'est normal (après désinstallation des programmes).

 

Supprime ces répertoires si tu trouves >>

 

C:\Program Files\Search Settings

C:\Program Files\Dealio

C:\Users\Stéphane\AppData\LocalLow\Dealio

 

On va utiliser un autre petit porgramme pour nettoyer les restes de l'infection navipromo >>

 

Télécharge Navilog1(par IL-MAFIOSO) sur ton bureau

 

• Ensuite double clique sur navilog1.exe pour lancer l'installation.
  
• Une fois l'installation terminée, fait un clic droit avec ta souris sur le raccourci Navilog1 présent sur le bureau et choisis "exécuter en tant qu'administrateur"
   
   
  
• Laisse-toi guider. Appuie sur une touche quand on te le demande.
  
• Au menu principal, choisis 1 et valide.
   
  < Ne fais pas le choix 2 >
   
   
  
• Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
  
• Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.
   
  
• Patiente jusqu'au message "Scan terminé le......"
  
• Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.
  
• Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.
   
  
• PS : le rapport est, aussi, sauvegardé à la racine du disque dur C:\cleannavi.txt
  

[stephanes]

Je suis les recommandations.

Voici le Cleannavi:

 

Fix Navipromo version 4.0.6 commencé le 19/02/2010 22:02:53,88

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

 

Outil exécuté depuis C:\Program Files\navilog1

 

Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO

 

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 4300 @ 1.80GHz )

BIOS : )Phoenix - Award WorkstationBIOS v6.00PG

USER : Stéphane ( Not Administrator ! )

BOOT : Normal boot

 

Antivirus : F-PROT Antivirus for Windows 6.0 (Not Activated)

 

 

C:\ (Local Disk) - NTFS - Total:71 Go (Free:6 Go)

D:\ (Local Disk) - NTFS - Total:70 Go (Free:63 Go)

E:\ (CD or DVD)

H:\ (USB)

I:\ (USB)

J:\ (USB)

K:\ (USB)

 

 

Recherche executée en mode normal

 

Nettoyage exécuté au redémarrage de l'ordinateur

 

 

c:\progra~2\micros~1\windows\startm~1\programs\InternetGamebox supprimé !

c:\progra~2\micros~1\windows\startm~1\programs\MessengerSkinner supprimé !

c:\users\stphan~1\appdata\roaming\micros~1\windows\startm~1\programs\MessengerSkinner supprimé !

C:\Users\St‚phane\AppData\Roaming\MessengerSkinner supprimé !

C:\Users\LESENF~1\appdata\roaming\MessengerSkinner supprimé !

C:\Windows\pack.epk supprimé !

 

 

Nettoyage contenu C:\Windows\Temp effectué !

Nettoyage contenu C:\Users\STPHAN~1\AppData\Local\Temp effectué !

 

 

*** Sauvegarde du Registre vers dossier Safebackup ***

 

 

 

 

sauvegarde du Registre réalisée avec succès !

 

*** Nettoyage Registre ***

 

Nettoyage Registre Ok

 

 

 

 

*** Scan terminé 19/02/2010 22:13:14,81 ***

 

Modifié le 19 février 2010 par stephanes

[stephanes]

Et maintenant, est-ce que tout va bien?

 

Le PC reste lent à démarrer. Dois-je aller voir les tutoriaux?

[Thanos]

salut

 

Désolé d'avoir zappé ta réponse stephanes

 

J'aimerai que tu me poste un nouveau rapport RSIT pour voir si tout est clean.

Il n'y a plus de pubs intempestives lorsque tu surfes ?

[stephanes]

Bonsoir,

 

Merci de suivre ce vieux dossier

Pas de pub intempestive.

J'ai donc lancé RSIT. Je n'ai pas le fichier info, ni dans la barre des taches, ni dans C:\rsit

 

 

Voici au moins le Log.tx

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Stéphane at 2010-03-06 22:58:41

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 4 GB (6%) free of 73 GB

Total RAM: 894 MB (24% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:59:54, on 06/03/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SFR\Kit\9props.exe

C:\Program Files\E-Color\True Internet Color\TICIcon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Stéphane\Desktop\programmes et mises à jour\nettoyage PC\RSIT.exe

C:\Users\Stéphane\Desktop\programmes et mises à jour\nettoyage PC\Stéphane.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [?????????] ??????????????e

