Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Portable infecté

Massa

Par Massa
dans Analyses et éradication malwares

 Partager

Messages recommandés

Massa Member

Massa

Posté(e)
Posté(e)

Bonjour,

 

J'ai un portable infecté par plusieurs virus dont Dr Guard depuis ce matin.

Quelqu'un peut-il m'aider?

J'ai téléchargé Antivir mais la base virale n'arrive pas à se mettre à jour.

J'ai aussi téléchargé Ad-Aware qui a supprimé des malwares mais ce n'est pas suffisant.

Ci-dessous le rapport HijackThis que j'ai lancé en mode sans échec.

Par avance, merci pour votre aide.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:33:44, on 27/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\svchost.exe

C:\Documents and Settings\Marie-pierre\rundll32.exe

C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\jf073c.exe

C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\asr64_ldm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\ctv216.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Marie-pierre\Mes documents\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

O2 - BHO: C:\WINDOWS\system32\bpbkr2f9v.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\bpbkr2f9v.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {BFB5F154-9212-46F3-B547-AC6106030A54} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "c:\progra~1\wi1f86~1\messen~1\msnmsgr .exe" /background

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [insider] C:\Program Files\Insider\Insider.exe

O4 - HKCU\..\Run: [uigka] "c:\documents and settings\marie-pierre\local settings\application data\uigka.exe" uigka

O4 - HKCU\..\Run: [WinUsr] c:\program files\winsudate\gibusr .exe

O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\jf073c.exe

O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] c:\docume~1\marie-~1\locals~1\temp\avp .exe

O4 - HKCU\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\system32\bpbkr2f9v.dll, HUI_proc

O4 - HKCU\..\Run: [asr64_ldm.exe] C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\asr64_ldm.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Startup: .protected

O4 - Startup: ihaupd32.exe

O4 - Startup: sysfgs32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

O4 - Global Startup: .protected

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AC661682-0D11-4141-81A3-0BA777EB820F}: NameServer = 192.168.1.1

O20 - AppInit_DLLs: app_dll.dll

O21 - SSODL: GootkitSSO - {FECF56D5-52AD-4C71-9B90-96DCA805BE06} - C:\WINDOWS\System32\msxsltsso.dll

O22 - SharedTaskScheduler: 7whfiudhf8s7f3oifhif7syfdhsof - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\bpbkr2f9v.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: IPsec Service (Darkness) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 11488 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonjour, bienvenue. :P

 

Messages : 1
Si jamais tu as besoin de quelques infos ou d'un peu d'aide pour retrouver tes posts :

 

la machine est très lourdement infectée (mes cas préférés). :P

 

Avast Spybot, Ad-aware ne te seront d'aucune aide.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme, lié à ce que tu as.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. :P
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Pour récupérer le rapport de MBAM si tu as redémarré un peu vite, démarre MBAM et va dans l'onglet log/rapports, tu pourras double cliquer dessus (ils sont datés) pour le poster.

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

Merci Falkra, de ta réponse.

Ci-dessous le rapport Malwarebytes:

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3802

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

27/02/2010 18:24:20

mbam-log-2010-02-27 (18-24-20).txt

 

Type de recherche: Examen rapide

Eléments examinés: 129519

Temps écoulé: 7 minute(s), 54 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 37

Valeur(s) du Registre infectée(s): 15

Elément(s) de données du Registre infecté(s): 8

Dossier(s) infecté(s): 10

Fichier(s) infecté(s): 155

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\bpbkr2f9v.dll (Trojan.Agent) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.Agent) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.Agent) -> Delete on reboot.

HKEY_CLASSES_ROOT\vac.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b6a3935f-8fe4-49a4-b987-a1c09e53589f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ef94a58f-599b-4602-9c34-99683c5859b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{cdc0999c-999c-4ee1-875b-5c3542641768} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kgootkit (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{06ba1f5e-15a6-46b7-8c04-97f88ff13f4f} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1a9053e3-f794-45c1-9bcf-d8b1ddcd6df2} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{57162e66-8128-4d94-9a4d-85f8104979c9} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6ebff9e0-4c78-4767-8d35-5d4c561fa06a} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{acf0580f-7080-4405-a815-37945cfff200} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bcb33298-06d5-4483-bc33-369a11bf6e72} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d20a2ed9-97ab-4684-8b3b-198bdbfdf274} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d888fb49-3924-4d85-8755-f3d3526f15dc} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f5436145-540b-4092-be81-84b75641444f} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f761616e-f046-4aae-9665-a304adb30f10} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{fecf56d5-52ad-4c71-9b90-96dca805be06} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Carlson (Trojan.Dialer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Ultimate Defender (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Defender (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Darkness (Trojan.Backdoor) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uigka (Trojan.Agent.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.Agent) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\remote system protection (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\insider (Adware.DnsInsider) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.Gibmedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asg984jgkfmgasi8ug98jgkfgfb (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uishf9wuifwuh387fh3wufinhjfdwefe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asr64_ldm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Documents and Settings\Marie-pierre\Application Data\Ultimate Defender (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Application Data\Ultimate Defender\logs (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

C:\Program Files\Fichiers communs\Carlson (Trojan.Dialer) -> Quarantined and deleted successfully.

C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.

C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate (Adware.Gibmedia) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\Marie-pierre\Local Settings\Application Data\oksmy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Application Data\oksmy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Application Data\oksmy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

c:\documents and settings\marie-pierre\local settings\application data\uigka.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bpbkr2f9v.dll (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\iei57zbsg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\rthdcpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rthdcpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\SkyTel.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\skytel.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Alcmtr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\alcmtr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Launch Manager\LManager.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1148.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\nkorf.exe (Trojan.PWS) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-6555348034-9584265188-623813722-9406\nissan.exe (Worm.Autorun.B) -> Delete on reboot.

C:\Documents and Settings\Marie-pierre\Menu Démarrer\Programmes\Démarrage\ihaupd32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\amb9c6v.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\alcmtr.exe.delme343 (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\w2d6pc.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ujxax3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\swgqix.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pfj3b6.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tmjtj44yo.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\s6a8eqf.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\taayh.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lrww5n6.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\myrd8e12i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\moiylrc42m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\i3adfua5yv.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hp8joxi0xm.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\o8t114o0z.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rthdcpl .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\skytel .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\alcmtr .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\KGootkit.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\g5orm9k3 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\avp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\g5orm9k3 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\vwwixjz.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\avp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\msinits.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\avp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\wlql03.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM28.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM6.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\iei57zbsg .exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\avp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\jf073c.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TMA.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM11.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\rc1dvpnv.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\a27uyxc0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\krznuwaz.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\wlafd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM9.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\srlwqj.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\begv5wlxo.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~DFA94B.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\o44tu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\odzmfy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\mh54vgvy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM8.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\wlql03 .exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\rev189w8o.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\avp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\jf073c .exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM23.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\o44tu .exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\mxqpipk.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\wf32fxn.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM1B.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM15.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\kq17jcf.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM2D.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\wabv2ew.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\eu8r1xo.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\ycmw0tq.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM26.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\SPAM.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\zc74gohb.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\cz9d0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM37.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\e5hgk7.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\pmip6hhc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\oh5asqy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\oatp4rg.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\~TM3F.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\vrpp49j467.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\g5orm9k3 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\avp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\avp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\g5orm9k3 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\nvrvp5ho .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\g5orm9k3 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\rthdcpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\skytel.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\alcmtr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\rundll32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\rundll32 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ETD4BY8P\gibidl[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ETD4BY8P\gibcom[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2TSJOJ25\gibupt[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2TSJOJ25\gibusr[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G3Y3MDA7\gibsvc[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G3Y3MDA7\gibsvc[2].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1148 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Application Data\Ultimate Defender\logs\1192480506.log (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Application Data\Ultimate Defender\logs\1192480878.log (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Application Data\Ultimate Defender\logs\1192485781.log (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.