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EPSON PX700W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\Windows\TEMP\E_S3AA6.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdb_device - - C:\Windows\system32\lxdbcoms.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 9673 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{14D920D5-7FFE-4E93-A306-1D8A7805C347}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-06 299008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-06 812528]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-21 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]

"Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe [2006-11-23 319488]

"Acer Tour"= []

"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

"eRecoveryService"= []

"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-06 464168]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-21 149280]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

"F-PROT Antivirus Tray application"=C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [2008-04-21 1597832]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-05-07 591696]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

"????r"= []

"?????????"=??????????????e []

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-21 68856]

"EPSON PX700W Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE [2008-04-07 188928]

"Connexion SFR 9props.exe"=C:\Program Files\SFR\Kit\9props.exe [2009-06-20 955712]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

True Internet Color Icon.lnk - C:\Program Files\E-Color\True Internet Color\TICIcon.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FPAVServer]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8650a6e4-346f-11dd-91b6-0019db571278}]

shell\AutoRun\command - start.exe

shell\iledefrance\command - start.exe

 

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2010-02-27 17:11:28 ----D---- C:\Users\Stéphane\AppData\Roaming\dvdcss

2010-02-27 17:11:08 ----D---- C:\Users\Stéphane\AppData\Roaming\vlc

2010-02-24 08:45:48 ----A---- C:\Windows\system32\jscript.dll

2010-02-24 08:45:38 ----A---- C:\Windows\system32\tzres.dll

2010-02-21 11:58:42 ----A---- C:\Windows\system32\javaws.exe

2010-02-21 11:58:42 ----A---- C:\Windows\system32\javaw.exe

2010-02-21 11:58:42 ----A---- C:\Windows\system32\deploytk.dll

2010-02-21 11:58:41 ----A---- C:\Windows\system32\java.exe

2010-02-19 22:02:53 ----A---- C:\cleannavi.txt

2010-02-19 22:01:46 ----D---- C:\Program Files\Navilog1

2010-02-17 22:45:29 ----D---- C:\Program Files\trend micro

2010-02-17 22:45:25 ----D---- C:\rsit

2010-02-16 21:09:04 ----D---- C:\Windows\system32\vi-VN

2010-02-16 21:09:04 ----D---- C:\Windows\system32\eu-ES

2010-02-16 21:09:04 ----D---- C:\Windows\system32\ca-ES

2010-02-15 22:17:05 ----D---- C:\Users\Stéphane\AppData\Roaming\Malwarebytes

2010-02-15 22:16:55 ----D---- C:\ProgramData\Malwarebytes

2010-02-15 22:16:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-02-10 10:59:17 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-02-10 10:59:17 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-02-10 10:59:11 ----A---- C:\Windows\system32\tsbyuv.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\quartz.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\msyuv.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\msvidc32.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\msrle32.dll

2010-02-10 10:59:11 ----A---- C:\Windows\system32\iyuv_32.dll

2010-02-10 10:59:10 ----A---- C:\Windows\system32\msvfw32.dll

2010-02-10 10:59:10 ----A---- C:\Windows\system32\mciavi32.dll

2010-02-10 10:59:10 ----A---- C:\Windows\system32\avifil32.dll

 

======List of files/folders modified in the last 1 months======

 

2010-03-06 22:58:59 ----D---- C:\Windows\Prefetch

2010-03-06 22:58:55 ----D---- C:\Windows\Temp

2010-03-06 22:25:53 ----D---- C:\Program Files\Mozilla Firefox

2010-03-06 22:25:18 ----D---- C:\Windows\Tasks

2010-03-06 17:49:39 ----D---- C:\ProgramData\Google Updater

2010-03-05 14:16:26 ----D---- C:\Windows\system32\catroot2

2010-03-04 17:10:49 ----SHD---- C:\System Volume Information

2010-03-01 18:55:52 ----D---- C:\Windows\System32

2010-03-01 18:55:52 ----D---- C:\Windows\inf

2010-03-01 18:55:52 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-02-25 13:23:17 ----SHD---- C:\Windows\Installer