C:\Program Files\Insider\insider .exe (Adware.DnsInsider) -> Quarantined and deleted successfully.

C:\Program Files\Insider\insider.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibusr .exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Help\kfdtk.chm (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Menu Démarrer\carlton (Trojan.Dialer) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Menu Démarrer\Programmes\Démarrage\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.

C:\WINDOWS\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-pierre\Local Settings\Temp\asr64_ldm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Je pense que tu te rends compte que quand on trouve dans les 200 éléments à supprimer, c'est qu'il y a un souci. :P

Il faudra être plus prudent, et surveiller ce que tu télécharges et installes.

 

Redémarre, si tu ne l'as pas déjà fait quand MBAM l'a demandé, et poste un double rapport RSIT. Voici comment faire. :P

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport. :P

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

Voici le raport log.txt

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Marie-pierre at 2010-02-27 19:20:28

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 26 GB (47%) free of 54 GB

Total RAM: 446 MB (30% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:20:35, on 27/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Marie-pierre\Mes documents\RSIT.exe

C:\Documents and Settings\Marie-pierre\Mes documents\Marie-pierre.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - - (no file)

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {BFB5F154-9212-46F3-B547-AC6106030A54} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "c:\progra~1\wi1f86~1\messen~1\msnmsgr .exe" /background

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Startup: sysfgs32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AC661682-0D11-4141-81A3-0BA777EB820F}: NameServer = 192.168.1.1

O20 - AppInit_DLLs: app_dll.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9804 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\At1105.job

C:\WINDOWS\tasks\At1106.job

C:\WINDOWS\tasks\At1107.job

C:\WINDOWS\tasks\At1108.job

C:\WINDOWS\tasks\At1109.job

C:\WINDOWS\tasks\At1110.job

C:\WINDOWS\tasks\At1111.job

C:\WINDOWS\tasks\At1112.job

C:\WINDOWS\tasks\At1113.job

C:\WINDOWS\tasks\At1114.job

C:\WINDOWS\tasks\At1115.job

C:\WINDOWS\tasks\At1116.job

C:\WINDOWS\tasks\At1117.job

C:\WINDOWS\tasks\At1118.job

C:\WINDOWS\tasks\At1119.job

C:\WINDOWS\tasks\At1120.job

C:\WINDOWS\tasks\At1121.job

C:\WINDOWS\tasks\At1122.job

C:\WINDOWS\tasks\At1123.job

C:\WINDOWS\tasks\At1124.job

C:\WINDOWS\tasks\At1125.job

C:\WINDOWS\tasks\At1126.job

C:\WINDOWS\tasks\At1127.job

C:\WINDOWS\tasks\At1128.job

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\At52.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-06 439872]

{BFB5F154-9212-46F3-B547-AC6106030A54}

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"= []

"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2010-02-27 55296]

"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2010-02-27 55296]

"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2010-02-27 55296]

""= []

"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2010-02-27 55296]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2010-02-27 55296]

"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2010-02-27 55296]

"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2010-02-27 55296]

"RTHDCPL"=RTHDCPL.EXE []

"SkyTel"=SkyTel.EXE []

"Alcmtr"=ALCMTR.EXE []

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2010-02-27 55296]

"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2010-02-27 55296]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-02-27 55296]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2010-02-27 55296]

"QuickTime Task"=c:\program files\quicktime\qttask .exe [2010-02-27 55296]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-27 55296]

"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2010-02-27 55296]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MsnMsgr"=c:\progra~1\wi1f86~1\messen~1\msnmsgr .exe [2010-02-27 55296]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2010-02-27 55296]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

C:\Documents and Settings\Marie-pierre\Menu Démarrer\Programmes\Démarrage

OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

sysfgs32.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="app_dll.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Call"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpofxs08.exe:*:Enabled:hpofxs08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqpse.exe:*:Enabled:hpqpse.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqsudi.exe:*:Enabled:hpqsudi.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"\"="C:\WINDOWS\system\svchost.exe:*:Enabled:KL"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpofxs08.exe:*:Enabled:hpofxs08.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqpse.exe:*:Enabled:hpqpse.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqsudi.exe:*:Enabled:hpqsudi.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"

"C:\Program Files\HP\Digital Imaging\BIN\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ee7adc2-d0df-11db-93ac-0016d451a39d}]

shell\Auto\command - AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554e2f20-b949-11db-937e-0016d451a39d}]

shell\Auto\command - F:\auto.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58f94784-f269-11db-93f9-0016d451a39d}]

shell\Auto\command - AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cb5ae74-a42d-11dd-978c-0016cf6a6331}]

shell\Auto\command - DanlcU.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL DanlcU.exe e

 

 

======List of files/folders created in the last 1 months======

 

2010-02-27 19:20:28 ----D---- C:\rsit

2010-02-27 19:11:12 ----SHD---- C:\FOUND.008

2010-02-27 18:31:00 ----SHD---- C:\FOUND.007

2010-02-27 18:08:11 ----A---- C:\WINDOWS\ntbtlog.txt

2010-02-27 18:08:06 ----SHD---- C:\FOUND.006

2010-02-27 17:53:21 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-02-27 17:15:49 ----D---- C:\Documents and Settings\Marie-pierre\Application Data\Malwarebytes

2010-02-27 17:15:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-02-27 17:15:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-02-27 16:41:50 ----SHD---- C:\FOUND.005

2010-02-27 14:26:06 ----SHD---- C:\FOUND.004

2010-02-27 14:12:09 ----D---- C:\Program Files\Dr. Guard

2010-02-27 11:26:38 ----SHD---- C:\FOUND.003

2010-02-24 20:17:10 ----HD---- C:\WINDOWS\$NtUninstallKB946648$

2010-02-24 20:16:56 ----HD---- C:\WINDOWS\$NtUninstallKB951978$

2010-02-24 20:16:47 ----HD---- C:\WINDOWS\$NtUninstallKB956744$

2010-02-24 20:16:12 ----HD---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-23 22:27:45 ----D---- C:\WINDOWS\Prefetch

2010-02-23 22:22:55 ----HD---- C:\WINDOWS\$NtUninstallKB977165$

2010-02-23 22:22:42 ----HD---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-23 22:22:34 ----HD---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-23 22:22:26 ----HD---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-23 22:22:18 ----HD---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-23 22:22:09 ----HD---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-23 22:22:01 ----HD---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-23 22:21:53 ----HD---- C:\WINDOWS\$NtUninstallKB978706$

2010-02-23 22:21:41 ----HD---- C:\WINDOWS\$NtUninstallKB972270$

2010-02-23 22:21:31 ----HD---- C:\WINDOWS\$NtUninstallKB955759$

2010-02-23 22:21:19 ----HD---- C:\WINDOWS\$NtUninstallKB970430$

2010-02-23 22:21:10 ----HD---- C:\WINDOWS\$NtUninstallKB974318$

2010-02-23 22:21:01 ----HD---- C:\WINDOWS\$NtUninstallKB974392$

2010-02-23 22:20:53 ----HD---- C:\WINDOWS\$NtUninstallKB971737$

2010-02-23 22:20:44 ----HD---- C:\WINDOWS\$NtUninstallKB973687$

2010-02-23 22:20:36 ----HD---- C:\WINDOWS\$NtUninstallKB969947$

2010-02-23 22:20:21 ----HD---- C:\WINDOWS\$NtUninstallKB971486$

2010-02-23 22:20:05 ----HD---- C:\WINDOWS\$NtUninstallKB969059$

2010-02-23 22:19:57 ----HD---- C:\WINDOWS\$NtUninstallKB974112$

2010-02-23 22:19:49 ----HD---- C:\WINDOWS\$NtUninstallKB975025$

2010-02-23 22:19:40 ----HD---- C:\WINDOWS\$NtUninstallKB974571$

2010-02-23 22:19:32 ----HD---- C:\WINDOWS\$NtUninstallKB975467$

2010-02-23 22:19:24 ----HD---- C:\WINDOWS\$NtUninstallKB961503$

2010-02-23 22:19:17 ----HD---- C:\WINDOWS\$NtUninstallKB956844$

2010-02-23 22:18:53 ----HD---- C:\WINDOWS\$NtUninstallKB961118$

2010-02-23 22:18:45 ----HD---- C:\WINDOWS\$NtUninstallKB973354$

2010-02-23 22:18:37 ----HD---- C:\WINDOWS\$NtUninstallKB973869$

2010-02-23 22:18:30 ----HD---- C:\WINDOWS\$NtUninstallKB971557$

2010-02-23 22:18:22 ----HD---- C:\WINDOWS\$NtUninstallKB960859$

2010-02-23 22:18:14 ----HD---- C:\WINDOWS\$NtUninstallKB971657$

2010-02-23 22:18:07 ----HD---- C:\WINDOWS\$NtUninstallKB973507$

2010-02-23 22:17:57 ----HD---- C:\WINDOWS\$NtUninstallKB973815$

2010-02-23 22:17:48 ----HD---- C:\WINDOWS\$NtUninstallKB968389$

2010-02-23 22:17:33 ----HD---- C:\WINDOWS\$NtUninstallKB971633$

2010-02-23 22:17:25 ----HD---- C:\WINDOWS\$NtUninstallKB961371$

2010-02-23 22:17:13 ----HD---- C:\WINDOWS\$NtUninstallKB961501$

2010-02-23 22:17:01 ----HD---- C:\WINDOWS\$NtUninstallKB970238$

2010-02-23 22:16:53 ----HD---- C:\WINDOWS\$NtUninstallKB968537$

2010-02-23 22:16:45 ----HD---- C:\WINDOWS\$NtUninstallKB960763$

2010-02-23 22:16:31 ----HD---- C:\WINDOWS\$NtUninstallKB956572$

2010-02-23 22:16:20 ----HD---- C:\WINDOWS\$NtUninstallKB960803$

2010-02-23 22:16:11 ----HD---- C:\WINDOWS\$NtUninstallKB923561$

2010-02-23 22:16:01 ----HD---- C:\WINDOWS\$NtUninstallKB959426$

2010-02-23 22:15:52 ----HD---- C:\WINDOWS\$NtUninstallKB961373$

2010-02-23 22:15:43 ----HD---- C:\WINDOWS\$NtUninstallKB952004$

2010-02-23 22:15:31 ----HD---- C:\WINDOWS\$NtUninstallKB960225$

2010-02-23 22:15:23 ----HD---- C:\WINDOWS\$NtUninstallKB958690$

2010-02-23 22:15:12 ----HD---- C:\WINDOWS\$NtUninstallKB967715$

2010-02-23 22:14:59 ----HD---- C:\WINDOWS\$NtUninstallKB958687$

2010-02-23 22:14:44 ----HD---- C:\WINDOWS\$NtUninstallKB974112_1$

2010-02-23 22:14:37 ----HD---- C:\WINDOWS\$NtUninstallKB954600$

2010-02-23 22:14:29 ----HD---- C:\WINDOWS\$NtUninstallKB956802$

2010-02-23 22:14:17 ----HD---- C:\WINDOWS\$NtUninstallKB957097$

2010-02-23 22:14:09 ----HD---- C:\WINDOWS\$NtUninstallKB973687_1$

2010-02-23 22:14:01 ----HD---- C:\WINDOWS\$NtUninstallKB955069$

2010-02-23 22:13:53 ----HD---- C:\WINDOWS\$NtUninstallKB958644$

2010-02-23 22:13:45 ----HD---- C:\WINDOWS\$NtUninstallKB956803$

2010-02-23 22:13:34 ----HD---- C:\WINDOWS\$NtUninstallKB957095$

2010-02-23 22:13:26 ----HD---- C:\WINDOWS\$NtUninstallKB954211$

2010-02-23 22:13:16 ----HD---- C:\WINDOWS\$NtUninstallKB956841$

2010-02-23 22:13:06 ----HD---- C:\WINDOWS\$NtUninstallKB938464$

2010-02-23 22:12:56 ----HD---- C:\WINDOWS\$NtUninstallKB952287$

2010-02-23 22:12:48 ----HD---- C:\WINDOWS\$NtUninstallKB951066$

2010-02-23 22:12:40 ----HD---- C:\WINDOWS\$NtUninstallKB952954$

2010-02-23 22:12:31 ----HD---- C:\WINDOWS\$NtUninstallKB950974$

2010-02-23 22:12:16 ----HD---- C:\WINDOWS\$NtUninstallKB951748$

2010-02-23 22:12:07 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$

2010-02-23 22:11:59 ----HD---- C:\WINDOWS\$NtUninstallKB950762$

2010-02-23 22:11:48 ----HD---- C:\WINDOWS\$NtUninstallKB951376$

2010-02-23 22:11:39 ----HD---- C:\WINDOWS\$NtUninstallKB951698$

2010-02-23 22:07:15 ----D---- C:\Program Files\Messenger

2010-02-23 22:06:58 ----D---- C:\Program Files\msn

2010-02-23 22:06:57 ----D---- C:\WINDOWS\system32\fr

2010-02-23 22:06:57 ----D---- C:\WINDOWS\system32\bits

2010-02-23 22:06:57 ----D---- C:\WINDOWS\l2schemas

2010-02-23 22:03:24 ----D---- C:\WINDOWS\network diagnostic

2010-02-23 21:58:21 ----HD---- C:\WINDOWS\$NtServicePackUninstall$

2010-02-23 21:58:13 ----D---- C:\WINDOWS\EHome

2010-02-22 21:53:58 ----D---- C:\WINDOWS\BDOSCAN8

2010-02-22 21:37:08 ----D---- C:\WINDOWS\ie8updates

2010-02-22 21:35:53 ----D---- C:\WINDOWS\WBEM

2010-02-22 21:34:42 ----HD---- C:\WINDOWS\ie8

2010-02-22 21:34:42 ----D---- C:\WINDOWS\system32\fr-FR

2010-02-22 19:47:00 ----SHD---- C:\FOUND.002

2010-02-21 15:58:18 ----SHD---- C:\FOUND.001

2010-02-21 02:42:35 ----D---- C:\Program Files\CCleaner

2010-02-21 02:31:38 ----SHD---- C:\FOUND.000

2010-02-21 02:18:35 ----D---- C:\Program Files\ESET

2010-02-20 23:57:09 ----D---- C:\Program Files\Avira

2010-02-20 23:57:09 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2010-02-20 10:49:21 ----A---- C:\WINDOWS\system32\lsdelete.exe