2010-02-25 08:34:18 ----D---- C:\Windows\rescache

2010-02-25 08:19:10 ----D---- C:\Windows\winsxs

2010-02-25 08:18:57 ----D---- C:\Windows\system32\fr-FR

2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe

2010-02-24 08:44:08 ----D---- C:\Windows\system32\catroot

2010-02-21 11:57:54 ----D---- C:\Program Files\Java

2010-02-20 14:58:23 ----D---- C:\Program Files\Dofus

2010-02-19 22:11:33 ----D---- C:\Windows

2010-02-19 22:01:46 ----RD---- C:\Program Files

2010-02-19 21:35:28 ----D---- C:\Program Files\DofusBeta

2010-02-19 21:34:47 ----D---- C:\ProgramData\Google

2010-02-19 21:34:47 ----D---- C:\Program Files\Google

2010-02-19 21:33:29 ----HD---- C:\Program Files\InstallShield Installation Information

2010-02-19 21:33:29 ----D---- C:\Program Files\UBISOFT

2010-02-17 18:25:45 ----D---- C:\Windows\Microsoft.NET

2010-02-17 18:25:18 ----RSD---- C:\Windows\assembly

2010-02-16 21:17:02 ----SHD---- C:\Boot

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Sidebar

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Photo Gallery

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Media Player

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Mail

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Journal

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Collaboration

2010-02-16 21:09:31 ----D---- C:\Program Files\Windows Calendar

2010-02-16 21:09:31 ----D---- C:\Program Files\Movie Maker

2010-02-16 21:09:31 ----D---- C:\Program Files\Internet Explorer

2010-02-16 21:09:31 ----D---- C:\Program Files\Common Files\System

2010-02-16 21:09:30 ----D---- C:\Windows\servicing

2010-02-16 21:09:30 ----D---- C:\Windows\ehome

2010-02-16 21:09:30 ----D---- C:\Program Files\Windows Defender

2010-02-16 21:09:28 ----D---- C:\Windows\system32\XPSViewer

2010-02-16 21:09:28 ----D---- C:\Windows\system32\sk-SK

2010-02-16 21:09:28 ----D---- C:\Windows\system32\ru-RU

2010-02-16 21:09:28 ----D---- C:\Windows\system32\oobe

2010-02-16 21:09:28 ----D---- C:\Windows\system32\migration

2010-02-16 21:09:28 ----D---- C:\Windows\system32\lv-LV

2010-02-16 21:09:28 ----D---- C:\Windows\system32\ko-KR

2010-02-16 21:09:28 ----D---- C:\Windows\system32\it-IT

2010-02-16 21:09:28 ----D---- C:\Windows\system32\hr-HR

2010-02-16 21:09:28 ----D---- C:\Windows\system32\fr

2010-02-16 21:09:28 ----D---- C:\Windows\system32\et-EE

2010-02-16 21:09:28 ----D---- C:\Windows\system32\en-US

2010-02-16 21:09:28 ----D---- C:\Windows\system32\el-GR

2010-02-16 21:09:28 ----D---- C:\Windows\system32\de-DE

2010-02-16 21:09:28 ----D---- C:\Windows\system32\da-DK

2010-02-16 21:09:28 ----D---- C:\Windows\system32\AdvancedInstallers

2010-02-16 21:09:28 ----D---- C:\Windows\IME

2010-02-16 21:09:21 ----D---- C:\Windows\system32\sv-SE

2010-02-16 21:09:21 ----D---- C:\Windows\system32\setup

2010-02-16 21:09:21 ----D---- C:\Windows\system32\hu-HU

2010-02-16 21:09:21 ----D---- C:\Windows\system32\he-IL

2010-02-16 21:09:21 ----D---- C:\Windows\system32\fi-FI

2010-02-16 21:09:21 ----D---- C:\Windows\system32\cs-CZ

2010-02-16 21:09:20 ----D---- C:\Windows\system32\zh-TW

2010-02-16 21:09:20 ----D---- C:\Windows\system32\zh-CN

2010-02-16 21:09:20 ----D---- C:\Windows\system32\uk-UA

2010-02-16 21:09:20 ----D---- C:\Windows\system32\tr-TR

2010-02-16 21:09:20 ----D---- C:\Windows\system32\th-TH

2010-02-16 21:09:20 ----D---- C:\Windows\system32\sr-Latn-CS

2010-02-16 21:09:20 ----D---- C:\Windows\system32\SLUI

2010-02-16 21:09:20 ----D---- C:\Windows\system32\sl-SI

2010-02-16 21:09:20 ----D---- C:\Windows\system32\ro-RO

2010-02-16 21:09:20 ----D---- C:\Windows\system32\pt-PT

2010-02-16 21:09:20 ----D---- C:\Windows\system32\pl-PL

2010-02-16 21:09:20 ----D---- C:\Windows\system32\manifeststore

2010-02-16 21:09:20 ----D---- C:\Windows\system32\ja-JP