2010-02-18 23:22:12 ----HD---- C:\WINDOWS\$NtUninstallKB977165_0$

2010-02-18 22:49:39 ----HD---- C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-02-18 22:49:10 ----D---- C:\Program Files\Lavasoft

2010-02-18 22:49:10 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2010-02-18 18:47:03 ----D---- C:\WINDOWS\Minidump

2010-02-18 18:44:49 ----A---- C:\WINDOWS\system32\aswBoot.exe

2010-02-18 18:44:43 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software

2010-02-18 12:40:22 ----HD---- C:\WINDOWS\$NtUninstallKB978207$

2010-02-18 12:21:26 ----HD---- C:\WINDOWS\$NtUninstallKB955759_0$

2010-02-15 20:46:28 ----HD---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-15 20:46:19 ----HD---- C:\WINDOWS\$NtUninstallKB971468_0$

2010-02-15 20:45:49 ----HD---- C:\WINDOWS\$NtUninstallKB970430_0$

2010-02-15 20:45:34 ----HD---- C:\WINDOWS\$NtUninstallKB974318_0$

2010-02-15 20:45:26 ----HD---- C:\WINDOWS\$NtUninstallKB978037_0$

2010-02-15 20:44:55 ----HD---- C:\WINDOWS\$NtUninstallKB975713_0$

2010-02-15 20:44:45 ----HD---- C:\WINDOWS\$NtUninstallKB972270_0$

2010-02-15 20:44:11 ----HD---- C:\WINDOWS\$NtUninstallKB978251_0$

2010-02-15 20:43:58 ----HD---- C:\WINDOWS\$NtUninstallKB975560_0$

2010-02-15 20:43:15 ----HD---- C:\WINDOWS\$NtUninstallKB973904$

2010-02-15 20:43:06 ----HD---- C:\WINDOWS\$NtUninstallKB977914_0$

2010-02-15 20:42:54 ----HD---- C:\WINDOWS\$NtUninstallKB978706_0$

2010-02-07 22:23:43 ----A---- C:\xksbjacq.exe

 

======List of files/folders modified in the last 1 months======

 

2010-02-27 19:11:54 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

2010-02-27 14:02:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-02-24 21:51:56 ----A---- C:\WINDOWS\DUMP3a78.tmp

2010-02-24 21:50:38 ----A---- C:\WINDOWS\DUMP3ab7.tmp

2010-02-24 18:56:16 ----A---- C:\WINDOWS\DUMP3a59.tmp

2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-24 488448]

R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]

R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-05-24 61056]

R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-05-24 40064]

R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-05-24 74752]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-05-23 6144]

R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]

S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]

S1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520]

S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]

S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]

S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

S2 aswFsBlk;aswFsBlk; aswFsBlk.sys []

S2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]

S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]

S2 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []

S2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

S2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

S2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []

S2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]

S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]

S2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []

S2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]

S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-27 1540096]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]

S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-06-12 990592]

S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-06-12 208384]

S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-01-11 194048]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]

S3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]

S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]

S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]

S3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []

S3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []

S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20071030.001\symidsco.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-06-12 727808]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-23 1229232]

S2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-27 405504]

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

S2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2010-02-20 254050]

S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2010-02-20 114784]

S2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-04-27 61440]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-02-17 73728]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2010-02-20 143360]

S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-02-20 705376]

S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2010-02-20 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

et info.txt

 

info.txt logfile of random's system information tool 1.06 2010-02-27 19:20:39

 

======Uninstall list======

 

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}

Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall

Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly

Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly

Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c

Acer ePresentation Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x40c

Acer eSettings Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x40c -removeonly

Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI

Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}

Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->MsiExec.exe /I{79B05AF4-8894-49A1-9FF4-53F0142D85E1}

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}

Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

CashBarre-->regsvr32 /u /s "C:\Program Files\CashBarre\CashBarre.dll"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

eMule-->"C:\Program Files\eMule\Uninstall.exe"

Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}

Favorit-->"c:\documents and settings\marie-pierre\local settings\application data\uigka.exe" -uninstall

Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Documents and Settings\Marie-pierre\Mes documents\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot

HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop

HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat

HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat

HP Solution Center 11.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot

HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Launch Manager-->C:\WINDOWS\UnInst32.exe LManager.UNI

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL

Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB960763)-->"C:\WINDOWS\$NtUninstallKB960763$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}

Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E916E61F-DE9D-4EAF-91E1-CEB50016326A}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}

NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4

NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7

OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}

OpenOffice.org 2.0-->MsiExec.exe /I{E2055AB2-D1C7-4147-A384-2B4B1C04282B}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPINST.EXE /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_4C9003F79A472E408F11C51BDF222156676824AF\amdk8.inf

PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}

Photo SlideShow Maker-->C:\Program Files\Photo SlideShow Maker\uninstall.exe

Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}

PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

Print@Fujicolor-->C:\PROGRA~1\FUJIFILM\UNWISE.EXE C:\PROGRA~1\FUJIFILM\INSTALL.LOG

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x40c -removeonly

SA31xx Device Manager & Media Converter-->C:\Program Files\InstallShield Installation Information\{E572B060-C98B-4984-A48E-E4FA56265903}\setup.exe -runfromtemp -l0x040c -removeonly

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F\HXFSETUP.EXE -U -IAcrS09Fp.inf

SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}

Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}

VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"

Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf

Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\YAHOO!\common\unyt.exe

 

======Security center information======

 

AV: Dr. Guard (outdated)

 

======System event log======

 

Computer Name: ACER-318DE0055E

Event Code: 26

Message: Application popup : Windows - Fichier endommagé : Le fichier ou le répertoire \WINDOWS\System32\drivers\ucmvm.sys est endommagé et illisible. Exécutez l'utilitaire CHKDSK.

 

Record Number: 9483535

Source Name: Application Popup

Time Written: 20100227183632.000000+060

Event Type: Informations

User:

 

Computer Name: ACER-318DE0055E

Event Code: 26

Message: Application popup : Windows - Fichier endommagé : Le fichier ou le répertoire \WINDOWS\System32\drivers\ucmvm.sys est endommagé et illisible. Exécutez l'utilitaire CHKDSK.

 

Record Number: 9483534

Source Name: Application Popup

Time Written: 20100227183631.000000+060

Event Type: Informations

User:

 

Computer Name: ACER-318DE0055E

Event Code: 26

Message: Application popup : Windows - Fichier endommagé : Le fichier ou le répertoire \WINDOWS\System32\drivers\ucmvm.sys est endommagé et illisible. Exécutez l'utilitaire CHKDSK.

 

Record Number: 9483533

Source Name: Application Popup

Time Written: 20100227183630.000000+060

Event Type: Informations

User:

 

Computer Name: ACER-318DE0055E

Event Code: 26

Message: Application popup : Windows - Fichier endommagé : Le fichier ou le répertoire \WINDOWS\System32\drivers\ucmvm.sys est endommagé et illisible. Exécutez l'utilitaire CHKDSK.

 

Record Number: 9483532

Source Name: Application Popup

Time Written: 20100227183630.000000+060

Event Type: Informations

User:

 

Computer Name: ACER-318DE0055E

Event Code: 26

Message: Application popup : Windows - Fichier endommagé : Le fichier ou le répertoire \WINDOWS\System32\drivers\ucmvm.sys est endommagé et illisible. Exécutez l'utilitaire CHKDSK.

 

Record Number: 9483531

Source Name: Application Popup

Time Written: 20100227183629.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: ACER-318DE0055E

Event Code: 0

Message: Service started

 

Record Number: 32088

Source Name: SeaPort

Time Written: 20091022174738.000000+120

Event Type: Informations

User:

 

Computer Name: ACER-318DE0055E

Event Code: 0

Message:

Record Number: 32087

Source Name: CLCapSvc

Time Written: 20091022174737.000000+120

Event Type: Informations

User:

 

Computer Name: ACER-318DE0055E

Event Code: 0

Message:

Record Number: 32086

Source Name: RichVideo

Time Written: 20091022174737.000000+120

Event Type: Informations

User:

 

Computer Name: ACER-318DE0055E

Event Code: 4

Message: The LightScribe Service started successfully.

 

Record Number: 32085

Source Name: LightScribeService

Time Written: 20091022174736.000000+120

Event Type: Informations

User:

 

Computer Name: ACER-318DE0055E

Event Code: 1

Message:

Record Number: 32084

Source Name: Bonjour Service

Time Written: 20091022174731.000000+120

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=4c02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

"SAFEBOOT_OPTION"=NETWORK

 

-----------------EOF-----------------

 

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il y en a partout.

 

IL faudrait faire tout en mode normal, si le mode normal est accessible et ok, sinon tant pis, en mode sans échec.

 

 

Tu vas utiliser Combofix. Ce logiciel n'est à utiliser que prescrit et piloté par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Tu peux voir ces opérations dans le guide officiel (seul autorisé) :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

Bonjour Falkra.

Voici le rapport combofix.

Encore merci pour le temps consacré à mes nombreux virus ! :P

 

ComboFix 10-02-27.04 - Marie-pierre 28/02/2010 5:20.1.1 - FAT32x86

Lancé depuis: c:\documents and settings\Marie-pierre\Bureau\ComboFix.exe

.

Les fichiers ci-dessous ont été désactivés pendant l'exécution:

c:\program files\supercopier2\SC2Hook.dll

 

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Marie-pierre\alcmtr .exe

c:\documents and settings\Marie-pierre\alcmtr.exe

c:\documents and settings\Marie-pierre\Local Settings\Application Data\uigka .exe

c:\documents and settings\Marie-pierre\rthdcpl .exe

c:\documents and settings\Marie-pierre\rthdcpl.exe

c:\documents and settings\Marie-pierre\skytel .exe

c:\documents and settings\Marie-pierre\skytel.exe

c:\program files\Adobe\acrotray .exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\recycler\S-1-5-21-0692937325-8338908061-556774224-3609

c:\recycler\S-1-5-21-1465164915-9777143122-004361626-5375

c:\recycler\S-1-5-21-1718367439-6131418811-041733774-7605

c:\recycler\S-1-5-21-3048521287-1334010259-655417555-8760

c:\recycler\S-1-5-21-3528510646-1025032674-814116027-4351

c:\recycler\S-1-5-21-3799388263-7546126667-585334487-0909

c:\recycler\S-1-5-21-4060137786-1808214808-063569376-8198

c:\recycler\S-1-5-21-4461765001-2685699955-412929427-3460

c:\recycler\S-1-5-21-4872586370-4433696876-874451543-4152

c:\recycler\S-1-5-21-5052965197-2741902215-001083398-6693

c:\recycler\S-1-5-21-6555348034-9584265188-623813722-9406

c:\windows\alcmtr .exe

c:\windows\dat.txt

c:\windows\Help\rgb.chm

c:\windows\rthdcpl .exe

c:\windows\search_res.txt

c:\windows\skytel .exe

c:\windows\system32\4DW4R3ALOtLLLvOE.dll

c:\windows\system32\4DW4R3c.dll

c:\windows\system32\4DW4R3fQdJSdUXDq.dll

c:\windows\system32\4DW4R3jTSlEXpbSn.dll

c:\windows\system32\4DW4R3mTKLYLJTGQ.dll

c:\windows\system32\4DW4R3phlsrEQwqe.dll

c:\windows\system32\4DW4R3rpvJjLlBXI.dll

c:\windows\system32\4DW4R3SFooOmObpn.dll

c:\windows\system32\4DW4R3sv.dat

c:\windows\system32\4DW4R3uknOnKiepM.dll

c:\windows\system32\4DW4R3VKGMLdoDoY.dll

c:\windows\system32\4DW4R3YeMhCRdAAn.dll

c:\windows\system32\ctfmon .exe

c:\windows\system32\drivers\4DW4R3.sys

c:\windows\system32\drivers\4DW4R3IAROsnynRO.sys

c:\windows\system32\drivers\4DW4R3KFodxUlRjX.sys

c:\windows\system32\drivers\4DW4R3oyViYjocrj.sys

c:\windows\system32\drivers\4DW4R3pAvfQCXSNn.sys

c:\windows\system32\drivers\4DW4R3rfHYbkdbDk.sys

c:\windows\system32\drivers\4DW4R3TWyvPpxvcb.sys

c:\windows\system32\drivers\4DW4R3vNTUPcMdvR.sys

c:\windows\system32\drivers\4DW4R3WnfvjKYvmd.sys

c:\windows\system32\drivers\4DW4R3WrMttSrtjJ.sys

c:\windows\system32\drivers\4DW4R3YOvPkoptef.sys

c:\windows\system32\Microsoft\backup.ftp

c:\windows\system32\Microsoft\backup.tftp

C:\xksbjacq.exe

 

c:\windows\system32\drivers\ntfs.sys . . . est infecté!!

 

c:\windows\system32\tftp.exe . . . est infecté!!

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_4DW4R3

-------\Legacy_4DW4R3

-------\Legacy_KGOOTKIT

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-28 au 2010-02-28 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-28 04:35 . 2010-02-28 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\96225428

2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- C:\rsit

2010-02-27 18:11 . 2010-02-27 18:11 -------- d-----w- C:\FOUND.008

2010-02-27 17:31 . 2010-02-27 17:31 -------- d-----w- C:\FOUND.007

2010-02-27 17:08 . 2010-02-27 17:08 -------- d-----w- C:\FOUND.006

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\Marie-pierre\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 16:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 15:41 . 2010-02-27 15:41 -------- d-----w- C:\FOUND.005

2010-02-27 15:01 . 2010-02-27 15:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-02-27 13:26 . 2010-02-27 13:26 -------- d-----w- C:\FOUND.004

2010-02-27 13:12 . 2010-02-27 13:12 -------- d-----w- c:\program files\Dr. Guard

2010-02-27 10:26 . 2010-02-27 10:26 -------- d-----w- C:\FOUND.003

2010-02-23 22:01 . 2010-02-23 22:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\fr

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\bits

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\l2schemas

2010-02-23 20:58 . 2010-02-23 20:58 -------- d-----w- c:\windows\EHome

2010-02-23 19:50 . 2010-02-18 21:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-22 20:53 . 2010-02-22 20:54 -------- d-----w- c:\windows\BDOSCAN8

2010-02-22 20:50 . 2010-02-22 20:50 -------- d-sh--w- c:\documents and settings\Marie-pierre\PrivacIE

2010-02-22 20:46 . 2010-02-22 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-02-22 20:42 . 2010-02-22 20:42 -------- d-sh--w- c:\documents and settings\Marie-pierre\IETldCache

2010-02-22 20:37 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-02-22 20:37 . 2010-02-22 20:37 -------- d-----w- c:\windows\ie8updates