2010-02-16 21:09:20 ----D---- C:\Windows\system32\es-ES

2010-02-16 21:09:20 ----D---- C:\Windows\system32\drivers

2010-02-16 21:09:20 ----D---- C:\Windows\system32\bg-BG

2010-02-16 21:09:19 ----D---- C:\Windows\system32\wbem

2010-02-16 21:09:19 ----D---- C:\Windows\system32\nl-NL

2010-02-16 21:09:19 ----D---- C:\Windows\system32\nb-NO

2010-02-16 21:09:19 ----D---- C:\Windows\system32\lt-LT

2010-02-16 21:09:19 ----D---- C:\Windows\system32\ar-SA

2010-02-16 21:09:18 ----D---- C:\Windows\system32\pt-BR

2010-02-16 21:09:18 ----D---- C:\Windows\system32\migwiz

2010-02-16 21:09:09 ----RSD---- C:\Windows\Fonts

2010-02-16 21:09:09 ----D---- C:\Windows\AppPatch

2010-02-16 21:09:04 ----D---- C:\Windows\system32\Boot

2010-02-16 00:21:44 ----D---- C:\Windows\tapi

2010-02-15 22:16:55 ----HD---- C:\ProgramData

2010-02-07 12:05:47 ----D---- C:\Users\Stéphane\AppData\Roaming\Dofus 2

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-13 6144]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 194560]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-18 24576]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-29 667648]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-12-14 49152]

R2 FPAVServer;F-PROT Antivirus for Windows system; C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2009-08-27 75424]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]

R2 lxdb_device;lxdb_device; C:\Windows\system32\lxdbcoms.exe [2007-02-02 537520]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]

S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-22 135664]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]

S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]

S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]

 

-----------------EOF-----------------

Modifié le 6 mars 2010 par stephanes

[Thanos]

salut

 

Rien de mauvais sur ce rapport. Ceci dit, on dirait que ton antivirus n'est pas actif (le module résident ne semble pasa être en marche) et qu'il ne protège donc pas le pc.

Est ce une version d'évaluation que tu as installé ?

Si tu ne désires pas opter pour la version payante, tu peux installer ce très bon antivirus (n'oublie pas de désinstaller F-PROT avant de le faire) >>

 

* Télécharge Antivir sur le bureau, et installe le programme.

 

Si tu as besoin de faire un scan du pc avec Antivir, voilà ce qu'il faudra faire >>

 

Double-clique sur son icône près de l'horloge: cela ouvre l'interface principale.

Clique ensuite sur "Contrôler syst." à droite de "Dernier contrôle syst. intégral".

/!\ Cela peut être long.

Tu peux sauvegarder le rapport en fin de parcours (bouton "Rapport").

 

Si Antivir détecte des fichiers infectés, mets les en quarantaine: choisis "Déplacer en quarantaine" dans la liste des actions.

Tu peux automatiser ce type d'action en cochant la case Appliquer la sélection à toutes les détections.

Cela permet de ne pas rester à la surveiller

 

* On va faire une petite correction dans le registre =>

 

Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

O4 - HKCU\..\Run: [?????????] ??????????????e

-Ferme tous les programmes et clique sur "Fix Checked"

 

* Par ailleurs on voit un reste de Norton sur ton pc . Ce programme est particulièrement difficile à supprimer entièrement! Ceci dit, un petit programme proposé par l'éditeur de l'antivirus (Symantec) se charge de le faire automatiquement >>

 

Télécharge Norton_Removal_Tool sur ton bureau.

 

Fais un clic droit sur sur l'icône de Norton Removal tool puis choisis Exécuter en tant qu'administrateur). pour lancer l'utilitaire. Suis les indications à l'écran : il est possible que tu doives redémarrer plusieurs fois.

 

Attention: ce programme désinstalle aussi d'autres produits Symantec! Si tu as installé Ghost sur ce pc par exemple, ne lance pas cet utilitaire!