2010-02-22 20:36 . 2009-12-21 19:06 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-02-22 20:36 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-02-22 20:36 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-02-22 20:36 . 2009-12-21 19:06 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-02-22 20:36 . 2009-12-21 19:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-02-22 20:36 . 2009-12-21 19:06 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-22 20:34 . 2010-02-22 20:34 -------- d--h--w- c:\windows\ie8

2010-02-22 20:34 . 2010-02-22 20:34 -------- d-----w- c:\windows\system32\fr-FR

2010-02-22 18:47 . 2010-02-22 18:47 -------- d-----w- C:\FOUND.002

2010-02-21 22:20 . 2010-02-22 19:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-21 14:58 . 2010-02-21 14:58 -------- d-----w- C:\FOUND.001

2010-02-21 02:03 . 2010-02-21 02:03 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-21 01:42 . 2010-02-21 01:42 -------- d-----w- c:\program files\CCleaner

2010-02-21 01:31 . 2010-02-21 01:31 -------- d-----w- C:\FOUND.000

2010-02-21 01:18 . 2010-02-21 01:18 -------- d-----w- c:\program files\ESET

2010-02-20 22:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-20 22:57 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-02-20 22:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\program files\Avira

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-02-20 09:49 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-18 21:54 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-18 21:49 . 2010-02-18 21:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\program files\Lavasoft

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-18 21:39 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-18 17:45 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-18 17:45 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-18 17:45 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-18 17:45 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-18 17:45 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-18 17:45 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-18 17:45 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-18 17:44 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-18 17:44 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-18 17:44 . 2010-02-18 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-02-15 19:03 . 2010-02-15 19:03 -------- d-----r- c:\documents and settings\NetworkService\Favoris

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-28 04:35 . 2010-02-28 04:35 55296 ----a-w- c:\documents and settings\All Users\Application Data\96225428\96225428.exe

2010-02-28 04:35 . 2010-02-28 04:35 55296 ----a-w- c:\documents and settings\Marie-pierre\skytel.exe

2010-02-28 04:35 . 2010-02-28 04:35 55296 ----a-w- c:\documents and settings\Marie-pierre\rthdcpl.exe

2010-02-28 04:35 . 2010-02-28 04:35 1050112 ----a-w- c:\documents and settings\All Users\Application Data\96225428\96225428 .exe

2010-02-28 04:34 . 2010-02-28 04:34 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

2010-02-28 04:34 . 2010-02-28 04:34 16 ----a-w- c:\documents and settings\LocalService\Application Data\pdytbs.dat

2010-02-27 13:02 . 2006-05-23 15:54 86612 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-27 13:02 . 2006-05-23 15:54 512410 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-27 12:59 . 2010-02-27 12:59 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\pdytbs.dat

2010-02-24 20:51 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a78.tmp

2010-02-24 20:50 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3ab7.tmp

2010-02-24 17:56 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a59.tmp

2010-02-23 21:09 . 2006-05-23 15:29 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-23 19:51 . 2010-02-18 21:53 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-23 19:50 . 2010-02-23 19:50 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-23 19:50 . 2010-02-18 21:53 150888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe

2010-02-23 19:50 . 2010-02-23 19:50 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-23 19:50 . 2010-02-18 21:53 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-23 19:50 . 2010-02-18 21:53 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-23 19:50 . 2010-02-18 21:53 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-23 19:50 . 2010-02-18 21:53 735008 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe

2010-02-23 19:50 . 2010-02-18 21:53 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-23 19:50 . 2010-02-18 21:53 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-22 20:45 . 2006-12-01 19:16 91952 ----a-w- c:\documents and settings\Marie-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-20 09:08 . 2007-03-10 21:21 110592 ----a-w- c:\documents and settings\Marie-pierre\Application Data\U3\temp\cleanup.exe

2010-02-20 09:08 . 2009-08-21 14:37 1962232 ----a-w- c:\documents and settings\Marie-pierre\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-02-20 08:35 . 2010-02-18 21:49 3802016 ----a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe

2010-02-20 08:35 . 2008-10-01 18:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.1.11\SetupAdmin.exe

2010-02-20 08:35 . 2008-07-04 12:35 54632 ----a-w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe

2010-02-20 08:35 . 2007-05-17 17:31 21489968 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre_web[1].exe

2010-02-20 08:35 . 2007-05-17 17:30 8704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe

2010-02-20 08:35 . 2007-05-17 17:30 15872 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe

2010-02-20 08:35 . 2007-05-17 17:30 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe

2010-02-18 21:53 . 2010-02-18 21:53 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-02-18 21:53 . 2010-02-18 21:53 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-02-18 21:53 . 2010-02-18 21:53 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-02-18 21:53 . 2010-02-18 21:53 562272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-18 21:53 . 2010-02-18 21:53 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-02-18 21:53 . 2010-02-18 21:53 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2009-12-31 16:50 . 2004-08-05 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:07 . 2006-01-09 19:02 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2004-08-05 04:00 347648 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-05 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-05 04:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:08 . 2004-08-05 04:00 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2004-08-05 04:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

<pre>
c:\program files\Avira\AntiVir Desktop\avgnt .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Realtek\InstallShield\azmixersel .exe
c:\program files\Acer\Acer Arcade\pcmservice .exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\rthdcpl .exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\skytel .exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\alcmtr .exe
c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui .exe
c:\program files\Launch Manager\lmanager .exe
c:\program files\HP\Digital Imaging\bin\hpqsrmon .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\Java\jre1.5.0_03\bin\jusched .exe
c:\program files\SuperCopier2\supercopier2 .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask	.exe
c:\program files\QuickTime\qttask	  .exe
c:\program files\QuickTime\qttask	 .exe
c:\program files\QuickTime\qttask	   .exe
c:\program files\QuickTime\qttask		.exe
c:\program files\QuickTime\qttask		 .exe
c:\program files\QuickTime\qttask		  .exe
c:\program files\QuickTime\qttask		   .exe
c:\program files\QuickTime\qttask			.exe
c:\program files\QuickTime\qttask			 .exe
c:\program files\QuickTime\qttask			  .exe
c:\program files\QuickTime\qttask			   .exe
c:\program files\QuickTime\qttask				.exe
c:\program files\QuickTime\qttask				 .exe
c:\program files\QuickTime\qttask				   .exe
c:\program files\QuickTime\qttask				  .exe
c:\program files\QuickTime\qttask					.exe
c:\program files\QuickTime\qttask					 .exe
c:\program files\QuickTime\qttask					  .exe
c:\program files\QuickTime\qttask					   .exe
c:\program files\QuickTime\qttask						.exe
c:\program files\QuickTime\qttask						 .exe
c:\program files\QuickTime\qttask						  .exe
c:\program files\QuickTime\qttask						   .exe
c:\program files\QuickTime\qttask							.exe
c:\program files\QuickTime\qttask							   .exe
c:\program files\QuickTime\qttask							 .exe
c:\program files\QuickTime\qttask							  .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\program files\Windows Live\Messenger\msnmsgr	  .exe
c:\program files\Windows Live\Messenger\msnmsgr  .exe
c:\program files\Windows Live\Messenger\msnmsgr   .exe
c:\program files\Windows Live\Messenger\msnmsgr	.exe
c:\program files\Windows Live\Messenger\msnmsgr	 .exe
c:\windows\system32\IME\TINTLGNT\tintsetp .exe
c:\windows\ime\imjp8_1\imjpmig .exe
</pre>

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\progra~1\wi1f86~1\messen~1\msnmsgr .exe" [2009-07-26 3883856]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2010-02-28 55296]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]

"LaunchApp"="" [N/A]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2010-02-28 55296]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2010-02-28 55296]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2010-02-28 55296]

"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2010-02-28 55296]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2010-02-28 55296]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2010-02-28 55296]

"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2010-02-28 55296]

"RTHDCPL"="RTHDCPL.EXE" [N/A]

"SkyTel"="SkyTel.EXE" [N/A]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2010-02-28 55296]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2010-02-28 55296]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-02-28 55296]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2010-02-28 55296]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-28 55296]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2010-02-28 55296]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"96225428"="c:\docume~1\ALLUSE~1\APPLIC~1\96225428\96225428.exe" [2010-02-28 55296]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R0 tlltraq;tlltraq; [x]

R0 ucmvm;ucmvm; [x]

R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [x]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [x]

R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2010-02-20 705376]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288]

S1 aswSP;aswSP; [x]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-23 1229232]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - TPZDJYYQ

*Deregistered* - mchInjDrv

*Deregistered* - tpzdjyyq

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2010-02-28 c:\windows\Tasks\At1153.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1154.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1155.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1156.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1157.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1158.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1159.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1160.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1161.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1162.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1163.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1164.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1165.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1166.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1167.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1168.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1169.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1170.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1171.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1172.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1173.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1174.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1175.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\At1176.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 04:35]

 

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-18 19:50]

 

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-02-18 c:\windows\Tasks\WebReg HP Deskjet F4200 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 19:42]

.

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

TCP: {AC661682-0D11-4141-81A3-0BA777EB820F} = 192.168.1.1

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Notify-WgaLogon - (no file)

AddRemove-uigka - c:\documents and settings\marie-pierre\local settings\application data\uigka.exe

AddRemove-{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31} - c:\program files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-28 05:37

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]

"ImagePath"="\??\c:\docume~1\MARIE-~1\LOCALS~1\Temp\mc26.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tpzdjyyq]

 

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(628)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3780)

c:\program files\supercopier2\SC2Hook.dll

c:\acer\empowering technology\epower\SysHook.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\acer\empowering technology\epower\epower_dmc .exe

c:\program files\acer\acer arcade\pcmservice .exe

c:\program files\ati technologies\ati.ace\cli .exe

c:\progra~1\launch~1\lmanager .exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\hp\hp software update\hpwuschd2 .exe

c:\program files\java\jre1.5.0_03\bin\jusched .exe

c:\program files\itunes\ituneshelper .exe

c:\program files\supercopier2\supercopier2 .exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\ati technologies\ati.ace\cli .exe

c:\program files\ati technologies\ati.ace\cli .exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Heure de fin: 2010-02-28 05:49:23 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-02-28 04:49

 

Avant-CF: 26 293 501 952 octets libres

Après-CF: 26 262 470 656 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

 

- - End Of File - - FE1D55729D921B78E367833F41E880A0

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

La machine est infectée de partout, ça grouille.

 

ComboFix a déjà supprimé des nuisibles, mais on va continuer avec un script sur-mesure.

 

Rend toi sur cette page afin de télécharger le fichier CFScript sur le Bureau => http://senduit.com/31cab4

Patiente une seconde: le téléchargement va se lancer automatiquement.

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
    img-191202xzrpd.gif
  • Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Quand CF finit de s'exécuter, il affiche cette boîte de message:
    autosubmitfrdt7.png
  • Cliquer sur OK va faire débuter l'envoi automatique du fichier archivé (zip).
    cfuploadsuccessfulfrwn3.gif
  • Une fois le scan achevé, le pc va certainement redémarrer: un rapport va s'afficher, poste son contenu.
  • Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Note1: Le script proposé est spécifique au cas de cet utilisateur : vous ne devez en aucun cas l'utiliser sur votre pc!

 

Note2: un fichier qui se trouve sur le pc va être expédié au créateur de ComboFix pour analyse.

Dans le cas où le site de téléchargement se trouve hors ligne, tu verras le message ci-dessous =>

cfuploadfailedfrrf5.gif

Il te suffira seulement de faire un double clic sur le fichier CF-Submit.htm qui se trouve dans le répertoire C:\ pour envoyer le fichier.

Le rapport de ComboFix ne s'affichera qu'après la fin de la fonction d'envoi.

Massa Member

Massa

Posté(e)
  • Auteur
Posté(e)

Voici le dernier rapport.

Bonne lecture !

 

ComboFix 10-02-27.04 - Marie-pierre 28/02/2010 13:14:14.2.1 - FAT32x86

Lancé depuis: c:\documents and settings\Marie-pierre\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Marie-pierre\Bureau\CFscript.txt

 

FILE ::

"c:\windows\Tasks\At1153.job"

"c:\windows\Tasks\At1154.job"

"c:\windows\Tasks\At1155.job"

"c:\windows\Tasks\At1156.job"

"c:\windows\Tasks\At1157.job"

"c:\windows\Tasks\At1158.job"

"c:\windows\Tasks\At1159.job"

"c:\windows\Tasks\At1160.job"

"c:\windows\Tasks\At1161.job"

"c:\windows\Tasks\At1162.job"

"c:\windows\Tasks\At1163.job"

"c:\windows\Tasks\At1164.job"

"c:\windows\Tasks\At1165.job"

"c:\windows\Tasks\At1166.job"

"c:\windows\Tasks\At1167.job"

"c:\windows\Tasks\At1168.job"

"c:\windows\Tasks\At1169.job"

"c:\windows\Tasks\At1170.job"

"c:\windows\Tasks\At1171.job"

"c:\windows\Tasks\At1172.job"

"c:\windows\Tasks\At1173.job"

"c:\windows\Tasks\At1174.job"

"c:\windows\Tasks\At1175.job"

"c:\windows\Tasks\At1176.job"

 

file zipped: c:\program files\Internet Explorer\wmpscfgs.exe

file zipped: c:\windows\system32\fjhdyfhsn.bat

file zipped: c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe

.

Les fichiers ci-dessous ont été désactivés pendant l'exécution:

c:\program files\supercopier2\SC2Hook.dll

 

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Marie-pierre\rthdcpl .exe

c:\documents and settings\Marie-pierre\rthdcpl.exe

c:\documents and settings\Marie-pierre\skytel .exe

c:\documents and settings\Marie-pierre\skytel.exe

c:\program files\Internet Explorer\js.mui

c:\program files\internet explorer\wmpscfgs.exe

c:\windows\system32\ctfmon .exe

c:\windows\system32\fjhdyfhsn.bat

 

c:\windows\system32\tftp.exe . . . est infecté!!

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TLLTRAQ

-------\Legacy_UCMVM

-------\Service_tlltraq

-------\Service_ucmvm

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-28 au 2010-02-28 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-28 10:34 . 2010-02-28 10:34 -------- d-----w- C:\FOUND.009

2010-02-28 03:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- C:\rsit

2010-02-27 18:11 . 2010-02-27 18:11 -------- d-----w- C:\FOUND.008

2010-02-27 17:31 . 2010-02-27 17:31 -------- d-----w- C:\FOUND.007

2010-02-27 17:08 . 2010-02-27 17:08 -------- d-----w- C:\FOUND.006

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\Marie-pierre\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 16:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 15:41 . 2010-02-27 15:41 -------- d-----w- C:\FOUND.005

2010-02-27 15:01 . 2010-02-27 15:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-02-27 13:26 . 2010-02-27 13:26 -------- d-----w- C:\FOUND.004

2010-02-27 13:12 . 2010-02-27 13:12 -------- d-----w- c:\program files\Dr. Guard

2010-02-27 10:26 . 2010-02-27 10:26 -------- d-----w- C:\FOUND.003

2010-02-23 22:01 . 2010-02-23 22:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\fr

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\bits

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\l2schemas

2010-02-23 20:58 . 2010-02-23 20:58 -------- d-----w- c:\windows\EHome

2010-02-23 19:50 . 2010-02-18 21:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-22 20:53 . 2010-02-22 20:54 -------- d-----w- c:\windows\BDOSCAN8

2010-02-22 20:50 . 2010-02-22 20:50 -------- d-sh--w- c:\documents and settings\Marie-pierre\PrivacIE

2010-02-22 20:46 . 2010-02-22 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-02-22 20:42 . 2010-02-22 20:42 -------- d-sh--w- c:\documents and settings\Marie-pierre\IETldCache

2010-02-22 20:37 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-02-22 20:37 . 2010-02-22 20:37 -------- d-----w- c:\windows\ie8updates

2010-02-22 20:36 . 2009-12-21 19:06 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-02-22 20:36 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-02-22 20:36 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-02-22 20:36 . 2009-12-21 19:06 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-02-22 20:36 . 2009-12-21 19:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-02-22 20:36 . 2009-12-21 19:06 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-22 20:34 . 2010-02-22 20:34 -------- d--h--w- c:\windows\ie8

2010-02-22 20:34 . 2010-02-22 20:34 -------- d-----w- c:\windows\system32\fr-FR

2010-02-22 18:47 . 2010-02-22 18:47 -------- d-----w- C:\FOUND.002

2010-02-21 22:20 . 2010-02-22 19:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-21 14:58 . 2010-02-21 14:58 -------- d-----w- C:\FOUND.001

2010-02-21 02:03 . 2010-02-21 02:03 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-21 01:42 . 2010-02-21 01:42 -------- d-----w- c:\program files\CCleaner

2010-02-21 01:31 . 2010-02-21 01:31 -------- d-----w- C:\FOUND.000

2010-02-21 01:18 . 2010-02-21 01:18 -------- d-----w- c:\program files\ESET

2010-02-20 22:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-20 22:57 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-02-20 22:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\program files\Avira

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-02-20 09:49 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-18 21:54 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-18 21:49 . 2010-02-18 21:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\program files\Lavasoft

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-18 21:39 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-18 17:45 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-18 17:45 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-18 17:45 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-18 17:45 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-18 17:45 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-18 17:45 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-18 17:45 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-18 17:44 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-18 17:44 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-18 17:44 . 2010-02-18 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-02-15 19:03 . 2010-02-15 19:03 -------- d-----r- c:\documents and settings\NetworkService\Favoris

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-28 13:19 . 2010-02-28 13:19 55296 ----a-w- c:\documents and settings\Marie-pierre\skytel.exe

2010-02-28 13:19 . 2010-02-28 13:19 55296 ----a-w- c:\documents and settings\Marie-pierre\rthdcpl.exe

2010-02-28 04:34 . 2010-02-28 04:34 16 ----a-w- c:\documents and settings\LocalService\Application Data\pdytbs.dat

2010-02-27 13:02 . 2006-05-23 15:54 86612 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-27 13:02 . 2006-05-23 15:54 512410 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-27 12:59 . 2010-02-27 12:59 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\pdytbs.dat

2010-02-24 20:51 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a78.tmp

2010-02-24 20:50 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3ab7.tmp

2010-02-24 17:56 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a59.tmp

2010-02-22 20:45 . 2006-12-01 19:16 91952 ----a-w- c:\documents and settings\Marie-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-31 16:50 . 2004-08-05 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:07 . 2006-01-09 19:02 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2004-08-05 04:00 347648 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-05 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-05 04:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:08 . 2004-08-05 04:00 2025984 ------w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2004-08-05 04:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

<pre>
c:\program files\Avira\AntiVir Desktop\avgnt .exe
c:\program files\Realtek\InstallShield\azmixersel .exe
c:\program files\Acer\Acer Arcade\pcmservice .exe
c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui .exe
c:\program files\Launch Manager\lmanager .exe
c:\program files\HP\Digital Imaging\bin\hpqsrmon .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\Java\jre1.5.0_03\bin\jusched .exe
c:\program files\SuperCopier2\supercopier2 .exe
c:\program files\QuickTime\qttask								   .exe
c:\program files\QuickTime\qttask								.exe
c:\program files\QuickTime\qttask								 .exe
c:\program files\QuickTime\qttask								  .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Windows Live\Messenger\msnmsgr	   .exe
c:\windows\system32\IME\TINTLGNT\tintsetp .exe
c:\windows\ime\imjp8_1\imjpmig .exe
c:\windows\pchealth\helpctr\binaries\msconfig .exe
</pre>

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2010-02-28 55296]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2010-02-28 55296]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2010-02-28 55296]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2010-02-28 55296]

"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2010-02-28 55296]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2010-02-28 55296]

"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2010-02-28 55296]

"RTHDCPL"="RTHDCPL.EXE" [N/A]

"SkyTel"="SkyTel.EXE" [N/A]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2010-02-28 55296]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2010-02-28 55296]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-02-28 55296]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2010-02-28 55296]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-28 55296]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2010-02-28 55296]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-02-28 55296]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [x]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [x]

R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2010-02-20 705376]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288]

S1 aswSP;aswSP; [x]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-23 1229232]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - mchInjDrv

*Deregistered* - tpzdjyyq

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2010-02-28 c:\windows\Tasks\At1.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At2.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At3.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At4.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At5.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At6.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At7.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At8.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At9.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At10.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At11.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At12.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At13.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At14.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At15.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At16.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At17.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At18.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At19.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At20.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At21.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At22.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At23.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\At24.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 13:20]

 

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-18 19:50]

 

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-02-18 c:\windows\Tasks\WebReg HP Deskjet F4200 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 19:42]

.

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

TCP: {AC661682-0D11-4141-81A3-0BA777EB820F} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-28 14:20

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]

"ImagePath"="\??\c:\docume~1\MARIE-~1\LOCALS~1\Temp\mc24.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tpzdjyyq]

 

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(636)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3620)

c:\program files\SuperCopier2\SC2Hook.dll

c:\acer\empowering technology\epower\SysHook.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\acer\empowering technology\epower\epower_dmc .exe

c:\acer\empowering technology\erecovery\eragent .exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\program files\Windows Live\Toolbar\wltuser.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Internet Explorer\IEXPLORE.EXE

.

**************************************************************************

.

Heure de fin: 2010-02-28 14:45:45 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-02-28 13:44

ComboFix2.txt 2010-02-28 04:49

 

Avant-CF: 26 180 583 424 octets libres

Après-CF: 26 237 337 600 octets libres

 

- - End Of File - - DDF76FD2EC67CB0BA16C9AC972F5ED68

L'envoi a r‚ussi

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)
L'envoi a r‚ussi
Parfait ! :P

 

D'abord télécharge tftp.exe sur ce site :

http://senduit.com/2f2bf4

Et place-le ici en écrasant l'ancien fichier :

c:\windows\system32\tftp.exe

 

On va faire un autre script.

 

------

 

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/692287
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...